Privacy Policy

Last Updated: November 1, 2025

Summary of key privacy protections

We do not monitor or analyze what you watch - content sources and viewing activity are private
End-to-end encryption for sync - synced data such as playlists and viewing activity are encrypted before transmission and remain encrypted on our servers; we cannot access this encrypted data
We don't sell your data - our business model is subscriptions, not data sales
Data minimization - we collect only what's necessary for core functionality
No advertising or tracking - we don't use ad networks or cross-app tracking
Strong security - encryption in transit and at rest

This Privacy Policy applies to the website hosted at https://alibi.video/ ("Website"), our mobile applications available on iOS and Android platforms, and any related services or products (collectively, "Services" or "App"). This policy also covers other activities related to Alibi Video Player where you may provide your personal data, such as customer support interactions, promotional events, or trade shows.

Our Services are operated by Alibi Group Limited ("we," "us," "our," or "Company"), a company incorporated and registered in Hong Kong Special Administrative Region. We are deeply committed to protecting and respecting your privacy.

This Privacy Policy, together with our Terms of Service at https://alibi.video/terms-conditions and any other documents referenced herein, explains how we collect, use, store, share, and protect your personal data. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

By using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

Important links

This Privacy Policy is integrated with our other legal documents. Please also review:

External links: Our Services may contain links to external websites, services, or content providers. We are not responsible for the privacy policies, practices, or content of such third-party sites. We encourage you to read the privacy policies of any third-party sites you visit.

1. Information we collect

To provide, maintain, improve, and secure our Services, we collect and process various types of information. The specific data we collect depends on how you interact with our Services and which subscription type you have.

1.1. Information you provide to us directly

This is information you actively provide when interacting with our Services:

Account creation and management

When you create an account, we collect:

  • Name: For account identification and personalization
  • Email address: For account authentication, communication, and password recovery
  • Password: Stored in hashed and encrypted form for account security
  • Account preferences: Language, notification settings, and display preferences

Legal basis (GDPR): Performance of contract, legitimate interests (account management and security)

Subscription and payment information

When you purchase a subscription, we collect:

  • Subscription type: SINGLE DEVICE or MULTI DEVICE
  • Purchase platform: Apple App Store, Google Play Store, or Paddle
  • Transaction identifiers: Provided by payment processors (we do NOT collect or store credit card numbers)
  • Billing cycle: Monthly, annual, or lifetime subscription details

Important: We do not process or store payment card information directly. All payment processing is handled by:

  • Apple Inc. for iOS App Store purchases
  • Google LLC for Google Play Store purchases
  • Paddle.com Market Limited for web-based purchases

See Section 6 for details about payment processor data handling.

Legal basis (GDPR): Performance of contract, legal obligation (tax and accounting)

Customer support and communications

When you contact our support team, we collect:

  • Support inquiries: Details of your question or issue
  • Correspondence: Email communications, chat logs, or support ticket content
  • Diagnostic information: App version, device information, and error logs you choose to provide

Legal basis (GDPR): Legitimate interests (providing customer support), consent (when you contact us)

Optional information

You may optionally provide:

  • Profile information: Username, avatar, or bio (if community features are available)
  • Feedback and surveys: Your opinions about the App and feature requests
  • Event participation: Information provided at trade shows or promotional events

Legal basis (GDPR): Consent, legitimate interests (improving our Services)

1.2. Information we collect automatically

When you use our Services, we automatically collect certain technical and usage information necessary for the App to function properly.

Authentication and subscription data (all users)

For both SINGLE DEVICE and MULTI DEVICE subscriptions, we collect:

Device information:

  • Device identifiers: Unique device IDs (generated by the App, not permanent device identifiers)
  • Device type and model: e.g., iPhone 15 Pro, Samsung Galaxy S24
  • Operating system: Type and version (e.g., iOS 18.0, Android 14)
  • App version: Version and build number of Alibi Video Player
  • Installation date: When the App was first installed

Subscription information:

  • Subscription status: Active, expired, cancelled, or trial
  • Subscription dates: Sign-up date, expiry date, renewal date
  • Purchase source: Which platform the subscription was purchased through
  • Transaction identifiers: Reference numbers from payment processors (not payment details)
  • Pricing information: Subscription tier and billing cycle

MULTI DEVICE subscription data (MULTI DEVICE users only):

  • Linked devices: List of device IDs associated with your subscription (up to subscription limit)
  • Device linking date: When each device was added to your account
  • Last activity timestamps: Last time each device accessed the App

