Start Free Trial

Privacy Policy

Plain-English notes on what data we collect, why we hold it, and the rights you have over it.

Effective date: May 16, 2026

Xcodes IPTV ("we", "us", "our") runs the website at xcodesiptv.cam and the IPTV subscription service sold through it. This policy explains what we collect when you sign up or browse, what we do with it, and the choices you've got. We've kept it short on legalese and long on specifics — if anything's unclear, just ping us.

1. Who We Are

Xcodes is a small IPTV subscription operator. We don't have a marketing team, a call centre, or a data broker pipeline. For anything privacy-related, head to our contact page and we'll respond within two business days.

2. Information We Collect

What you give us directly

  • Email address — needed to set up your account and send the login credentials. No email means no service.
  • Payment details — handled entirely by Stripe, PayPal, or a crypto processor. We see the last four card digits and a transaction ID. We don't see (and can't store) your full card number.
  • Name — optional. Only asked for when you write to support, and only so we can address you properly.
  • Support messages — whatever you send via email, WhatsApp, or the contact form, plus our replies, kept so we've got history if you write back later.

What's collected automatically

  • IP address — used briefly to detect fraud and to show the right pricing tier for your country. We don't keep it in long-term logs.
  • Device and browser type — picked up by cookies so we can serve the right page version (mobile vs desktop, for example).
  • Pages viewed and time on site — collected through privacy-respecting analytics if you've consented. The site loads a small script (dashboard-client.js) that handles consent state and posts anonymised page events to our dashboard.

3. How We Use Your Information

  • Set up and run your IPTV subscription.
  • Send login details, renewal reminders, and important service notices.
  • Process payments and prevent fraud.
  • Reply to your support questions.
  • Improve the site based on which pages help people and which don't.
  • Meet our legal and tax obligations.

We do not sell your personal information. We don't rent it out, swap it, or share it with advertising networks. There's no automated profiling that produces legal effects.

4. Legal Basis for Processing (GDPR)

If you're in the EU, UK, or EEA, here's why we're allowed to process your data:

  • Contract — we need your email and payment info to deliver the subscription you paid for.
  • Legitimate interests — fraud checks and basic site improvements.
  • Consent — analytics and marketing cookies fire only after you tap "Accept" on the banner. You can withdraw it any time from the same banner.
  • Legal obligation — tax records and law-enforcement requests where we've no choice.

5. Cookies and Tracking

The site uses three small groups of cookies. Strictly necessary ones keep your session alive and remember your consent choice — those run by default because the site can't function without them. Analytics cookies (page views, time on page) only fire if you've accepted them. Marketing cookies are off by default and stay off unless you flip them on. You can change your preferences any time via the small "Cookies" link in the footer.

6. Third Parties We Share Data With

We only pass data to providers who help us actually run the service:

  • Payment processors — Stripe, PayPal, and our crypto gateway. They handle the card or wallet details directly under their own privacy notices.
  • Analytics — privacy-respecting page analytics that get anonymised, aggregated stats. No raw IP is shared.
  • Hosting and email — Vercel hosts the site; a transactional email provider delivers your login email. Both are bound by data processing agreements.
  • Law enforcement — only when we get a valid legal order. We'll push back on overbroad requests.

7. International Data Transfers

Our hosting and email infrastructure runs on servers in the US and the EU. If you're outside those regions, your data may be transferred there. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for any EU-to-US transfers, and we pick providers who've committed to GDPR-grade safeguards.

8. Data Retention

Your email stays on file as long as your subscription is active, plus 90 days after the last renewal lapses. After that we delete it, unless you've asked us to remove it earlier — in which case we'll act within 30 days. Payment records have to be kept for seven years under tax law in most jurisdictions, so those sit in a locked archive that's not used for anything else.

9. Your Rights Under GDPR

If you're in the EU, UK, or EEA, you've got the right to:

  • Access — ask for a copy of everything we hold on you.
  • Rectification — get inaccurate details corrected.
  • Erasure — have your data wiped ("right to be forgotten").
  • Restriction — pause our processing while we work something out.
  • Portability — get a machine-readable export to take elsewhere.
  • Objection — push back on any processing we're doing under "legitimate interests".
  • Withdraw consent — for cookies or marketing, instantly, no questions asked.

To exercise any of these, drop a line via our contact page. We respond within 30 days, usually faster. You've also got the right to complain to your local data protection authority if you're not happy with our reply.

10. Your Rights Under CCPA (California Residents)

If you live in California, the CCPA gives you the right to:

  • Know what categories of personal information we collect and why.
  • Request deletion of your personal information.
  • Opt out of the sale of your personal information — though we don't sell it, period.
  • Not be treated differently for exercising any of these rights.

File a CCPA request through our contact page. We verify it's really you (usually by confirming the email tied to your subscription) and then act within 45 days.

11. Children's Privacy

This service isn't for children. We don't knowingly collect data from anyone under 16, and we won't sell a subscription to a minor. If you're a parent and you reckon your child's signed up without permission, write in and we'll delete the account and refund the latest payment.

12. Security

Every page is served over HTTPS. Payment details never touch our servers — they go directly to the processor's tokenised vault. Access to subscriber records is limited to the two operators who handle support, both with unique logins and two-factor auth. We've not had a data breach, and if we ever do, we'll notify affected users within 72 hours as the law requires.

13. Changes to This Policy

If we change something material, we'll update the "Effective date" at the top and email active subscribers a summary of what shifted. Small wording tweaks won't trigger a notification, but the latest version is always on this page. Worth bookmarking if you care.

14. Contact

Questions, requests, or a complaint? Our contact page is the fastest route. We answer within 48 hours on weekdays, and we don't bounce you around — the person who reads your message is the person who replies.