Legal

Privacy Policy

Last updated: 2026-06-02

Plain language summary: Your media library, watchlist and viewing history live on your hardware — we never see them. For Online Access we collect only what's necessary to operate the subscription: email, server registry, billing status.

1. What we collect

From everyone (free software users)

If you install HeyWatch and never subscribe to Online Access, we collect nothing. The software has no telemetry by default. Your library stays on your device.

From Online Access subscribers

What	Why
Email address	Account identity, billing receipts, support
Server identifier (UUID) + subdomain code	Tunnel routing, fleet registry
Subscription status, plan, period dates	Billing
IP address (truncated, only at fleet-registry events)	Abuse prevention, geographical capacity planning
Server version, OS, architecture	Operational diagnostics (push updates, support)
Last-seen heartbeat timestamp	Operational monitoring (alert if server offline)

2. What we do NOT collect

What media you stream, browse, or download.
Your watchlist, viewing history, or play positions (these live in your own server's database).
The names of files on your hard drive.
The content of any traffic through the tunnel (it's encrypted end-to-end via Cloudflare TLS termination).
Cookies for advertising, analytics, or third-party tracking on heywatch.tv.

3. Subprocessors

We rely on these third parties to operate the service. Each handles a narrow piece:

Provider	Purpose
Cloudflare	DNS, tunnel routing, CDN, DDoS protection
Supabase	Authentication (Google OAuth relay)
Stripe (when activated)	Payment processing
Google Drive (operator-side)	Encrypted operational backups (our DB, not your content)

4. Data retention

Active subscribers: account data retained while subscription is active and 30 days after cancellation.
Audit log of server events: 12 months.
Backups: 30 days encrypted retention, after which expired.
Billing records: retained as required by applicable tax law (typically 7 years).

5. Your rights

Regardless of where you live, you may:

Request a copy of your personal data we hold.
Request correction of inaccurate data.
Request deletion of your data (subject to legal retention obligations).
Export your data in a portable format.
Withdraw consent and cancel at any time.

Email [email protected] with the subject "Data request".

6. Children

HeyWatch Online Access is not directed at children under 13 (16 in the EU). We do not knowingly collect data from minors.

7. International transfers

Data may be processed in any country where our subprocessors operate (primarily US and EU). All transfers are governed by appropriate safeguards (Standard Contractual Clauses where applicable).

8. Changes

Material changes will be announced by email and on this page with at least 14 days notice.

This document is provisional. A final version reviewed by counsel will be published before HeyWatch exits private beta.