Purpose:

  • Authenticating users and verifying subscription status
  • Providing access to subscribed features
  • Managing subscription renewals and preventing unauthorized access
  • Detecting and preventing subscription sharing violations
  • Providing device-specific customer support
  • Complying with financial, tax, and accounting regulations

Legal basis (GDPR): Performance of contract, legal obligation (financial compliance)

Synchronization data (MULTI DEVICE users only - when sync enabled)

If you have a MULTI DEVICE subscription and enable cross-device synchronization, we collect and store:

Encrypted user data (end-to-end encrypted):

  • App settings and preferences (encrypted)
  • Custom playlists and favorites (encrypted)
  • Playback positions and watch progress (encrypted)
  • User interface customizations (encrypted)
  • Content organization and categorization (encrypted)
  • Media source URLs (encrypted)
  • Viewing history and activity (encrypted)

Sync metadata (unencrypted - required for synchronization functionality):

  • Data type identifier (e.g., "playlist", "settings", "watch_progress")
  • Timestamp of creation and last modification
  • Device ID that made the last change
  • Sync version number for conflict resolution
  • Conflict resolution metadata

End-to-end encryption details:

  • Your devices generate and store encryption keys - keys never leave your devices
  • Data is encrypted on your device before transmission
  • Data remains encrypted on our servers
  • Only your authorized devices can decrypt your data
  • We CANNOT access your encrypted sync data

What this means:

  • Your synced playlists, viewing history, and preferences are protected with military-grade encryption
  • We have no access to what you watch or where your content comes from
  • Even if our servers were compromised, your synced data would remain encrypted and unreadable
  • Only your authorized devices can decrypt and access your synced data

Purpose:

  • Seamless synchronization of preferences and progress across your devices
  • Automatic conflict resolution when changes are made on multiple devices
  • Data integrity verification to prevent corruption
  • Efficient sync operations with minimal bandwidth usage

Legal basis (GDPR): Performance of contract (providing MULTI DEVICE subscription features), consent (when you enable sync)

1.3. Analytics and diagnostic data (via third-party services)

To improve App quality, diagnose issues, and understand usage patterns, we collect limited anonymized analytics and diagnostic data through carefully selected third-party services. See Section 2 for details about these service providers.

What we collect:

  • Anonymized usage metrics: Feature usage frequency, session duration (anonymized and aggregated)
  • Performance data: App load times, playback performance, crashes, and errors
  • Technical diagnostics: Error messages, stack traces (with personal data removed)

What we do NOT collect:

  • Individual user behavior tracking
  • Personal identifiers in analytics (all data is anonymized or aggregated)
  • Detailed usage patterns that could identify you
  • Any content-related information

Legal basis (GDPR): Legitimate interests (improving App quality and performance)

1.4. Data we do NOT collect

Privacy is a core principle of Alibi Video Player. We explicitly do NOT collect:

  • Content sources: URLs, streaming endpoints, M3U playlist contents, or Xtream Codes API credentials you enter (except as encrypted sync data for MULTI DEVICE users who enable sync)
  • Viewing behavior: What specific content you watch or when you watch it (except as encrypted sync data for MULTI DEVICE users who enable sync)
  • Media content: We do not store, cache, or have access to any video or audio files you play
  • IP addresses of content sources: We do not log which servers or sources you connect to for content
  • Network traffic analysis: We do not perform deep packet inspection or traffic analysis
  • Precise location data: We do not collect GPS coordinates or precise location (we only receive general region from app stores for content restrictions)
  • Browsing history: We do not track which websites you visit
  • Contacts or photos: We do not access your device's contacts, photos, or other media
  • Microphone or camera: We do not access your microphone or camera
  • Cross-app tracking: We do not track your activity across other apps or websites

For SINGLE DEVICE users: All app operations are entirely local to your device. We have no visibility into your playlists, viewing activity, or content sources.

For MULTI DEVICE users who do not enable sync: Same as SINGLE DEVICE users - all operations are local with no cloud storage.

For MULTI DEVICE users who enable sync: Your playlists and viewing activity are encrypted before transmission and remain encrypted on our servers. We cannot access this encrypted data.

2. Third-party service providers and data processing

Unlike many apps that rely on extensive tracking and advertising networks, Alibi Video Player uses only essential third-party services to provide core functionality and improve App quality. We carefully select privacy-respecting partners and limit data sharing to what is necessary.

