Pocket STB — IPTV Player for iPhone & iPad

⚠ Important notice — content liability disclaimer

Pocket STB is a media player application only. We do not host, upload, store, distribute, broadcast, or provide any video, audio, or streaming content. We do not operate any IPTV service, channel lineup, or content delivery network.

All content streamed through Pocket STB is sourced exclusively from your chosen third-party IPTV service provider. It is solely your responsibility to verify that your IPTV provider is legally authorized to distribute the content they offer, and that accessing such content is lawful in your country or region under applicable copyright, broadcasting, and telecommunications laws.

Pocket STB bears no liability for any content accessed through third-party providers via this Application.

01 Introduction

Welcome to Pocket STB (the "Application"), an IPTV player ("we", "our", or "us"). We are committed to protecting the privacy of all users ("you" or "user") who access our Application, website, or related services (collectively, the "Services").

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use Pocket STB on any supported platform, including iPhone, iPad, Mac (Apple Silicon), and Apple Vision.

By downloading, installing, or using Pocket STB, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Application.

This policy is designed to comply with applicable privacy laws worldwide, including GDPR (EU/EEA), UK GDPR, CCPA/CPRA (California), PIPEDA (Canada), LGPD (Brazil), POPIA (South Africa), PDPA (Thailand/Singapore), APPI (Japan), PIPL (China), the DPDP Act (India), the Privacy Act (Australia), and other applicable regional laws.

02 Nature of the application — what Pocket STB is and is not

2.1 Pocket STB is a player only

Pocket STB is a software media player — similar in function to VLC Media Player — designed to play streams provided by your IPTV subscription service. The Application acts solely as a technical interface between you and your chosen provider's stream URL or playlist. Specifically, Pocket STB:

Does not host, store, cache, broadcast, or retransmit any video or audio content.
Does not provide, sell, or curate any IPTV channels, VOD libraries, or streaming content.
Does not have any affiliation with, or control over, any content provider, broadcaster, or channel operator.
Does not verify, endorse, or take responsibility for the content made available by your IPTV provider.
Does not operate a content delivery network (CDN) or streaming infrastructure.

2.2 Your responsibility regarding content legality

The legality of streaming content through an IPTV service varies significantly by country and jurisdiction. Before using Pocket STB with any IPTV provider, you are solely responsible for:

Verifying that your IPTV provider holds valid and current licenses, distribution rights, or broadcasting authorizations for all content they offer in your country or region.
Ensuring that accessing and streaming the content provided by your IPTV provider is lawful under the copyright laws, broadcasting regulations, and any other applicable legislation in your jurisdiction.
Confirming that your use complies with any territorial restrictions, geo-licensing agreements, or exclusive broadcast rights that may apply.
Understanding that using an unauthorized IPTV service to access pirated, unlicensed, or otherwise restricted content may constitute a violation of law and may expose you to civil or criminal liability.

2.3 No liability for third-party content

To the fullest extent permitted by applicable law, Pocket STB expressly disclaims all liability — whether direct, indirect, incidental, consequential, or otherwise — arising from the nature, legality, accuracy, or availability of any content streamed through a third-party provider, any infringement of intellectual property or broadcasting rights, any legal consequence of using an unauthorized service, or any disruption or termination of service by your provider.

If you are unsure whether your IPTV provider is legally authorized to operate in your country, we strongly recommend consulting a qualified legal professional in your jurisdiction before use.

03 Data controller / business identity

The data controller responsible for your personal data is:

Company: Aavitech Solutions Private Limited
Application: Pocket STB — IPTV player for iPhone & iPad
Website: www.pocketstb.com
Privacy: [email protected]
Legal / DPO: [email protected]

For EU/EEA users, we act as the Data Controller under Article 4(7) of the GDPR. For California users, we act as a "Business" as defined under the CCPA/CPRA.

04 Information we collect

We collect only the minimum information necessary to provide our Services.

4.1 Information you provide directly

Account information: name, email address, username, and password (if you register an account).
IPTV playlist / portal details: stored locally on your device only — never transmitted to our servers.
Payment information: processed by Apple or a third-party payment processor. We do not store full card details.
Support communications: messages, emails, or feedback you send to us.

