Privacy Policy

Controller responsible for data processing:

Pascal Bossert | BOSSERT.IO

c/o MDC Management#6445

Welserstraße 3

87463 Dietmannsried, Deutschland

Email: privacy@iptvbuddy.app

Android/iOS App (stored locally on your device): We store app settings, profiles, favorites, and session/account information. If you add your IPTV provider credentials in the app, they are also stored locally on your device.

Camera permission (Android/iOS App): Permission to use the camera is required so you can scan QR codes. This is necessary for access to the web editor and for pairing a TV device with your phone.

Mobile ↔ Android TV pairing (local home network only): When you pair the Android/iOS App with the Android TV App, the required data is transmitted exclusively within your local home network between your devices (for example favorites, profiles, and, if used by you, credentials). This pairing data is not transmitted to our servers.

Android TV App (stored locally on your TV device): We store profiles, favorites, history, watchlist, and recording-related information (for example planned or managed recordings) locally on the TV device. Your IPTV provider credentials are also stored locally there only.

Content retrieval: For playback, the app connects to services of your IPTV provider. This involves technically necessary connection data (in particular your IP address and request information).

Program information (EPG): We obtain program data exclusively via epgshare01.online. When retrieving program data, technically necessary connection data is transmitted to this source (in particular IP address and request information).

Public IP address lookup: The app can determine your public IP address via the ipify service (ipify.org). Your IP address is processed to the extent required for this function.

Editor (web): For use of the editor, we process the lists you edit and import/export files. In addition, a session identifier is stored in your browser to technically enable editor functions (for example session mapping/assignment).

IPTV Buddy API: When accessing our API, we process technical connection data (in particular IP address) to operate the service securely and to limit requests (for example protection against misuse). Technical session data is retained only briefly and is not permanently stored as pairing data.

Authentication with Google or Apple: If you authenticate in the app via “Sign in with Google” or “Sign in with Apple”, we process the account information provided by the respective provider to the extent required for authentication and profile association. This includes in particular a unique provider identifier and your email address. On this basis, we create a user profile in our API or associate an existing profile in order to permanently assign your subscription and purchases to your account and restore them across multiple devices. The legal basis is Art. 6(1)(b) GDPR. We store this data only as long as the profile is required for account management, subscription assignment, abuse prevention, or to comply with legal obligations.

Subscription checks, activation, and device binding: To verify and activate a valid subscription, we process purchase-related references (in particular purchase token), status and validation information, and a unique user ID generated by us. This serves to activate authorized devices, prevent fraud, and enforce usage limits. No accounts with login/password are maintained.

Error and crash diagnostics with Sentry (Mobile App and Android TV App): To detect, analyze, and resolve technical errors and crashes, we use Sentry (sentry.io) in a European data region. This may involve processing technical device data, operating system and version, app version, the time of the error, crash reports, stack traces, technical breadcrumbs, and information about the affected screen or function. Depending on the type of error, additional technical context data may also be involved to the extent it forms part of the event for troubleshooting purposes.

We use this error and diagnostic data exclusively for technical error analysis, stability monitoring, and troubleshooting. We do not use it to analyze your usage behavior, create usage profiles, perform tracking, derive advertising measures, or draw conclusions about your private information or content.

If, in an individual case, technical files, diagnostic attachments, or other information related to a specific error are transmitted or become available, we use those exclusively to investigate and resolve that specific technical problem and not for any other purpose.

We process personal data to provide app and editor functions (for example playback, favorites/history/watchlist, recordings, import/export), display program information, verify subscriptions and activate features, and ensure secure operation of our systems.

Legal bases are in particular Art. 6(1)(b) GDPR (performance of the usage contract / provision of functions), Art. 6(1)(f) GDPR (legitimate interests, in particular operational security, protection against misuse, enforcement of usage limits, and service stability), and where applicable Art. 6(1)(c) GDPR (legal obligations).

The processing of error and crash data via Sentry is carried out for stability monitoring, technical error analysis, and the rapid resolution of disruptions in the Mobile App and Android TV App. The legal basis is generally Art. 6(1)(f) GDPR. Where, in an individual case, such processing is directly required to securely provide or restore contractually owed app functions, we also rely on Art. 6(1)(b) GDPR.

This data is not used for analytics, tracking, profiling, marketing, or advertising purposes. Processing is limited to the expressly stated purpose of troubleshooting and operational security.

By installing and using the apps, you acknowledge this form of technical error diagnostics as part of secure app operation. No separate consent request is made for this technically required processing.

Store and platform providers: For purchases and subscription management, we use Google Play and the Apple App Store. For verification/activation, we process in particular purchase-related references (for example purchase token) and validation information. Payment data is generally processed by the respective store.

IPTV providers and program data: For playback and program information, requests are sent to your IPTV provider services and to EPG sources (epgshare01.online). These recipients receive technically necessary connection data (in particular IP address and request information).

Public IP lookup service: If you use the corresponding function, your public IP address is queried via ipify (ipify.org). This involves processing technically necessary connection data (in particular your IP address).

Sentry: For error and crash diagnostics in the Mobile App and Android TV App, we use Sentry (sentry.io) as a technical service provider. Processing takes place in the European data region selected by us on servers in Europe.

Infrastructure/hosting: We may use infrastructure and hosting providers for backend components (for example operation of the IPTV Buddy API).

Local app data (for example profiles, favorites, history, watchlist, credentials, session data) generally remains stored on your device or TV device until you delete it in the app or uninstall the app.

Editor data: Lists edited by you and import/export files are processed as part of usage. Session identifiers are stored as technically required and are deleted or lose validity after session end or expiry.

Subscription and validation data: We store purchase-related references (for example purchase token), status/validation information, and user ID only as long as required for activation, contract performance, fraud prevention, and enforcement of usage limits, and where applicable to fulfill legal obligations.

IPTV Buddy API: Technical session data is retained only briefly and is not permanently stored as pairing data.

Sentry data: We store error and crash reports only for as long as necessary for analysis, troubleshooting, quality assurance, and traceability of technical issues. The deletion and retention periods configured in our Sentry project are decisive in this respect; after that, the data is deleted or is no longer available to us for evaluation.

We apply technical and organizational measures to protect data (for example access restrictions and protection of sensitive information).

We do not maintain user-specific usage logs for analytics or marketing purposes. Where technical data is required for abuse prevention (for example request limiting), processing is limited to what is necessary and only for a short period.

We also do not use information processed as part of error and crash diagnostics to observe your usage behavior, create profiles, or perform tracking. Our sole aim is to identify, understand, and resolve technical problems.

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection.

Where we process error and crash data on the basis of Art. 6(1)(f) GDPR, you may object to this processing on grounds relating to your particular situation.

You also have the right to lodge a complaint with a supervisory authority.

If you use the contact form, we process the required fields you enter (name, email address, subject, message) and any additional information you provide voluntarily.

We also process technical connection and metadata (in particular IP address, timestamp, and request information) to the extent required for secure operation, abuse detection, and request limiting.

Processing is carried out to handle and respond to your inquiry and to ensure the security and stability of the contact form operation. The legal bases are Art. 6(1)(b) GDPR (where your inquiry relates to entering into or performing a contract) and otherwise Art. 6(1)(f) GDPR (legitimate interests in efficient communication, abuse prevention, and operational security).

Recipients of contact form data are exclusively us as controller. Processing takes place via our API in a database on our hosting provider server; the hosting provider acts as a processor.

Data is stored only as long as necessary to process your inquiry and any follow-up questions; statutory retention obligations remain unaffected. Without the fields marked as required, we cannot process your inquiry.