We do NOT use:

  • Advertising networks or ad tracking
  • Social media tracking pixels
  • Behavioral profiling services
  • Data brokers or aggregators
  • Cross-app tracking technologies

We DO use the following carefully selected service providers:

2.1. Analytics and performance monitoring

TelemetryDeck (privacy-first analytics)

Purpose: Understanding how users interact with the App to improve features and user experience

Data shared:

  • Anonymized user identifiers (double-hashed on device - cannot be reversed)
  • Anonymized event types (e.g., "feature_used", "app_opened")
  • Timestamp (rounded to the hour for privacy)
  • App version and build number
  • Device model and operating system version
  • General locale and language settings
  • SDK version

Privacy protections:

  • TelemetryDeck employs double-hashing of identifiers directly on your device
  • Even TelemetryDeck cannot reverse the hashing to identify individual users
  • All data is truly anonymized, not just pseudonymized
  • No personal identifiers are ever transmitted
  • Data cannot be combined with other datasets to re-identify users

Data location: TelemetryDeck servers in Amsterdam, Netherlands (EU)

Privacy policy: https://telemetrydeck.com/privacy/

Legal basis (GDPR): Legitimate interests (product improvement, anonymized data)

Sentry (error monitoring and crash reporting)

Purpose: Identifying and fixing bugs, crashes, and performance issues to improve App stability

Data shared:

  • Anonymized session identifiers (unique to each app session)
  • Error messages and stack traces (automatically scrubbed of personal data)
  • Device type and operating system version
  • App version and build number
  • Timestamp of error occurrence
  • Basic device information (screen size, memory usage - no identifiers)

Privacy protections:

  • Sentry is configured to automatically scrub personal data from error reports
  • File paths, URLs, and user-entered data are masked before transmission
  • Crash reports are retained only as long as necessary to debug issues (typically 90 days)
  • No personal identifiers are included

Data location: Sentry servers in United States (with Standard Contractual Clauses for EU users)

Privacy policy: https://sentry.io/privacy/

Legal basis (GDPR): Legitimate interests (App stability and quality)

2.2. Subscription management

RevenueCat (iOS and Android subscription management)

Purpose: Managing in-app subscriptions for Apple App Store and Google Play Store purchases

Data shared:

  • App user identifiers (anonymized, generated within the App)
  • Purchase receipts from Apple or Google (transaction verification)
  • Subscription status (active, expired, cancelled)
  • Product IDs (which subscription tier was purchased)
  • Transaction IDs from Apple or Google
  • Purchase timestamps and subscription periods
  • Renewal, upgrade, downgrade, or cancellation events

Privacy protections:

  • RevenueCat does NOT collect payment card information (handled by Apple/Google)
  • RevenueCat uses secure APIs to verify purchase receipts
  • No sensitive financial information is exposed
  • User identifiers are app-specific and cannot be used for cross-app tracking

Purpose of processing:

  • Verifying subscription purchases with Apple and Google
  • Managing subscription status and access control
  • Handling subscription renewals and changes
  • Providing accurate subscription analytics for business operations
  • Fraud prevention

Data location: RevenueCat servers in United States (GDPR-compliant with Standard Contractual Clauses)

Privacy policy: https://www.revenuecat.com/privacy/

Legal basis (GDPR): Performance of contract, legitimate interests (fraud prevention)

Paddle (web-based payment processing)

Purpose: Processing payments and managing subscriptions for purchases made through our website

Data shared with Paddle:

  • Your name, email address, and billing address
  • Payment card information (collected and stored by Paddle, NOT by us)
  • Transaction details (product, price, currency)
  • IP address and geolocation (for tax compliance and fraud prevention)
  • Device and browser information

Paddle's role:

  • Paddle acts as the "merchant of record" for web-based purchases
  • Paddle handles all payment processing, tax calculation, and compliance
  • Paddle is PCI-DSS Level 1 compliant for payment security

What we receive from Paddle:

  • Transaction confirmation and subscription status
  • Customer email and name for account association
  • Subscription events (renewal, cancellation, upgrade)
  • We do NOT receive full payment card details

Data location: Paddle processes and stores data globally according to their infrastructure

Privacy policy: https://www.paddle.com/legal/privacy

Legal basis (GDPR): Performance of contract, legal obligation (tax compliance)

Important note: In June 2025, Paddle settled with the U.S. Federal Trade Commission regarding payment processing practices. Paddle has implemented enhanced safeguards and monitoring. We continue to use Paddle as they meet industry payment security standards and have taken corrective measures.

