1. Scope and current operator
This Privacy Policy applies to Pulp Time, Video Archives, and each related website, video player, account, membership, communication, and service that links to it (collectively, the “Services”). It does not apply to a third party’s own service or website, even when the Services link to or embed it.
Who is responsible for your information
Boundless Friends, Inc., doing business as Boundless Films (“Boundless,” “we,” “us,” or “our”) is currently the operator and business or data controller responsible for the Services. General Cinema Dynamics LLC (“GCD”) collaborates on technology, content, production, and operations and may process information to support the Services. If control of the Services transfers to GCD or another successor, we will update this Policy and provide notice as required by law.
2. Notice at collection
The table below describes the categories of personal information we collect, representative examples, the main purposes for collection and use, and the categories of recipients to which we disclose the information for operational or other business purposes. We retain each category as described in the Retention section.
| Category | Examples | Primary purposes | Recipient categories |
|---|---|---|---|
| Identifiers and account information | Email address, internal user ID, display name or avatar if provided, account creation dates, authentication and session identifiers. | Create and secure accounts; send sign-in links; provide support and account features; communicate about the Services. | GCD; authentication, database, hosting, security, support, and email-delivery providers. |
| Commercial and billing information | Plan and subscription status, Stripe customer and transaction IDs, checkout status, billing period, payment status, promotions, refunds, and billing contact or address submitted to Stripe. Stripe receives full card details directly; we do not store the full card number. | Process and reconcile subscriptions, unlock viewing benefits, prevent duplicate charges, manage cancellations and refunds, maintain financial records. | GCD; Stripe; database, accounting, fraud-prevention, and professional advisers as needed. |
| Internet, app, and viewing activity | Page path, referring page, campaign parameters, random visitor and session IDs, titles viewed, player events, playback position and duration, completion, watch history, free-movie unlocks, and interactions with features or messages. | Deliver playback; remember progress; enforce previews and entitlements; measure engagement; improve catalog, product, and communications. | GCD; Mux; database, analytics, hosting, and communications providers. |
| Device, network, and diagnostics | IP address, browser and device information, user agent, request headers, approximate location inferred from IP, timestamps, error and security logs, video-delivery and playback-performance data. | Operate and secure the Services; troubleshoot; prevent fraud and abuse; optimize delivery and playback quality. | GCD; Mux; authentication, hosting, database, security, and infrastructure providers. |
| Preferences, communications, and submissions | Theme preference, feedback, bug reports, movie and feature requests, legal and privacy requests, copyright notices, names, contact details, mailing address, electronic signature, attestations, message content, relevant URLs, announcements received, and delivery status. | Remember preferences; verify, review, respond to, and document requests and notices; provide support; plan and improve features and catalog; deliver service and permitted marketing communications. | GCD; database, support, hosting, legal, and communications providers and professional advisers. |
| Security and administrative records | Archive-access status, account role, administrative actions, audit records, abuse indicators, and records needed to enforce terms or respond to legal requests. | Protect accounts and content; control administrative access; investigate incidents; enforce agreements; comply with law. | GCD; authentication, database, hosting, security, legal, and professional advisers; authorities when legally required. |
We may also create aggregated or deidentified information that cannot reasonably be linked to you. We use and disclose that information for analytics, research, planning, and other lawful purposes and do not attempt to reidentify it except to test whether deidentification measures work.
3. Sources of personal information
We collect personal information from:
- You, when you enter an email address, subscribe, manage billing, change a preference, submit feedback, or send a legal, privacy, or copyright request.
- Your browser and device, when you visit pages, use the player, or interact with the Services.
- Service providers, such as Stripe for subscription and payment status, Supabase for account and authentication events, and Mux for video-delivery and playback information.
- GCD and our personnel, when they operate, secure, curate, support, and administer the Services.
- Public or lawful sources, when needed for rights clearance, security, fraud prevention, or legal compliance.
