Privacy Policy
Last updated: February 8, 2026
MujiTivi is built by MujiLab. This policy describes how we handle your data when you use MujiTivi ("the Application") on any platform (Android, Android TV, macOS, Windows).
We believe privacy is a fundamental right. MujiTivi is designed from the ground up to collect as little data as possible. We do not sell, rent, or monetize your personal data in any way.
Information we collect
Account data
If you create a MujiTivi account to access Premium features, we collect your email address. This is the only personal data stored on our servers. It is used exclusively for:
- Authentication via secure magic link (passwordless login)
- Managing your Premium subscription status
Lawful basis (GDPR Art. 6(1)(b)): performance of a contract.
Source credentials
Your media source credentials (server URL, username, password) are stored locally on your device only, using platform-native encrypted storage (Keychain on Apple platforms, EncryptedSharedPreferences on Android). These credentials are never transmitted to our servers or any third party.
Payment data
Payment transactions are processed entirely by Stripe (desktop) or Google Play (Android). We never receive, store, or have access to your credit card number, bank account details, or other financial information.
Information we do not collect
MujiTivi does not collect, store, or transmit any of the following:
Third-party services
We use a limited number of third-party services, exclusively for authentication and payment. Each service only receives the minimum data required to perform its function.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication | Email address |
| RevenueCat | Subscription management | User ID, purchase receipts |
| Stripe | Payment processing | Payment details (direct to Stripe) |
| Google Play | App distribution & payments (Android) | Per Google's terms |
We do not share, sell, or transfer your personal data to any other third party for any purpose, including marketing, advertising, or data brokerage.
Data retention
| Data type | Retention period |
|---|---|
| Email address | Until you request account deletion |
| Subscription status | Duration of active subscription + 30 days |
| Source credentials | Stored locally; deleted when you remove the account or uninstall |
| Payment records | Held by Stripe/Google per their retention policies |
To request deletion of your account and all associated data, email [email protected]. We will process deletion requests within 30 days.
Your rights
European Economic Area (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — obtain a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your personal data
- Restriction — limit how we process your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
You also have the right to lodge a complaint with your local data protection authority.
California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising your privacy rights
To exercise any of these rights, contact [email protected]. We will respond within 30 days.
Security
We implement the following measures to protect your data:
- Encryption at rest — Source credentials are encrypted using platform-native secure storage (Keychain on Apple platforms, EncryptedSharedPreferences on Android).
- Passwordless authentication — We use magic links instead of passwords, eliminating the risk of password breaches.
- Minimal server footprint — Our servers store only email addresses and subscription status. No media content, credentials, or usage data ever reaches our infrastructure.
- Encrypted transit — All communications with our services use TLS 1.2 or higher.
No system is perfectly secure. If you discover a vulnerability, please report it to [email protected].
Children's privacy
MujiTivi is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child without parental consent, we will delete that data promptly. If you believe a child has provided us with personal information, please contact [email protected].
International data transfers
Your email address may be processed in the European Union (Supabase) and the United States (RevenueCat, Stripe). Where data is transferred outside the EEA, our service providers maintain appropriate safeguards, including Standard Contractual Clauses and EU-U.S. Data Privacy Framework certification.
Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Application after any changes constitutes acceptance of the updated policy.
Contact
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
MujiLab
Email: [email protected]