Privacy Policy for the Streamlet Application

Your privacy is important to us. This privacy policy explains how the Streamlet application collects, uses, and protects your data.

1. Data Collection and Use

The Streamlet application does not send any personal data to our servers without your knowledge. We do not require any mandatory information such as your name, email address, or other identifying details.

How the application works:

Streamlet is a modular application that operates through a plugin system. The application:

• Downloads and uses modules (plugins) of your choice
• Communicates with external services only based on the modules you install
• Uses APIs or web scraping to obtain data from these services
• Sends only the data you explicitly provide (e.g., search queries, login credentials for third-party services)

2. Streamlet Account (Optional)

Streamlet offers an optional Streamlet Account – an account used solely to synchronize your data (favorites, settings, installed modules) across your devices. Creating an account is entirely voluntary, and the application can be fully used without one.

What is stored on our servers when using a Streamlet Account:

• Email address – used as your login identifier
• Hashed password – your password is stored exclusively as a cryptographic hash; the original password is never stored or accessible
• Synchronized application data – favorites, settings, and the list of installed modules

Encryption of sensitive data:

All sensitive data synchronized via Streamlet Account (e.g., login credentials for external services such as streaming portals) is encrypted end-to-end using a separate encryption password that only you provide. This encryption password is never sent to our servers. In our database, this data is stored exclusively in encrypted form – even the service operators cannot access it in readable form.

Streamlet Account security model summary:

• Account password: stored as a one-way hash (bcrypt or equivalent)
• Encryption password: never leaves your device
• Sensitive synchronized data: encrypted on-device before transmission, stored on the server in encrypted form only
• Streamlet operators have no technical means to read your sensitive synchronized data

If you forget your encryption password, sensitive data cannot be recovered – this is by design and ensures that only the data owner has access.

3. Modules and External Services

You can extend Streamlet with modules for various catalogs and streaming providers. Each module communicates directly with the respective external service (e.g., TMDB, ČSFD, streaming portals). The application only serves as a tool to facilitate these requests.

What data may be shared with external services:

• Search queries – when you look for movies or series
• Login credentials – if you choose to log in to services that require it (credentials are stored only locally, or encrypted within the Streamlet Account)
• API requests – standard data requests according to the module's functions

These external services have their own privacy policies that you should review. The Streamlet application has no control over what data these services collect.

4. Error Reporting (Sentry)

The Streamlet application uses Sentry.io to monitor errors and application crashes. This data helps us fix issues and improve the stability of the application.

What data Sentry collects:

• Error and crash reports – technical information about where and why the application failed
• Device type and operating system version – to help reproduce and fix issues
• Application version – so we know which version the problem occurred in

Sentry does not collect your login credentials, search queries, watch history, or any other personal data. Error reports are anonymized and used solely for technical diagnostics.

Data is processed on servers in the EU in compliance with GDPR. For more information, see Sentry's privacy policy.

5. Cookies and Tracking

The Streamlet application does not use its own cookies or tracking technologies. We do not collect analytical data about your behavior in the application.

Cookies may only be used by external services you interact with through modules. We recommend reviewing their privacy policies.

6. Local Data Storage

If you do not use a Streamlet Account, all your data (favorites, history, login credentials for external services) is stored only locally on your device and is never transmitted anywhere.

7. Information Sharing

The Streamlet application does not sell, share, or link any information about your behavior with third parties. We are only a tool that allows you to access your favorite services.

8. Security

The Streamlet application takes reasonable steps to protect your security:

• Login credentials are securely stored in the device's local storage
• Communication with external services takes place via HTTPS (if supported by the service)
• The application has no access to data from other applications on your device
• Sensitive data synchronized via Streamlet Account is encrypted end-to-end

9. Changes to the Privacy Policy

This privacy policy may be updated from time to time. In case of changes, we will inform you of all significant updates through an application update.

10. Contact

If you have any questions or concerns regarding privacy in the Streamlet application, contact us at [email protected].

Summary: Streamlet does not collect your personal data. The application only facilitates communication with external services based on the modules you choose. The optional Streamlet Account enables data synchronization across devices – sensitive data is encrypted end-to-end using your encryption password, which never leaves your device. For error tracking purposes, we use Sentry.io, which processes anonymized technical data. All other data remains on your device.