Logo Icon

Privacy Policy

Last Updated: June 24, 2026

1. Controller and scope

This Privacy Policy explains how Nexus Stream TV handles personal data in the Android TV app, on this website, in support communication, and in backend services used for premium verification and diagnostics.

Controller:
Genrich Hermann
Eichenweg 20
78549 Spaichingen
Germany
Email: nexusstreamtv.app@gmail.com

Nexus Stream TV is a media player only. We do not provide, host, sell, or distribute TV channels, movies, series, playlists, or other media content.

2. Privacy by default

The app does not require a Nexus account. We do not sell personal data and we do not use advertising, behavioral analytics, or profiling based on viewing behavior.

Most app data is stored locally on your device, including profiles, provider settings, favorites, watchlist items, playback progress, UI settings, and related configuration. Sensitive local data such as provider credentials and session tokens is handled through encrypted secret storage where supported by the device.

3. Provider data and local media setup

When you add an IPTV or media provider, requests are sent from your device to that provider or to the URL you configured. Depending on the provider type, this can include Xtream credentials, Stalker portal data, MAC addresses, M3U URLs, EPG URLs, or similar connection details. Nexus Stream TV does not receive or store these provider credentials on our servers.

If you use optional Google Drive backup, backup files may include a full app snapshot, including settings, favorites, watchlist, playback progress, profiles, TMDB session data, OpenSubtitles session data, Xtream/Stalker credentials, MAC addresses, and related provider configuration. Backup files are encrypted by the app before upload and are restored through the app. Backups are optional and controlled by you.

4. Optional diagnostics and crash reports

A. Manual diagnostic uploads

Diagnostic upload is manual and opt-in. If you choose to upload diagnostic logs from the app, the log may include technical data such as app version, device model, Android version, network state, selected app settings, playback error codes, player and codec information, billing entitlement status where relevant, timestamps, and a random support ID.

Privacy filtering removes detected credentials, passwords, tokens, full playlist or stream URLs, provider host names, profile IDs, media titles, and similar sensitive values where detected before storage or upload. Uploaded diagnostic logs are used only for technical support and bug diagnosis. They are stored for up to 30 days unless longer handling is necessary for an ongoing support request or legal obligation. You can request deletion by emailing the support ID to nexusstreamtv.app@gmail.com.

B. Optional Firebase Crashlytics reports

Firebase Crashlytics crash and ANR reporting is disabled by default. It is only enabled if you explicitly grant consent in the app. You can enable or disable crash reporting at any time in Settings → About.

If enabled, Firebase Crashlytics may process technical crash and ANR data such as stack traces, exception information, app version and build number, device model, operating system version, timestamps, crash/session identifiers, and technical state relevant to diagnosing the crash. We do not intentionally include IPTV provider credentials, playlist URLs, stream URLs, provider host names, media titles, or account passwords in crash reports.

The legal basis for optional crash reporting is your consent under Art. 6(1)(a) GDPR. You may withdraw this consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. Premium verification and payments

Premium purchases are processed by Google Play. We do not receive your credit card number, bank details, or billing address.

To verify premium status and protect against fraud or tampering, the app may send a Google Play purchase token, product ID, and optionally a Google Play Integrity token to our backend at api.nexusstream.de. We do not store raw purchase tokens. We store only a one-way HMAC-SHA256 hash of the purchase token and the last verification result, such as premium status and expiry, for up to 90 days. Backend services may process technical server data such as IP address, timestamps, request metadata, and HTTP status codes for operation, abuse prevention, and security.

6. Third-party services

The app can interact with third-party services depending on the features you use:

  • IPTV/media providers: Provider credentials and playback requests are sent directly from your device to the provider you configured.
  • TMDB: Used for metadata, images, ratings, search results, favorites/watchlist/list synchronization if connected. Requests may include titles, TMDB IDs, language preferences, and TMDB session/account identifiers. IPTV credentials and stream URLs are not sent to TMDB by Nexus Stream TV.
  • Trakt.tv and The Intro DB: Used for search, related-title metadata, poster/headshot data, and optional intro/recap/credits/preview timings. Requests can include search queries, names, IDs, season and episode numbers, and app-level API identifiers.
  • YouTube: Used to play trailers through the official YouTube player or related APIs. YouTube/Google terms and privacy rules apply to this feature.
  • OpenSubtitles: Used for subtitle login, search, and downloads if enabled or used. Requests may include login credentials, session tokens, language preferences, TMDB IDs, season/episode numbers, and selected subtitle IDs.
  • Google Drive: Used only if you choose Drive backup/restore. Backup files are encrypted by the app before upload.
  • Firebase Crashlytics: Used only after explicit consent for optional crash and ANR reporting.
  • Google Play Billing and Play Integrity: Used for purchases, entitlement restore, and premium verification.

Some third-party providers may process data outside the European Economic Area. Their own privacy policies and transfer safeguards apply.

7. Website, cookies, and contact

The website is provided for product information, changelogs, legal notices, and support links. We do not use advertising cookies or analytics cookies on the website. Technically necessary requests may still be processed by the web server and hosting infrastructure, including IP address, date/time, requested URL, user agent, referrer, and HTTP status code. These logs are used for operation, troubleshooting, and security.

If you contact us by email, we process your email address and message content solely to respond to your inquiry and handle support.

8. Permissions and device access

The app uses internet access to stream content from your configured provider, verify premium status, load metadata, retrieve subtitles, and use optional third-party services. Local storage is used to keep app settings, profiles, favorites, watchlist items, playback progress, cache files, and backups selected by you. The app does not support background recording.

9. Retention

  • Manual diagnostic logs: up to 30 days unless needed longer for an ongoing support request or legal obligation.
  • Premium verification records: hashed purchase token and entitlement result for up to 90 days.
  • Support emails: retained as long as necessary to handle the request and document support communication.
  • Local app data: remains on your device until you delete it, clear app data, remove a profile, or uninstall the app.
  • Google Drive backups: remain in your Google Drive app data storage until you delete them or revoke access according to Google account controls.

10. Your GDPR rights

If the GDPR applies to you, you may request access, rectification, erasure, restriction of processing, data portability, and objection to processing where legally available. Where processing is based on consent, you may withdraw consent at any time with effect for the future.

You also have the right to lodge a complaint with a supervisory authority. In Baden-Württemberg, Germany, this is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg: https://www.baden-wuerttemberg.datenschutz.de/.

11. Data security

We use reasonable technical and organizational measures appropriate to the risk, including Android app sandboxing, encrypted secret storage where supported, app-side encrypted backups, privacy filtering for diagnostics, and minimized backend storage for premium verification. No method of storage or transmission is completely secure, so you should also keep your device, Google account, and provider accounts secure.

12. Changes and contact

We may update this Privacy Policy when the app, website, third-party integrations, or legal requirements change. The current version is published on this website and linked from the app.

For privacy questions or deletion requests, contact: nexusstreamtv.app@gmail.com.