Privacy Policy

Last updated: 2026-06-15

Aura (the "Service") is provided by XLNC AI GLOBAL PRIVATE LIMITED ("we", "us"). The Service is a media player. We do not provide media content — you bring your own IPTV provider credentials and stream from sources you have legally licensed.

1. What we collect

• Anonymous usage telemetry via Firebase Analytics. Examples: which connection method (Xtream / Stalker / M3U) you used, how long a stream played before the first frame appeared, how often a stream rebuffered, and whether a deep link was accepted. We do not record channel names, the URLs you stream, your IPTV provider's credentials, MAC addresses, or your watch history.
• Crash reports via Firebase Crashlytics. We capture stack traces and basic device metadata (OS version, device model, locale) so we can debug failures. On Windows Crashlytics is unavailable; instead a redacted crash log is written locally and only leaves your device when you choose to attach it to a support email.
• Optional account email, if you upgrade your auto-created anonymous Firebase account to email + password so your favorites and watch progress sync across devices. We never share this email with resellers or third parties.
• Cross-device sync data stored in Firestore under your account: favorites (channel IDs you starred), watch progress on VOD items (title + percentage), recently-watched channel IDs, and your content-filter preferences (the categories you chose to show). Credentials are never synced to the cloud — they stay in encrypted local storage on each device.

2. What we don't collect

• Your IPTV provider username or password.
• Your Stalker MAC address or portal URL.
• Your M3U playlist URL.
• The names of channels you watch.
• The duration or timing of live viewing.
• Any payment, billing, or identity information beyond an email you optionally provide for sync.

3. Local encrypted storage

Provider credentials are stored in the platform secure store (Keychain on iOS/macOS, Keystore on Android, DPAPI on Windows). They never leave the device.

4. Resellers

If you received Aura from a reseller, the reseller has no access to your playback data, your sync account, or your local credentials. The reseller can generate a signed deep link that pre-fills credentials when you tap it, but that one-way handoff is the only data the reseller transmits to you — they receive nothing back.

5. Third parties

We use Google's Firebase platform (Authentication, Firestore, Analytics, Crashlytics). Firebase's data practices are governed by Google's privacy policy. We do not sell or share your data with advertisers.

6. Your choices

• Reset locally: Device & Subscription → Cache & storage → "Disconnect & forget account" removes saved credentials and resets sync.
• Delete your sync account: Email Jigs@inbox-iq.ai and we will permanently delete your Firestore documents and Firebase auth user within 30 days.
• Opt out of telemetry: deleting the app removes the anonymous Firebase user and all associated telemetry IDs. You can also email us to have analytics disabled for your account.

7. Children

Aura is not directed to children under 13 and we do not knowingly collect data from them. If you believe a child has provided us data, contact us and we will delete it.

8. Changes

We may update this policy. Material changes will be noted in-app on next launch. Continued use after a change constitutes acceptance.

9. Contact

Questions? Email Jigs@inbox-iq.ai.