2.3. Cloud infrastructure and hosting

Purpose: Hosting authentication services and (for MULTI DEVICE users with sync enabled) encrypted sync data storage

Service providers: Supabase, Amazon Web Services

Data stored:

  • Account authentication data (encrypted credentials)
  • Subscription status and device associations
  • Encrypted sync data (for MULTI DEVICE users with sync enabled - we cannot decrypt this data)
  • Application logs (with personal data removed)

Data location: Data is processed and stored globally

Legal basis (GDPR): Performance of contract, legitimate interests (service provision and security)

3. How we use your information

We use the information we collect only for legitimate purposes related to providing, improving, and securing our Services. We are committed to data minimization - we only collect and use data that is necessary.

3.1. Primary purposes (contractual necessity)

To provide and deliver the Services you request:

  • Authenticating your account and verifying your identity
  • Granting access to App features based on your subscription type
  • Managing your subscription status and renewals
  • Processing payments through third-party processors
  • Providing cross-device synchronization (for MULTI DEVICE users who enable sync)
  • Delivering customer support and responding to your inquiries
  • Enabling core App functionality and playback features

Legal basis (GDPR): Performance of contract

3.2. Product improvement and analytics (legitimate interests)

To improve and develop the Services:

  • Understanding how users interact with the App through anonymized analytics
  • Identifying and fixing bugs, crashes, and performance issues
  • Testing new features and improvements
  • Analyzing usage patterns to prioritize development (anonymized and aggregated data only)
  • Conducting research to improve user experience

Legal basis (GDPR): Legitimate interests (product development and improvement)

Your rights: You can object to processing based on legitimate interests (see Section 10)

3.3. Security and fraud prevention (legitimate interests and legal obligation)

To protect the Services and prevent misuse:

  • Detecting and preventing fraudulent transactions and subscription sharing
  • Identifying security threats and vulnerabilities
  • Preventing unauthorized access to accounts
  • Enforcing our Terms of Service and preventing abuse
  • Investigating suspected violations of our policies
  • Protecting against legal liability

Legal basis (GDPR): Legitimate interests (security and fraud prevention), legal obligation

3.4. Legal compliance (legal obligation)

To comply with legal and regulatory requirements:

  • Maintaining transaction records for tax and accounting purposes (7 years)
  • Responding to lawful requests from law enforcement or government authorities
  • Complying with court orders, subpoenas, or legal processes
  • Enforcing our legal rights and defending against legal claims
  • Complying with data protection laws (GDPR, CCPA, Hong Kong PDPO)
  • Maintaining copyright infringement records for DMCA compliance (3+ years)

Legal basis (GDPR): Legal obligation, legitimate interests (legal protection)

3.5. Communications (consent or legitimate interests)

To communicate with you:

  • Sending transactional emails (account confirmation, subscription receipts, password resets)
  • Sending important service updates and security notifications
  • Responding to your support requests and inquiries
  • Sending subscription renewal reminders
  • Notifying you of changes to Terms of Service or Privacy Policy

Marketing communications: We do NOT currently send marketing or promotional emails. If we introduce marketing communications in the future, we will obtain your explicit consent and provide easy opt-out mechanisms.

Legal basis (GDPR): Performance of contract (transactional emails), legitimate interests (service updates), consent (marketing, if introduced)

3.6. What we do NOT do with your data

We explicitly do NOT use your data for:

  • ❌ Selling or renting to third parties
  • ❌ Targeted advertising or ad profiling
  • ❌ Behavioral tracking across websites or apps
  • ❌ Creating user profiles for marketing purposes
  • ❌ Sharing with data brokers or aggregators
  • ❌ Algorithmic decision-making that significantly affects you
  • ❌ Monitoring or analyzing what content you watch

4. How we share your information

We do not sell, rent, trade, or otherwise transfer your personal information to third parties for their own use. We share your information only in the limited circumstances described below.

