Privacy Policy

Last updated: March 2, 2026 — Effective immediately

At MEGAFR ("we," "our," "us"), your privacy is a fundamental priority. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you access our website, use the MEGAFR IPTV player application, or interact with any of our services. By using our services, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

• Account Registration Data: When you create an account, we collect your chosen username, email address, and a securely hashed version of your password. We never store your password in plain text.
• Profile Information: Profile names, avatars, and optional 6-digit PINs you create for sub-profiles within your account.
• Playlist URLs: The M3U playlist URLs and EPG URLs you provide to access your own IPTV content. These are stored securely in your account settings and are not shared with any third party.
• Contact Messages: If you contact us through the Contact page, we collect your name, email address, subject, and message content.
• Payment Information: If you subscribe to our premium plan, payment processing is handled entirely by third-party providers (PayPal and/or Stripe). We do not store credit card numbers, bank account details, or other financial data on our servers.

1.2 Information Collected Automatically

• Device and Browser Data: We collect your browser type, operating system, screen resolution, and language preferences to optimize the player experience.
• IP Address: Your IP address is logged for security purposes, including fraud detection, abuse prevention, and enforcing our single-device session policy.
• Session Identifiers: We generate secure device fingerprints and session tokens to maintain your login state and prevent unauthorized access.
• Usage Data: We may collect anonymized usage statistics such as page views, feature usage patterns, and error reports to improve our service.

1.3 Information From Third Parties

• TMDB (The Movie Database): We fetch publicly available movie and TV show metadata (posters, ratings, descriptions) from TMDB to enrich the player interface. This data is about media content, not about you.
• Payment Processors: PayPal or Stripe may send us transaction confirmations (amount, date, transaction ID) when you make a payment. We do not receive your full financial details.

2. How We Use Your Information

We use your information strictly for the following purposes:

• Service Operation: To create and manage your account, authenticate your sessions, and deliver the IPTV player functionality you expect.
• Security: To detect unauthorized access, enforce device-lock policies, prevent brute-force attacks on profiles, and protect our infrastructure.
• Customer Support: To respond to your inquiries, troubleshoot technical issues, and communicate important service updates.
• Payment Processing: To process premium subscription payments through our third-party payment partners.
• Service Improvement: To analyze anonymized usage patterns and fix bugs, improve performance, and develop new features.
• Legal Compliance: To comply with applicable laws, regulations, and legal proceedings when required.

3. Cookies and Tracking Technologies

3.1 Essential Cookies

We use strictly necessary cookies to maintain your login session, remember your selected profile, store your language preference, and ensure the security of your account. These cookies cannot be disabled as they are required for the service to function.

3.2 Optional Cookies

With your consent, we may use:

• Analytics Cookies: To understand how visitors interact with our website, helping us improve the user experience.
• Advertising Cookies: If advertisements are displayed (for free-tier users), our advertising partners may set cookies to serve relevant ads and measure ad performance.

You can manage your cookie preferences at any time using the privacy consent controls displayed on our website. For more details, please see our Cookie Policy.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share limited information only in these circumstances:

• Payment Processors: Transaction data shared with PayPal or Stripe to process your payments securely.
• Legal Requirements: If required by law, court order, or governmental authority, we may disclose information as necessary to comply.
• Service Protection: To investigate and prevent fraud, security incidents, or violations of our Terms of Service.
• Advertising Partners: Anonymized, aggregated data may be shared with ad networks for free-tier ad delivery. No personally identifiable information is shared.

5. Data Storage and Security

Your data is stored on secure servers with the following protections:

• Passwords are hashed using bcrypt with strong salt values
• All data transmission uses HTTPS/TLS encryption
• Database access is restricted and monitored
• Session tokens are cryptographically generated and expire after 30 days of inactivity
• Regular security audits and software updates

6. Data Retention

• Account Data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
• Security Logs: IP addresses and login logs are retained for up to 90 days for security purposes.
• Contact Messages: Retained for up to 2 years to resolve ongoing support issues.
• Payment Records: Retained for the period required by applicable tax and financial regulations (typically 5–7 years).
• Playlist Cache: Automatically expires and is deleted after the configured cache duration (typically 1 hour).

7. Your Rights (GDPR and International)

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing of your data for certain purposes, including direct marketing.
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Withdraw Consent: Withdraw consent for optional data processing at any time.

To exercise any of these rights, please contact us through our Contact page. We will respond within 30 days as required by GDPR.

8. Children's Privacy

Our service is not directed at children under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal data, we will promptly delete it. If you believe a child has submitted data to us, please contact us immediately.

9. International Data Transfers

If you access our service from outside the country where our servers are located, your data may be transferred internationally. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

10. Third-Party Links

Our website and blog may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party services you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out through our Contact page. We take every inquiry seriously and aim to respond within 48 hours.