4. How we use personal information
We use personal information to:
- provide pages, search, previews, full-length playback, editorial material, preferences, watch history, and account features;
- authenticate users, issue secure playback access, protect content, and prevent unauthorized account or administrative access;
- administer free viewing limits, paid memberships, recurring billing, promotions, cancellations, refunds, and payment reconciliation;
- remember playback progress and settings across sessions and devices;
- measure page, catalog, preview, playback, subscription, and communication performance;
- understand audience interests and improve curation, product design, reliability, delivery quality, and business operations;
- send sign-in links, transaction and account messages, service announcements, support responses, and other communications permitted by law;
- investigate abuse, security incidents, billing disputes, rights claims, and violations of our Terms;
- comply with law, preserve records, establish or defend legal claims, and protect users, the Services, Boundless, GCD, and others; and
- carry out a corporate transaction or operational transition as described below.
Where a law requires a legal basis for processing, our bases may include performing our contract with you, our legitimate interests in operating and improving a secure streaming service, your consent, and compliance with legal obligations. You may withdraw consent where consent is the basis, but withdrawal does not affect prior lawful processing.
We do not use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects about you.
5. How we disclose personal information
Boundless and GCD
Authorized personnel of Boundless and GCD may access personal information as needed to operate, secure, support, curate, analyze, and improve the Services. Access is limited by role and operational need.
Vendors and service providers
We disclose information to companies that provide authentication, database, cloud hosting, security, email delivery, customer support, analytics, video hosting and delivery, payment processing, billing, and professional services. They may use information to provide contracted services to us and as otherwise permitted by their contracts and applicable law.
Legal, safety, and rights protection
We may disclose information when we reasonably believe it is necessary to comply with law or valid legal process; protect safety, security, rights, and property; investigate fraud or abuse; enforce agreements; or establish, exercise, or defend legal claims.
Business and operational transfers
We may disclose or transfer information in connection with due diligence, financing, insurance, a merger, reorganization, sale of assets, insolvency, or a transfer of all or part of the Services, including a planned or completed transition from Boundless to GCD. The recipient may use the information subject to this Policy until it provides notice of a replacement policy, unless law requires otherwise.
At your direction
We may disclose information when you request or consent to the disclosure.
6. Sale, sharing, targeted advertising, and sensitive information
We do not sell personal information for money. We also do not share personal information for cross-context behavioral advertising or process it for targeted advertising as those terms are defined by applicable U.S. state privacy laws. We do not use or disclose sensitive personal information to infer characteristics about you.
Because we do not currently sell or share personal information for targeted advertising, there is no sale, sharing, or targeted-advertising opt-out to apply. If these practices change, we will update this Policy, provide any required opt-out control, and honor legally recognized browser signals such as Global Privacy Control where required.
7. Cookies, local storage, and similar technologies
The Services use browser storage and similar technologies for the following purposes:
- Authentication and security: Supabase session cookies keep signed-in users authenticated, and a short-lived archive-access cookie may remember access to a private preview.
- Preferences: a cookie may remember your light, dark, or system theme choice.
- First-party analytics: local storage holds a random visitor ID and session storage holds a random session ID so we can understand page and feature use without requiring an account. These IDs are brand-specific.
- Media delivery: Mux Player and embedded YouTube content may use network identifiers, cookies, local storage, or similar technologies to deliver media, secure playback, remember settings, and measure performance.
You can clear or block cookies and site storage through browser settings. Blocking necessary storage may sign you out, reset preferences, prevent private-preview access, or impair playback and other features. The Services currently do not respond to legacy “Do Not Track” signals, which do not have a consistent legal definition; Global Privacy Control is addressed above.
8. Data retention
We keep personal information only as long as reasonably necessary for the purposes described in this Policy, including to provide an account or membership, preserve watch progress, maintain security and audit records, meet accounting and tax obligations, resolve disputes, enforce agreements, and comply with law. Retention periods vary by the type of information and context.