4.1. Service providers (data processors)

We share information with carefully selected third-party service providers who process data on our behalf to provide essential services. These providers include:

  • Payment processors: Apple, Google, Paddle (see Sections 2.2 and 6)
  • Analytics and monitoring: TelemetryDeck, Sentry (see Section 2.1)
  • Subscription management: RevenueCat (see Section 2.2)
  • Cloud infrastructure: Supabase, Amazon Web Services (see Section 2.3)

Contractual protections:

  • All service providers are bound by written Data Processing Agreements (DPAs)
  • Service providers are permitted to process data ONLY as instructed by us
  • Service providers must implement appropriate security measures
  • Service providers must assist with data subject rights requests
  • Standard Contractual Clauses are in place for international transfers

4.2. Payment processors (independent data controllers)

When you purchase a subscription, your payment information is processed by:

Apple Inc. (for iOS App Store purchases):

  • Apple Privacy Policy: https://www.apple.com/legal/privacy/
  • Apple acts as an independent data controller for payment processing
  • We receive only confirmation of successful transactions and subscription status
  • We do NOT receive your payment card information

Google LLC (for Google Play Store purchases):

  • Google Privacy Policy: https://policies.google.com/privacy
  • Google acts as an independent data controller for payment processing
  • We receive only confirmation of successful transactions and subscription status
  • We do NOT receive your payment card information

Paddle.com Market Limited (for web-based purchases):

  • Paddle Privacy Policy: https://www.paddle.com/legal/privacy
  • Paddle acts as the merchant of record and processes payments independently
  • We receive transaction confirmation, customer email, and subscription status
  • We do NOT receive full payment card details

4.3. Legal obligations and protection of rights

We may disclose your information when required by law or to protect our rights:

Legal requirements:

  • In response to valid legal process (subpoenas, court orders, search warrants)
  • To comply with applicable laws, regulations, or legal obligations
  • To respond to lawful requests from government authorities or law enforcement
  • To comply with national security or other government requests

Protection of rights:

  • To enforce our Terms of Service or other agreements
  • To detect, prevent, or address fraud, security, or technical issues
  • To protect the rights, property, or safety of Alibi Group Limited, our users, or the public
  • To defend against legal claims or investigations
  • In connection with copyright infringement claims (DMCA notices)

Transparency: We will notify affected users of legal requests unless prohibited by law or court order. We publish transparency reports about government requests when permitted.

Legal basis (GDPR): Legal obligation, legitimate interests (legal protection)

4.4. Business transfers

If Alibi Group Limited is involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale, or similar transaction, your information may be transferred as part of that transaction.

Your rights:

  • We will notify affected users via email and/or prominent notice in the App
  • You will have the opportunity to delete your account before the transfer
  • The acquiring entity will be bound to honor this Privacy Policy (or provide notice of changes)
  • Your data will continue to be protected according to this policy or a successor policy

Legal basis (GDPR): Legitimate interests (business operations)

4.5. Aggregated and anonymized data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

  • Industry research and analysis
  • Public statistics about App usage
  • Benchmarking and performance comparisons
  • Academic research partnerships

This data does not constitute personal information and is not subject to this Privacy Policy.

4.6. With your consent

We may share your information with third parties when you provide explicit consent for specific purposes. You can withdraw consent at any time by contacting privacy@alibi.video.

5. International data transfers

Your data may be transferred internationally:

Alibi Group Limited is based in Hong Kong. When you use our Services, your personal data may be transferred to and processed in countries outside your location, including:

  • Hong Kong (where our company is based)
  • United States (service providers: Sentry, RevenueCat, AWS)
  • Netherlands (service provider: TelemetryDeck)
  • Other countries where our service providers operate

Safeguards for EU/EEA users:

If you're in the EU/EEA, we protect your data during international transfers using:

  • Standard Contractual Clauses (SCCs): European Commission-approved contracts with our service providers
  • Adequacy decisions: Where available (e.g., data transfers to countries the EU recognizes as having adequate protection)

Your rights:

  • Request copies of transfer safeguards: privacy@alibi.video
  • Object to transfers without adequate safeguards

Legal basis (GDPR): Appropriate safeguards (Standard Contractual Clauses)

6. Payment information and processing

We are committed to protecting your financial information. We do not directly process, store, or have access to your full payment card details.

