Privacy Policy

Effective Date: June 29, 2026

This Privacy Policy describes how Muhammad Awais Ahsan, the independent developer of the Streamflix mobile application ("the Developer," "we," "our," or "us"), collects, uses, discloses, and safeguards your information across our supported mobile platforms, including our Android and iOS applications (collectively referred to as the "App").

1. Legal Identity of the Data Controller

Streamflix is not a corporate entity, registered company, business partnership, or commercial brand. Streamflix is a mobile software application designed, developed, owned, and operated strictly by an individual independent developer, Muhammad Awais Ahsan. For the purposes of applicable data protection regulations (including but not limited to GDPR and CCPA), all user data processed in relation to the App is handled directly by the Developer under the explicit criteria set forth within this document.

2. Platform Infrastructure and Account Topologies

Our data architectural requirements vary fundamentally depending on the specific operating system environment through which you interact with the App:

• Android Application Infrastructure (Account Required): To facilitate, track, and manage premium application subscription states, Android users must create a personalized account profile. This registration profile requires a valid email address and a user-generated password. This data is fully encrypted in transit and at rest, used exclusively to handle user authentication, account verification, and cross-device subscription synchronization.
• iOS Application Infrastructure (No Account Required): At present, the iOS deployment of the App operates on an anonymous access topology. Users are not required—and are not provided the technical option—to register an account profile. Premium subscription access is resolved anonymously via native Apple platform verification tokens. Note: Unified account synchronization functionality is scheduled for deployment on the iOS platform in a future incremental update, at which point standard email registration frameworks will match the Android environment.

3. Third-Party Integrations, SDK Disclosures, and Technical Telemetry

To preserve application stability, ensure cross-device notifications function correctly, and support operational overhead, the App embeds explicit, industry-standard third-party Software Development Kits (SDKs). These subsystems handle localized telemetry data as specified below:

• Dynamic Push Notifications (OneSignal): We use the OneSignal platform to deploy operational notifications, content synchronization alerts, and subscription state warnings. OneSignal collects unique hardware device tokens and non-identifiable interaction telemetry. This mechanism is live on Android platforms and will be deployed to iOS devices synchronously with future feature updates. Users maintain granular control and can revoke notification permissions at any moment via device system settings.
• Programmatic Ad Mediation (CAS.ai Framework - Android Only): The Android version of the App implements an ad delivery network managed by the CAS.ai (Clever Ads Solutions) mediation engine. CAS.ai dynamically mediates ad placements and processes non-personal mobile advertising identifiers (such as the Google Advertising ID / GAID) alongside baseline device metadata to optimize network performance. No personal account credentials, email profiles, or identity structures are shared with CAS.ai. The iOS iteration of Streamflix remains completely ad-free.
• Core Diagnostics and Operational Analytics (Firebase Suite): The App integrates Google Analytics for Firebase to observe aggregated user flow paths, system engagement levels, and feature utilization index values. Simultaneously, Firebase Crashlytics records completely anonymous, technical crash stacks and exceptions to identify software failures. No personal parameters are processed during these diagnostics.

User Privacy Controls & Opt-Outs: You can control or restrict target-based advertising and tracking tokens directly through your mobile device settings. Android users can reset or completely delete their advertising identifier by navigating to Settings > Privacy > Ads > Delete Advertising ID. Users on both iOS and Android can halt push notification tracking at any time by revoking notification privileges within their respective operating system settings.

OUR DATA PROTECTION GUARANTEE: The Developer does not sell, trade, rent, lease, monetize, or distribute user email profiles, subscription logs, or diagnostic metadata to outside corporate networks, third-party marketing entities, or data brokers.

4. Advanced Data Security and Encryption Standards

We strictly mandate that all data transaction pipelines to and from the App utilize secure HTTPS (Hypertext Transfer Protocol Secure) architecture wrapped in robust SSL/TLS encryption. This protection covers all communication with internal data nodes and external application programming interfaces (APIs), ensuring that user credentials and active tokens are securely isolated against intercepted tracking.

5. Subscription Payment and Billing Infrastructure

Financial transactions, payment collection, and billing cycle workflows are managed securely through native ecosystem channels. The Developer never captures, handles, or stores raw payment tokens, credit card digits, or banking data:

• Android Platform: Transactions are handled and cleared through the Google Play Billing engine or our authorized transaction integration partner, Polar.
• iOS Platform: Subscriptions are managed, structured, and executed directly via Apple’s native In-App Purchase (IAP) platform framework.

6. Content Sourcing and Third-Party Media Disclaimer

Streamflix operations occur as an informational, structured indexing catalog for entertainment media. All film profiles, visual art layers, series directories, and contextual cast summaries are fetched programmatically via The Movie Database (TMDB) API. Streamflix does not host, stream, or locally cache digital video source files or unauthorized media tracks. All corresponding content privileges belong entirely to the original rights owners.

7. Absolute Data Autonomy and Deletion Commitments

We recognize your un-compromised ownership over your personal data footprint. Android platform users retain the explicit right to purge their profile records from our infrastructure completely.

Method of Invalidation: To invoke permanent profile destruction, the user must transmit a written request from their registered email profile to our compliance address: [email protected].

The 24-Hour Purge Mandate: Upon validation of your incoming data deletion request, the Developer explicitly guarantees that all corresponding account keys, registration lines, database entries, and subscription logs will be completely, permanently, and irreversibly wiped from active systems within 24 hours.

8. Children's Digital Privacy Controls

The App does not deliberately source or catalog personal identifiers from individuals under the chronological age of 13. If it is brought to the attention of the Developer that an account has been successfully generated by an individual under the age of 13, data deletion workflows will be automatically deployed to purge that account profile instantly.

9. Revisions to this Privacy Framework

The Developer preserves the operational flexibility to update this legal text as platform rules require. Revisions are confirmed instantly when uploaded online, tracked via the explicit "Effective Date" markers. Continued execution of the App following changes constitutes full agreement to the revisions.

10. Contact and Compliance Point

For all structural inquiries regarding technical telemetry, data safety profiles, or explicit account deletion requests, communicate directly with the Developer:

Lead Developer: Muhammad Awais Ahsan
Compliance Email: [email protected]