Privacy Policy

Streamly ("we", "us", "our") respects your privacy. This Privacy Policy explains what data the Streamly mobile, tablet, TV, and desktop applications ("the App") collect, how it is used, and the choices you have. By installing or using the App you agree to the practices described here.

If you have questions, contact us at streamlyiptvpro@gmail.com.

1. Who we are

The App is developed and operated by Yasser Farag (Apple Developer Team ID: M7GK7B47H6), an individual developer based in Egypt.

2. What Streamly does (and does not do)

Streamly is an IPTV player. You provide your own M3U playlists or Xtream Codes portal credentials, and the App fetches and plays whatever your source serves.

Streamly does not host, distribute, encode, or sell any video content. Every stream URL is supplied by you. The App is a client; the responsibility for the content you load into it sits with you and your IPTV provider.

3. Data we collect

3.1 Information you provide

• Account info (optional) — email address and display name from Sign in with Apple or Google Sign-In. Stored in Firebase Authentication (Google Cloud).
• Playlist sources — M3U file URLs, Xtream Codes server URL + username + password. Stored in the encrypted iOS / macOS / tvOS Keychain on-device, plus your Firestore backup if signed in.
• Favorites, recently watched, custom display preferences — channel / movie / series IDs you mark as favorites, resume positions. Stored in the local Realm DB on-device (and your Firestore document on the Pro tier).
• In-app purchases — subscription / lifetime purchase receipts and entitlement state. Processed by RevenueCat and Apple StoreKit.
• Premium playlist requests — when you tap "Request Access" on a curated paid playlist in the Playlists hub, your email address is sent to a fulfillment pipeline so we can email you the access details. To preserve aggregate analytics without retaining the raw email, the Streamly Analytics event records only a salted SHA-256 hash of your email plus the email domain (e.g. gmail.com) — never the address itself. The address is still used by the offline fulfillment pipeline.

3.2 Information collected automatically

• Diagnostic data — crash logs, stack traces, non-fatal errors, and a rolling history of recent in-app navigation events ("breadcrumbs") attached to each crash. Used to fix crashes and bugs. Crash reports are tied to your Firebase Authentication user ID — which starts as an anonymous device-scoped identifier and only becomes account-linked if you choose to sign in. Processor: Firebase Crashlytics. Disable any time via Menu → Privacy → Help improve Streamly.
• Performance metrics — app start time, screen render time, network request latency. Used to detect performance regressions. Processor: Firebase Performance Monitoring.
• Product analytics — anonymous event counts (screen opened, button tapped, paywall shown, video playback started / completed / failed, subscription purchased / restored, settings changed). Used to understand which features are used and to detect reliability regressions. Processor: Firebase Analytics. Events are aggregated and not joined to your name or email. Disable any time via Menu → Privacy → Help improve Streamly.
• Remote configuration — app config values delivered to your device. Used to roll out features without an App Store update. Processor: Firebase Remote Config.
• Subscription analytics — anonymous purchase + churn events. Used to measure conversion and retention. Processor: RevenueCat.
• Device identifiers — Firebase Installation ID, RevenueCat anonymous user ID, device model, OS version, app version, locale. Used to group events from the same install for debugging.

We do not collect:

• Your precise or coarse location;
• Your contacts, photos, calendar, or health data;
• Advertising identifiers (IDFA) — Streamly contains no advertising SDKs;
• Stream playback history with any third party — playback events stay local on your device unless you are on the Pro tier and signed in, in which case watch history is synced privately to your own Firestore document;
• Your voice recordings — voice search uses Apple's SFSpeechRecognizer, which processes audio on-device when available and otherwise sends it to Apple per Apple's privacy practices. Streamly does not record, store, or transmit voice audio to its own servers.