6.1. How payment processing works

Apple App Store purchases (iOS):

  • All payment processing is handled exclusively by Apple Inc.
  • You enter payment information directly into Apple's secure payment system
  • Apple processes the payment and confirms the purchase to us
  • We receive only: transaction ID, subscription status, and purchase timestamp
  • Apple's privacy policy governs payment data handling

Google Play Store purchases (Android):

  • All payment processing is handled exclusively by Google LLC
  • You enter payment information directly into Google's secure payment system
  • Google processes the payment and confirms the purchase to us
  • We receive only: transaction ID, subscription status, and purchase timestamp
  • Google's privacy policy governs payment data handling

Paddle purchases (web):

  • Paddle acts as the merchant of record and payment processor
  • You enter payment information directly into Paddle's PCI-DSS Level 1 compliant payment system
  • Paddle processes the payment and confirms the purchase to us
  • We receive: customer name, email, transaction ID, and subscription status
  • We do NOT receive: full credit card numbers, CVV codes, or other sensitive payment details
  • Paddle's privacy policy governs payment data handling

6.2. What we receive from payment processors

For all purchase platforms, we receive only:

  • ✅ Transaction confirmation (successful purchase)
  • ✅ Transaction reference number/ID
  • ✅ Subscription type and duration
  • ✅ Purchase timestamp
  • ✅ Subscription status changes (renewal, cancellation, expiration)
  • ✅ Customer email (for account association)

We do NOT receive:

  • ❌ Credit card numbers
  • ❌ CVV codes
  • ❌ Banking information
  • ❌ Billing addresses (except from Paddle for tax purposes)
  • ❌ Any other sensitive financial information

6.3. Transaction records for legal compliance

We retain transaction records for tax and accounting compliance:

  • Transaction IDs and timestamps
  • Subscription type and pricing
  • Purchase platform
  • Customer email and name

Retention period: 7 years (as required by tax and accounting regulations)

Purpose: Legal compliance with tax laws, financial auditing, and fraud prevention

Legal basis (GDPR): Legal obligation

7. Cookies and tracking technologies

We use minimal cookies and tracking technologies, and we do NOT use advertising cookies or cross-site tracking.

7.1. What are cookies?

Cookies are small text files stored on your device by websites or apps you visit. They are widely used to make websites and apps work efficiently and provide information to site owners.

7.2. Types of cookies we use

Essential cookies (strictly necessary)

These cookies are essential for the Services to function and cannot be disabled:

Authentication cookies:

  • Purpose: Maintain your login session
  • Duration: Session (deleted when you close the app) or "Remember me" (30 days)
  • Information: Session token, user ID

Subscription verification:

  • Purpose: Verify your active subscription status
  • Duration: Session
  • Information: Subscription status, expiration date

Security cookies:

  • Purpose: Protect against fraud, CSRF attacks, and unauthorized access
  • Duration: Session
  • Information: Security tokens, anti-CSRF tokens

Legal basis (GDPR): Strictly necessary (no consent required under GDPR)

Analytics cookies (anonymized)

We use privacy-friendly analytics through TelemetryDeck:

Purpose: Understand App usage, performance, and crashes to improve quality Information collected: Anonymized usage metrics (see Section 2.1 for details) Duration: Session Opt-out: You can disable analytics in App Settings → Privacy → Analytics

Legal basis (GDPR): Legitimate interests (product improvement with anonymized data)

7.3. What we do NOT use

We explicitly do NOT use:

  • ❌ Advertising cookies or trackers
  • ❌ Cross-site tracking cookies
  • ❌ Third-party marketing cookies
  • ❌ Behavioral profiling cookies
  • ❌ Social media tracking pixels (Facebook Pixel, etc.)
  • ❌ Retargeting or remarketing cookies

7.4. Managing cookies and tracking

Web browser cookies: Most web browsers allow you to control cookies through settings:

  • Block all cookies
  • Block third-party cookies only
  • Delete cookies after closing browser
  • Receive notifications before cookies are set

Note: Blocking essential cookies will prevent you from using the Services.

Mobile app tracking:

iOS (Apple):

  • Settings → Privacy & Security → Tracking → [Toggle off "Allow Apps to Request to Track"]
  • Settings → Privacy & Security → Analytics & Improvements → [Disable analytics sharing]

Android:

  • Settings → Privacy → Ads → [Enable "Opt out of Ads Personalization"]
  • Note: We do not use advertising or tracking, so these settings primarily affect other apps

App-specific settings:

  • Alibi Video Player Settings → Privacy → Analytics → [Toggle off to disable TelemetryDeck]

7.5. Do Not Track (DNT) signals

Some browsers have "Do Not Track" (DNT) features. We respect DNT signals:

  • If your browser sends a DNT signal, we will not enable optional analytics
  • Essential cookies required for App functionality will still be used
  • We do not use advertising or tracking cookies regardless of DNT settings

8. Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

8.1. Account and subscription data

Active accounts:

  • Retained for the duration of your active subscription plus 30 days
  • Purpose: Providing ongoing service, managing subscriptions, customer support

Expired accounts:

