Get Tickets to the Screaming Room - Midsummer Scream 2026 - August 7th - 9th
The Screaming Room Film Festival logo
Sign In

Privacy

Privacy policy

The short version: we collect the minimum personal data needed to run the platform and the festival, we don’t sell it, we don’t share it with advertisers, we don’t use third-party tracking, and you can ask us to delete it at any time.

The longer version is below. If you’d rather just talk to a person, email staff@horrorbuzz.com.

Who we are

“The Screaming Room” refers to the curated horror short-film program of MidSummer Scream, currently produced and operated by Mut Strategic Consulting LLC on behalf of MidSummer Scream. When this policy says “we,” “us,” or “our,” that’s who we mean. The Screaming Room website lives at horrorbuzz.com/screamingroom (eventually midsummerscream.com/screamingroom).

You can reach our privacy contact at staff@horrorbuzz.com. The organization’s mailing address is shown in the footer of every email we send.

What we collect

We collect different data depending on what you do on the site:

Newsletter subscribers

  • Your email address.
  • The page or surface you signed up from (e.g., “homepage footer”), so we can understand where signups come from.
  • Your IP address and browser user-agent at the moment of signup. This is an audit trail for CAN-SPAM compliance — proof you actually clicked “subscribe” and a way to investigate fraudulent signups. Not used for anything else.
  • Timestamps for signup, confirmation, and unsubscribe.

Account holders (filmmakers, studios, staff)

  • Email address (required for sign-in).
  • Optional display name and pronouns.
  • Any profile content you choose to add: biography, social links, headshots, studio descriptions, film credits.
  • Sign-in audit (last-login timestamp, IP at password reset). Sessions are JWT-based; we don’t store session contents server-side.

Profile and studio claims

  • The email, optional name, and justification text you submit on the claim form. We use these to verify your identity before granting access to the requested profile.
  • Outcome of staff review (approved, rejected, with optional internal notes).

Archive access requests

  • For breaking-news posts that are gated to verified audiences, your name + email + organization at request time. Staff reviews and replies manually.

Visitors who just browse

  • We do not collect any personally identifiable data from visitors who don’t sign up, sign in, or submit a form. We don’t use third-party analytics or advertising trackers.
  • Our hosting platform (Vercel) keeps standard server access logs — IP, user-agent, requested URL, response code — for operational and security purposes. We don’t access these for marketing.

How we use it

  • Email you about The Screaming Room and the MidSummer Scream festival — only if you signed up and confirmed your subscription (double opt-in). We send occasional programming announcements, archive releases, and festival updates. Nothing else.
  • Sign you in and let you manage your profile — if you’re a filmmaker, studio, or staff member with an account.
  • Operate the festival — staff use submitted claim information to verify identity and schedule communications.

We do not use your data for advertising targeting, profiling, automated decision-making with legal effect, or any third-party data sale.

Who we share it with

Operating partners only — the third-party providers we use to run the platform. Each of them processes data only for us, never for their own purposes.

  • Neon(database hosting, US) — stores account, subscriber, and claim records. We’re the controller; Neon is a processor.
  • Resend (transactional + newsletter email) — sends sign-in links, claim notifications, and confirmed newsletter messages to addresses we provide. Resend retains delivery metadata (bounces, complaints) on our behalf.
  • Vercel (hosting + edge network) — serves the website and runs application code. Standard server logs only; no analytics integration.
  • Cloudflare R2 (object storage) — holds uploaded images (posters, stills, headshots, studio logos). No personal data beyond the alt text and filename an admin entered.

We don’t share your email or any personal data with sponsors, partners, advertisers, or other festival attendees. Public-facing content on the site (your name on a film credit, your studio profile, your director bio) is visible to anyone — that’s the point of a public archive — but that’s content you publish, not data we share.

Email

  • Newsletter is double opt-in.We send a confirmation link the moment you sign up; you’re not on the list until you click it. If you don’t confirm within 7 days, the link expires and we don’t keep your email.
  • Every newsletter email has a one-click unsubscribe link in the footer. The link works without signing in.
  • Transactional emails(sign-in magic links, profile-claim notifications, password reset) are sent only when you trigger them. They are not marketing and are not subject to unsubscribe — if you don’t want to receive them, delete your account.
  • Bounce and complaint handling. If your email service reports your address as bounced or complains that our email is unwanted, we automatically suppress future sends to that address. No manual step required.

Cookies and tracking

We use exactly one first-party cookie: a session cookie set when you sign in. It expires when you sign out (or after 30 days of inactivity) and is sent only to horrorbuzz.com. It contains a signed session token; no personal data.

We do not use Google Analytics, Facebook Pixel, advertising networks, fingerprinting libraries, or any third-party tracking. We do not display ads, and we do not allow our email or web traffic to be used for ad targeting.

Your rights

Wherever you live, you can:

  • Ask what we hold about you. Email staff@horrorbuzz.com with the email address you signed up with, and we’ll send you everything we have on file within 30 days.
  • Correct anything that’s wrong. Filmmakers and studios with accounts can edit their profiles directly via the portal. Anyone else can email the address above.
  • Delete your data.Same address. Once we confirm your identity we’ll delete account records, newsletter subscriptions, and claim history within 30 days. Public-facing content (a film credit on a published film, a public-archive director bio) is treated as editorial and may remain in the historical archive after account deletion, but we’ll remove any personally identifying information from credits on request.
  • Opt out of marketing emails at any time by clicking the unsubscribe link in any newsletter, or by emailing us.

California residents (CCPA): we are not a “sale” or “share” covered business under the CCPA — we don’t sell or share personal data with third parties for cross-context behavioral advertising. EU/UK visitors (GDPR): we process your data on the legal bases of consent (newsletter) and legitimate interest (running the festival and the platform you signed up to use). You have the right to lodge a complaint with your local supervisory authority.

How long we keep it

  • Newsletter subscribers:until you unsubscribe or ask us to delete you. Unsubscribed records are retained as “suppressed” (so we don’t accidentally re-send to you) but contain only the email and the unsubscribe timestamp.
  • Accounts: until you delete the account or ask us to. Inactive accounts (no sign-in for 3 years) may be soft-deleted; you can re-claim via the public claim flow.
  • Claim and access-request records:three years after the last status change, for our audit trail. We’ll delete sooner if you ask.
  • Server access logs (Vercel):30 days, controlled by Vercel’s standard policy.
  • Email delivery logs (Resend):30 days, controlled by Resend’s standard policy.

International transfers

Our infrastructure providers (Neon, Resend, Vercel, Cloudflare) operate primarily from the United States. Personal data submitted from outside the US is transferred to and stored on US-based infrastructure. Each provider maintains its own GDPR-compliant data processing arrangements; we rely on those.

Children

The Screaming Room is intended for an adult audience. We do not knowingly collect data from anyone under 16. If we learn that we have done so, we’ll delete it. Parents or guardians who believe their child has provided personal data can email us at the address above.

Changes

If we materially change how we handle personal data, we will update the date below, announce the change in the newsletter, and (for account holders) email everyone affected. Minor wording revisions go in without a separate notification.

Contact us

For any privacy question, request, or complaint, email staff@horrorbuzz.com. A real person reads every message and aims to reply within a few business days.

Last updated: May 11, 2026

Back to The Screaming Room·Contact staff