4.2 Information collected automatically

Device information: device type, model, OS version, and hardware identifiers.
Network information: IP address, approximate (country/region-level) location, ISP, and network type.
Usage data: features used, session duration, error logs, and crash reports.
Streaming metadata: buffer events, stream quality, and playback failures — not the content of what is streamed.

4.3 What we do not collect

We do not record, intercept, or store the actual video/audio content you stream.
We do not store your IPTV provider credentials on our servers.
We do not access your contacts, photos, microphone, or camera.
We do not collect precise real-time GPS location.

05 How we use your information

Service delivery: to provide, operate, maintain, and improve the Application.
Account management: to create and manage your account, authenticate identity, and process subscriptions.
Customer support: to respond to queries, troubleshoot issues, and provide technical assistance.
Performance & diagnostics: to identify and fix bugs and crashes, and optimize streaming performance.
Security & fraud prevention: to detect and prevent fraudulent activity and unauthorized access.
Legal compliance: to comply with applicable laws and respond to lawful requests.
Communications: to send important updates, security notices, and (with consent) promotional messages.

06 Legal basis for processing (GDPR / UK GDPR)

For users in the EU, EEA, or United Kingdom, we process your personal data under the following legal bases:

Contractual necessity (Art. 6(1)(b)): processing required to provide the Application and fulfill our Terms.
Legitimate interests (Art. 6(1)(f)): for analytics, security, fraud prevention, and service improvement.
Consent (Art. 6(1)(a)): for marketing communications and non-essential cookies — withdrawable at any time.
Legal obligation (Art. 6(1)(c)): to comply with applicable laws and lawful requests.

07 Data sharing & disclosure

We do not sell your personal data. We share data only in the limited circumstances described below.

7.1 Service providers & processors

Cloud hosting & infrastructure providers (e.g., Microsoft Azure, AWS, Google Cloud).
Analytics platforms — anonymized/aggregated data only.
Crash reporting tools (e.g., Crashlytics, Sentry).
Payment processors (e.g., Apple, Stripe, PayPal) — governed by their own PCI-DSS compliant policies.
Customer support platforms.

All processors are bound by Data Processing Agreements (DPAs) and prohibited from using your data for any other purpose.

7.2 Legal & regulatory disclosure

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, prevent fraud, or ensure user safety.

7.3 Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice of such transfer and any changes to this Privacy Policy.

08 International data transfers

Pocket STB is a global application. Your data may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

EU Standard Contractual Clauses (SCCs) approved by the European Commission.
UK International Data Transfer Agreements (IDTAs) for UK transfers.
Adequacy decisions where applicable.
Binding Corporate Rules (BCRs) or equivalent mechanisms.

You may request a copy of the transfer mechanisms in place by contacting [email protected].

09 Data retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy.

Data type	Retention period
Account data	Duration of account + 90 days after deletion
Usage & analytics data	Up to 24 months (anonymized)
Crash & diagnostic logs	Up to 12 months
Support communications	Up to 3 years
Payment records	Up to 7 years (financial compliance)
Legal hold data	As required by legal proceedings

Upon expiry of retention periods, data is securely deleted or irreversibly anonymized.

10 Data security

Encryption in transit using TLS 1.2 / TLS 1.3 for all data communications.
Encryption at rest using AES-256 for databases containing personal data.
Access controls and role-based permissions limiting data access to authorized personnel only.
Regular security assessments, vulnerability scanning, and penetration testing.
Incident response procedures for detecting and responding to data breaches.
IPTV credentials entered in the Application are stored only on your local device and are never transmitted to our servers.

While we employ robust security measures, no system is 100% secure. We encourage you to use strong passwords and keep your device software up to date.

