Issue 01
Status
Legal

Privacy policy

Effective from January 1, 2026

1. The short version

We collect the minimum data needed to operate the service: your email address, payment reference, and authentication events. We do not log what you watch. We do not sell or share your data with third parties. You can request deletion at any time.

2. What we collect

  • Email address — required to create an account, send payment receipts, and recover access.
  • Payment reference — the ID returned by Pay4Work or NOWPayments or NOWPayments, or the bank transfer reference for manual payments. We do not see or store card numbers.
  • Authentication events — when you sign in, from which IP, and to which endpoint. Kept for 30 days for abuse investigation.
  • Aggregated counters — total streams served, uptime, region. No per-user detail.

3. What we do not collect

  • Channel selections, viewing history, or EPG queries.
  • Search history or program-level interactions.
  • Device identifiers beyond what is required for authentication.
  • Location data, beyond coarse IP-derived country for fraud prevention.

4. How we use what we collect

Authentication events are used to detect abuse: credential sharing, scraping, and unauthorized reselling. Aggregated counters are used to monitor the service and plan capacity. The email address is used for service communications only — we do not send marketing email unless you opt in.

5. Sub-processors

We use the following sub-processors to operate the service:

  • Supabase — authentication and database.
  • Pay4Work — card payments, crypto, UPI, Net Banking.
  • NOWPayments — cryptocurrency payments.
  • Pay4Work — hosted checkout for cards, crypto, UPI, and net banking.
  • Vercel — hosting and edge network.

Each sub-processor has been vetted for data-protection practices and processes data under a data-processing agreement.

6. Cookies

We use first-party cookies for authentication. We do not use third-party tracking, analytics, or advertising cookies.

7. Your rights

You can request a copy of all data we hold about you. You can request deletion of your account and all associated data. We will action any request within 30 days, usually within seven.

Email legal@nano-iptv.example to exercise these rights.

8. Data retention

  • Account record: until you delete your account.
  • Authentication events: 30 days.
  • Payment records: 7 years (required for tax and accounting purposes).

9. Security

Data is encrypted in transit (TLS 1.3) and at rest. The M3U and Xtream endpoints are rate-limited and authenticated. Access to the production database is restricted to a single on-call engineer via short-lived credentials.

10. International transfers

We are based in the European Union. Data may be processed in other jurisdictions by our sub-processors. Where required, we rely on Standard Contractual Clauses or equivalent mechanisms to ensure an adequate level of protection.

11. Changes to this policy

We may update this policy. We will notify active subscribers by email at least 30 days before a material change takes effect.

12. Contact

Privacy questions: legal@nano-iptv.example.

© 2026 NANO IPTV. All rights reserved.