4. How we use your data

• Operate the App — fulfill features you request (load playlists, remember favorites, restore playback position).
• Sync across your devices — Pro users get cross-device sync of playlists, favorites, and history via their own private Firestore documents. Free users get a one-way playlist backup so a reinstall can restore playlists.
• Authenticate purchases — verify your subscription / lifetime entitlement.
• Fix bugs and improve quality — crash and performance reports are used to triage issues.
• Measure feature usage — anonymous, aggregated analytics help us decide which features to invest in.
• Comply with legal obligations — including subscription receipt verification with Apple.

We do not:

• Sell your data;
• Share your data with advertisers;
• Use your data to build profiles for marketing purposes.

5. Legal basis for processing (GDPR)

If you are in the EEA / UK, our legal bases are:

• Contract performance — for data needed to deliver the App's core functionality (account, playlists, purchases).
• Legitimate interest — for crash reporting, performance monitoring, and aggregated analytics, with safeguards to keep these privacy-preserving.
• Consent — for any data collection that is not strictly necessary. You can withdraw consent at any time in Settings.

6. Sharing with third parties

We share data only with the sub-processors listed below, each bound by their own privacy and security commitments:

• Google (Firebase) — Auth, Crashlytics, Performance, Analytics, Remote Config, Firestore. Multi-region (US / EU). Privacy policy: firebase.google.com/support/privacy
• RevenueCat — subscription state management. US. Privacy policy: revenuecat.com/privacy
• Apple — Sign in with Apple, StoreKit purchase processing, Speech recognition. Privacy policy: apple.com/legal/privacy
• Google Sign-In — optional sign-in flow. US. Privacy policy: policies.google.com/privacy

We do not share data with anyone else. We will only disclose data to law enforcement or third parties if compelled by valid legal process in the jurisdiction where we operate.

7. International data transfers

Some of our sub-processors (Firebase, RevenueCat) may process data in the United States. Where required, we rely on Standard Contractual Clauses or the equivalent regulator-approved transfer mechanism for transfers out of the EEA / UK.

8. Data retention

• Local on-device data (playlists, favorites, history) — until you delete the playlist, clear history, or uninstall the App.
• Firestore-synced data (Pro) — until you delete your account or sign out and request deletion.
• Crashlytics crash reports — 90 days (Firebase default).
• Firebase Analytics events — 14 months (Firebase default).
• RevenueCat purchase records — as required for subscription management and refund / dispute handling.

9. Your rights

Subject to applicable law (GDPR, UK GDPR, CCPA, and others), you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate data;
• Delete your data — including a complete account deletion in-app via Settings → Account → Delete Account;
• Export your data in a machine-readable format;
• Object to or restrict processing;
• Withdraw consent at any time.

To exercise any of these rights, email streamlyiptvpro@gmail.com with the subject line "Privacy Request — {your Apple ID email}". We respond within 30 days.

California residents (CCPA): we do not sell personal information. You have the right to know, delete, and not be discriminated against for exercising your rights.

10. Children's privacy

Streamly is not directed at children under 13 (under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact streamlyiptvpro@gmail.com and we will delete it.

11. Security

• Xtream Codes credentials are stored in the iOS / macOS / tvOS Keychain, encrypted by the operating system.
• The local Realm database is encrypted at rest.
• All network traffic to our sub-processors uses HTTPS.
• We do not store your IPTV provider credentials on our servers — only on your device's Keychain (and in your private Firestore document if you enable Pro sync).

No system is perfectly secure. If you believe your data may have been compromised, contact us immediately.

12. App Transport Security exemption

Streamly disables App Transport Security restrictions (NSAllowsArbitraryLoads) so it can play streams from IPTV providers who still serve over plain HTTP. This exemption applies only to the stream URLs you choose to load. All Streamly-controlled traffic (authentication, sync, analytics, purchase validation) uses HTTPS.

13. Changes to this policy

We may update this policy. Material changes will be highlighted in the App and on this page; the "Last updated" date will change. Continued use of the App after a change constitutes acceptance.

14. Contact

Email: streamlyiptvpro@gmail.com
Developer: Yasser Farag
Apple Developer Team ID: M7GK7B47H6