11 Your rights & choices

11.1 Universal rights (all users)

Right to know / access: request a copy of the personal data we hold about you.
Right to correction: request correction of inaccurate or incomplete data.
Right to deletion / erasure: request deletion of your personal data (subject to legal retention obligations).
Right to data portability: receive your data in a structured, machine-readable format.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

11.2 Jurisdiction-specific rights

Region	Framework	Key additional rights
EU / EEA / UK	GDPR · UK GDPR	Restrict processing, object, no automated decision-making, complaint to DPA / ICO
California	CCPA · CPRA	Opt-out of sale/sharing, limit sensitive data use, no discrimination for exercising rights
India	DPDP Act 2023	Access, correction, erasure, grievance redressal, nominate a representative
Brazil	LGPD	Anonymization, portability, deletion, object, complaint to ANPD
Canada	PIPEDA	Access and correction, complaint to the OPC
Australia	Privacy Act 1988	Access and correction (APPs), complaint to the OAIC
South Africa	POPIA	Notification, access, correction, object, complaint to the Information Regulator
Singapore / Thailand	PDPA	Access and correction, complaint to the PDPC
Japan	APPI	Disclosure, correction, deletion, consent required for third-party sharing

To exercise any right, contact [email protected]. We respond within 30 days (or as required by applicable law — 45 days under CCPA, 1 month under GDPR). We may need to verify your identity before processing your request.

12 Cookies & tracking technologies

Essential / strictly necessary: required for the Application to function (session management, authentication). Cannot be disabled.
Performance / analytics: help us understand usage patterns and improve performance. Can be disabled.
Functional: remember your preferences (language, settings). Can be disabled.
Advertising / targeting: used by advertising partners. Opt out via device ad settings or industry opt-out tools.

Where required by law (EU ePrivacy Directive, GDPR), we obtain your consent before placing non-essential cookies. You may withdraw consent at any time through Application settings. We honor browser-level Do Not Track signals where technically feasible.

13 Children's privacy

Pocket STB is not directed at children under the age of 13 (or under 16 in EU/EEA jurisdictions). We do not knowingly collect personal data from children without verifiable parental consent.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at [email protected]. We will promptly delete such data.

We apply the highest applicable age threshold in each jurisdiction (e.g., 13 under COPPA in the US, 16 as the GDPR default, 14 under LGPD in Brazil).

14 Third-party links & services

Pocket STB may integrate with third-party services (e.g., your IPTV provider, external media sources, payment gateways). These third parties have their own privacy policies, and we are not responsible for their data practices.

We recommend reviewing the privacy policies of any third-party services you access through or alongside Pocket STB, particularly your IPTV subscription provider.

15 Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify relevant supervisory authorities within 72 hours of becoming aware of the breach (GDPR Article 33).
Notify affected users without undue delay where the breach is likely to result in high risk (GDPR Article 34).
Comply with equivalent notification requirements under CCPA/CPRA, PIPEDA, LGPD, the DPDP Act, and other applicable laws.

16 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The updated policy will be posted within the Application and on our website with a revised "Last updated" date.

For material changes, we will provide prominent notice via in-app notification or email at least 30 days before the change takes effect, where required by law. Your continued use of Pocket STB after the effective date constitutes acceptance of the changes.

17 Country-specific additional provisions

17.1 United States — state privacy laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other US states with comprehensive privacy laws have rights including access, correction, deletion, portability, and opt-out of targeted advertising. Contact [email protected] to exercise these rights.

17.2 Singapore & Thailand (PDPA)

We comply with the Personal Data Protection Act. You have the right to access and correct your personal data; complaints may be directed to the relevant PDPC.

17.3 Japan (APPI)

We comply with the Act on the Protection of Personal Information as amended. We only share personal data with third parties with your consent or as permitted by law.

17.4 China (PIPL)

For users in the People's Republic of China, we process personal information in accordance with the Personal Information Protection Law, with separate consent and compliance with applicable data-localization requirements where mandatory.

18 Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy / DSR: [email protected]
Legal / DPO: [email protected]
Support: [email protected]
Website: www.pocketstb.com

We are committed to working with you to resolve any complaint or concern about privacy. If you are not satisfied with our response, you have the right to contact your local data protection authority.

19 Governing law & dispute resolution

This Privacy Policy shall be governed by and construed in accordance with the applicable privacy laws of the jurisdiction in which you reside. For users in the EU/EEA, the GDPR and the laws of the applicable Member State govern. For users in the United States, applicable federal and state privacy laws apply.

Nothing in this Privacy Policy limits your rights to bring claims before applicable data protection supervisory authorities in your jurisdiction.

This policy is a general, app-appropriate template and is not legal advice. Please have it reviewed by a qualified professional before relying on it.