Privacy Policy

MAX IPTV ("we", "our", or "us") operates the MAX IPTV application and the website at maxiptv.app. This Privacy Policy explains how we collect, use, and protect your information when you use our services, in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

Data Controller: Naser Chorake Yekshahve (sole proprietor), Forvägen 35, 145 51 Norsborg, Sweden. Contact: info@maxiptv.app.

Account Information

When you create an account, we collect your email address and a password (stored securely using industry-standard hashing). We do not collect your real name, phone number, or physical address unless you voluntarily provide them through support channels.

Device Information

When you activate a device, we collect a device identifier, device type (e.g. Android TV, Roku, Samsung TV), and device name to manage your registered devices and enforce plan limits.

Playlist Data

Playlist credentials (server URLs, usernames, and passwords) you add are stored encrypted on our servers to enable cross-device synchronization and cloud backup. We do not access, monitor, or log the content you stream.

Usage Data

We collect basic usage data such as last active timestamps and app version to maintain service quality. We do not track your viewing history, channel preferences, or streaming activity on our servers.

We process your personal data on the following legal bases under GDPR Article 6:

• Contractual necessity (Art. 6(1)(b)) — to provide the service, authenticate accounts, manage devices, synchronize playlists, process payments, and send service-related notifications
• Legitimate interest (Art. 6(1)(f)) — to maintain service quality, prevent fraud and abuse, and improve the application
• Legal obligation (Art. 6(1)(c)) — to retain financial records as required by Swedish bookkeeping law
• Consent (Art. 6(1)(a)) — for any optional features that require it (you may withdraw consent at any time)

Storage location: Your data is stored on Amazon Web Services (AWS) servers located in Frankfurt, Germany (eu-central-1 region) — within the European Union. No personal data is transferred outside the EU/EEA.

Security: Playlist credentials are encrypted at rest using AES-256 encryption. Passwords are hashed using bcrypt. All data transmission uses HTTPS/TLS. Database access is restricted and audited.

Retention periods:

• Account data (email, hashed password): until you delete your account
• Playlist credentials: until you remove the playlist or delete your account
• Device records: until the device is unregistered or your account is deleted
• Payment and invoice records: 7 years after the transaction (required by Swedish bookkeeping law — Bokföringslagen 1999:1078)
• Server logs (IP, request timestamps): 90 days, then automatically deleted
• Support tickets: 2 years after the last interaction

MAX IPTV is a media player application that allows you to access content from your own IPTV playlists and providers. We do not host, provide, or control any streaming content. The quality, availability, and reliability of streams are entirely determined by your IPTV provider.

Additionally, the security of the connection between the app and your streaming provider depends on whether your provider supports HTTPS (encrypted) connections. MAX IPTV will use HTTPS when available, but we cannot guarantee a secure connection if your provider only offers HTTP (unencrypted) URLs. We strongly recommend choosing providers that support HTTPS to protect your data in transit.

We are not responsible for the content, quality, legality, or security of any third-party streams accessed through the application.

We offer a 7-day free trial so you can fully evaluate our application and all its features before making a purchase. See our Refund Policy for full details on payment terms and EU consumer rights.

We use the following third-party services that may process limited personal data on our behalf:

• Amazon Web Services (AWS), EU (Frankfurt) — hosting and database storage. AWS is GDPR-compliant.
• Payment processor — for processing card payments and managing subscriptions. The processor handles all card data directly under PCI-DSS Level 1 compliance; we never see or store your card details. The specific processor is disclosed at checkout.
• Email delivery service — for transactional emails such as account verification, password resets, and subscription notifications.

We do not sell, trade, rent, or share your personal information with third parties for marketing or advertising purposes.

Our web application uses cookies and local storage to maintain your authentication session and remember your preferences (such as language settings). These are essential for the service to function and are not used for tracking or advertising.

As an EU/EEA data subject, you have the following rights:

• Right of access (Art. 15) — request a copy of the personal data we hold about you
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data
• Right to erasure (Art. 17) — request deletion of your account and personal data
• Right to restriction (Art. 18) — request that we limit how we process your data
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to object (Art. 21) — object to processing based on legitimate interests
• Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time
• Right not to be subject to automated decision-making (Art. 22) — we do not perform automated decision-making with legal effects

To exercise any of these rights, contact us at info@maxiptv.app. We will respond within 30 days as required by GDPR.

Right to lodge a complaint: If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Swedish supervisory authority — the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten / IMY), www.imy.se — or with the supervisory authority in your EU country of residence.

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, please contact us at:

support@maxiptv.app