  • Retained for 90 days after subscription expiration
  • Purpose: Allowing reactivation, handling support inquiries
  • Automatically deleted after 90 days unless you renew or legal obligations require retention

Deleted accounts:

  • Most data deleted within 30 days of account deletion request
  • Some data retained longer for legal compliance (see below)

8.2. Encrypted sync data (MULTI DEVICE users)

Active sync:

  • Retained while subscription is active and sync is enabled
  • Purpose: Providing cross-device synchronization functionality

After subscription expires or sync disabled:

  • Deleted within 30 days
  • You can manually delete sync data anytime via App Settings → Sync → Clear Sync Data

After account deletion:

  • Encrypted sync data deleted immediately (within 24 hours)
  • We cannot recover deleted sync data

8.3. Transaction and financial records

Retention period: 7 years from transaction date

What is retained:

  • Transaction IDs and timestamps
  • Subscription type and pricing
  • Purchase platform
  • Invoice and receipt information
  • Customer name and email

Purpose:

  • Legal compliance with tax and accounting regulations
  • Financial auditing requirements
  • Fraud investigation and prevention

Legal basis (GDPR): Legal obligation (tax law compliance)

Important: Transaction records are retained even after account deletion to comply with legal requirements.

8.4. Copyright infringement records

Retention period: 3-7 years from date of notice

What is retained:

  • DMCA notices and counter-notices
  • User account information associated with notices
  • Dates of infringement allegations
  • Actions taken (warnings, suspensions, terminations)

Purpose:

  • Maintaining repeat infringer policy
  • Legal compliance with DMCA safe harbor requirements
  • Defending against copyright infringement claims

Legal basis (GDPR): Legal obligation, legitimate interests (legal protection)

8.5. Support communications

Retention period: 2 years from last communication

What is retained:

  • Email correspondence
  • Support ticket content
  • Diagnostic information you provided

Purpose:

  • Providing consistent customer support
  • Tracking recurring issues
  • Training support staff

Deletion: Automatically deleted after 2 years unless there is an ongoing legal matter

8.6. Anonymized analytics data

Retention period: Indefinite

What is retained:

  • Aggregated and anonymized usage statistics
  • Performance metrics and crash reports (anonymized)

Why indefinite retention:

  • This data cannot be linked back to individual users
  • No privacy risk as data is truly anonymized
  • Valuable for long-term product development and research

Legal basis (GDPR): Not personal data (anonymized and cannot be re-identified)

9. Data security

We implement security measures to protect your personal information from unauthorized access, loss, or misuse, including encryption and access controls.

Important: No security system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your responsibility: Use strong passwords, keep your devices secure, and report suspected unauthorized access to privacy@alibi.video immediately.

10. Your privacy rights

Depending on where you live, you have rights regarding your personal data. This section explains your rights and how to exercise them.

10.1. Rights by jurisdiction

If you're in the EU/EEA/UK (GDPR):

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Delete your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Data portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent where processing is based on consent
  • Lodge complaint: File a complaint with your data protection authority

If you're in California (CCPA/CPRA):

  • Know: Request disclosure of personal information collected, used, or sold
  • Delete: Request deletion of your personal information
  • Correct: Request correction of inaccurate personal information
  • Opt-out: Opt out of sale/sharing of personal information (we don't sell/share data)
  • Non-discrimination: Exercise rights without discriminatory treatment

If you're in Hong Kong (PDPO):

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Object: Object to use for direct marketing (we don't do direct marketing)

Other jurisdictions: You may have similar rights under local laws. Contact us to inquire.

10.2. How to exercise your rights

Contact methods:

Email: privacy@alibi.video
Subject line: Specify your request (e.g., "Data Access Request", "Deletion Request", "CCPA Request")
Include: Your account email address and description of your request

Self-service options:

  • Delete account: App Settings → Account → Delete Account

Response timeframes:

  • GDPR requests (EU/EEA/UK): 30 days (extendable to 60 days for complex requests)
  • CCPA requests (California): 45 days (extendable to 90 days)
  • Hong Kong PDPO requests: 40 days

Verification: We must verify your identity before processing requests. We may ask you to confirm your email address or provide information matching our records.

No fees: Rights requests are free of charge unless requests are excessive or repetitive.

10.3. Supervisory authorities

If you're not satisfied with our response, you can lodge a complaint with your data protection authority:

EU/EEA: Find your authority at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html

UK: Information Commissioner's Office (ICO) - https://ico.org.uk

Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD) - http://www.pcpd.org.hk

California: California Privacy Protection Agency - https://cppa.ca.gov

11. California-specific disclosures (CCPA/CPRA)

This section provides additional information required for California residents.