- Account, preference, and watch-history information is generally retained while the account remains active and for a limited period afterward as needed for recovery, security, disputes, or legal compliance.
- Subscription, transaction, refund, tax, and fraud-prevention records may be retained longer where financial or legal recordkeeping rules require it.
- Feedback and support records are retained as needed to respond, document a resolution, and improve the Services.
- Legal, privacy, and copyright request records may be retained as needed to verify authority, respond, document our review and actions, resolve disputes, and establish or defend legal claims.
- Analytics, security, and diagnostic records are retained according to operational need and may be aggregated or deidentified.
- Backups may retain information for a limited period after deletion until they are overwritten through ordinary recovery cycles.
When information is no longer needed, we delete, deidentify, or securely isolate it, subject to technical and legal limits.
9. Security
We use administrative, technical, and organizational measures designed to protect personal information, including passwordless authentication, restricted administrative access, database access controls, encrypted network transport, signed playback access where configured, audit records, and service-provider controls. However, no system or transmission is completely secure, and we cannot guarantee absolute security.
Protect your email account and sign-in links, sign out on shared devices, and use the promptly if you suspect unauthorized access.
10. Your privacy rights and choices
Depending on where you live and subject to legal exceptions, you may have the right to request that we:
- confirm whether we process your personal information and provide access to or a portable copy of it;
- correct inaccurate personal information;
- delete personal information;
- restrict or object to certain processing;
- provide information about the categories, sources, purposes, and recipients of personal information;
- honor or explain an applicable opt-out right; and
- appeal a decision on a privacy request.
To make a request or appeal, use the and describe the privacy right or appeal and the account email involved. We may ask you to verify account control or provide information reasonably necessary to verify identity. We will use verification information only for that purpose.
An authorized agent may submit a request where law permits, but we may require proof of authority and direct identity verification. We will not discriminate against you for exercising a privacy right. We may deny or limit a request where an exception applies, such as when information is needed for security, billing records, legal compliance, or another person’s rights, and we will explain our decision where required.
You may unsubscribe from optional marketing emails through the link in the message. We may still send transactional, security, billing, or other non-promotional service communications.
11. Children’s privacy
The Services are intended for a general audience and are not directed to children under 13. We do not knowingly collect personal information from a child under 13. If you believe a child under 13 has provided personal information, use the so we can investigate and delete it as appropriate. Users who are under the age of legal majority must have a parent or legal guardian’s permission to use the Services, and only an adult may purchase a membership.
12. International processing
The Services are operated from the United States. We and our providers may process personal information in the United States and other countries whose privacy laws may differ from those where you live. Where required, we use contractual or other safeguards intended to protect information transferred across borders. Contact us if you would like more information about an applicable transfer safeguard.
13. Third-party services
The Services use third parties that may process information for us or receive information when you interact with their features. Current categories include:
- Supabase for authentication and database infrastructure;
- Mux for media hosting, delivery, player functionality, and playback performance;
- Stripe for checkout, payment processing, subscription management, and fraud prevention;
- cloud hosting, security, monitoring, email-delivery, and professional-service providers; and
- Google and YouTube when an embedded YouTube video loads or you follow a YouTube link.
A third party may separately control information it collects directly from you, such as payment details entered on Stripe Checkout or activity on YouTube. Review that party’s privacy policy for its own practices. Providers may change as the Services evolve.
14. Changes to this Policy
We may update this Policy to reflect changes in the Services, operator, providers, law, or practices. The “Last updated” date identifies the current version. If a change is material, we will provide reasonable notice through the Services, by email, or another appropriate channel before the change takes effect when required by law.
15. Contact us
For privacy questions, requests, or appeals, use the . For other legal matters, use the .
Current operator and data controller: Boundless Friends, Inc., doing business as Boundless Films. Operational collaborator: General Cinema Dynamics LLC.