11.1. Categories of personal information collected

In the past 12 months, we have collected:

  • Identifiers: Name, email, device IDs, account identifiers
  • Commercial information: Subscription history, purchase records
  • Internet activity: App usage data (anonymized), crash reports
  • Geolocation data: General region only (from app stores)
  • Financial information: Transaction IDs (not full payment details - processed by Apple/Google/Paddle)

11.2. Sources of personal information

  • Directly from you (account creation, support requests)
  • Automatically from devices (device information, anonymized app usage)
  • From third parties (payment processors, app stores)

11.3. Business purposes

We collect personal information for:

  • Providing and maintaining Services
  • Processing subscriptions and payments
  • Customer support
  • Security and fraud prevention
  • Legal compliance
  • Improving Services through anonymized analytics

11.4. Third parties we share with

  • Service providers (analytics, error monitoring, subscription management, cloud hosting)
  • Payment processors (Apple, Google, Paddle)
  • Legal/regulatory entities (when required by law)

11.5. Sale or sharing of personal information

We do NOT sell or share your personal information as defined by CCPA/CPRA.

  • We have NOT sold personal information in the past 12 months
  • We have NOT shared personal information for cross-context behavioral advertising
  • We do NOT have actual knowledge of selling or sharing personal information of minors under 16

11.6. Retention periods

  • Account data: Duration of subscription + 30-90 days
  • Transaction records: 7 years (legal requirement)
  • Support communications: 2 years
  • Copyright records: 3-7 years (legal requirement)

See Section 8 for complete details.

11.7. Sensitive personal information

We do NOT collect or process sensitive personal information as defined by CPRA, except passwords (used solely for authentication and stored in hashed/encrypted form).

12. Do not sell or share my personal information

WE DO NOT SELL OR SHARE YOUR PERSONAL INFORMATION.

What this means:

  • We do not sell your data to data brokers or advertisers
  • We do not share your data for cross-context behavioral advertising
  • We do not rent or trade your personal information
  • We do not monetize your data beyond our subscription business model

Our business model: We make money from subscriptions to our media player app, NOT from selling user data.

If this changes: We will update this Privacy Policy with at least 30 days' notice, provide a "Do Not Sell or Share My Personal Information" link, and obtain opt-in consent for users under 16.

13. Age requirements and use by minors

Subscription Purchase:

You must be at least the age of majority in your jurisdiction to purchase a subscription to Alibi Video Player, as subscriptions constitute legally binding contracts.

Use by Minors:

Minors (persons under the age of majority) may use the App under the supervision and permission of a parent or legal guardian who holds an active subscription. The account holder is solely responsible for:

  • Monitoring and controlling what content minors access through the App
  • All activity on linked devices (for MULTI DEVICE subscriptions)
  • Ensuring appropriate parental supervision and controls

Data Collection from Minors:

When a minor uses the App under a parent or guardian's subscription:

  • We collect the same data as for adult users (see Section 1)
  • The account holder's account details are associated with all linked devices
  • The parent/guardian has full control over data through their account settings
  • Parents/guardians can exercise all privacy rights (access, deletion, etc.) on behalf of minors using their subscription

Parental Responsibility:

If you allow a minor to use the App through your subscription, you acknowledge that:

  • You are responsible for implementing appropriate parental controls
  • Alibi Video Player is a media player that can access any content supplied by the user
  • We have no visibility into or control over what content is accessed
  • You are solely responsible for monitoring what content minors access

If you are under the age of majority: You may only use this App with the permission and supervision of your parent or legal guardian who holds the subscription. Do not create an account or provide personal information without their explicit consent.

14. Changes to this privacy policy

We may update this Privacy Policy. Material changes will be notified via email or in-app notice. Check the "Last Updated" date above. Continued use means acceptance of changes.

Data controller information

For purposes of applicable data protection laws, including the European Economic Area General Data Protection Regulation ("GDPR"), the data controller is:

Alibi Group Limited
2301, Bayfield Building
99 Hennessy Road
Wanchai, Hong Kong

Data Protection Contact:
Email: privacy@alibi.video
Website: https://alibi.video/support

© 2025 Alibi Group Limited. All rights reserved.

This Privacy Policy is effective as of the date stated above and applies to all users of Alibi Video Player Services.