Legal
Privacy Policy
Last updated: 20.06.2026
This Privacy Policy explains how your personal data is collected, processed and protected when you use the Mi Player application. It has been prepared in accordance with the Turkish Personal Data Protection Law No. 6698 (KVKK) and the European Union General Data Protection Regulation (GDPR).
1. Data Controller
- Data controller: Hüsnü Darıcı
- Contact / requests: info@mi-player.com
2. Data We Collect
Mi Player only collects the data required to provide the service:
- Account: email address, display name (optional). Your password is stored encrypted (hashed); we never see or store your plaintext password.
- Content source: the M3U URL or Xtream Codes credentials you add (server, username, panel password). These belong to your own IPTV subscription; only your account can access them (row-level security / RLS).
- Usage: your favorites, watch history, playback progress and app preferences (theme, language, density).
- Subscription: your subscription status and billing email, processed through our payment provider. Your card details are never stored on our servers.
Mi Player does not collect data such as advertising IDs, location, contacts or camera/microphone. It does not use third-party analytics or ad trackers.
3. Purpose of Processing and Legal Basis
We process your data only for the following purposes:
- Creating your account and managing your session
- Fetching and playing channel/movie/series lists from the source you add
- Storing your favorites, history and preferences across devices
- Managing your subscription and payment
Legal basis: performance of the contract (provision of the service) and, where required, your explicit consent (KVKK art. 5; GDPR art. 6/1-b and 6/1-a).
4. Storage and Security
- Your data is stored with our infrastructure provider Supabase (PostgreSQL).
- Row-level security (RLS) is enabled on all tables: each user can only access their own data; no other user can see yours.
- Communication is encrypted (HTTPS/TLS); your account password is hashed.
- Your IPTV panel password is technically required to play streams directly from the panel and reaches your device; it is tied only to your account.
- Payments are collected by a third-party payment provider that processes card data in a PCI-DSS compliant manner.
5. Third Parties
- Supabase: database, authentication and email delivery infrastructure.
- Payment provider (Merchant of Record): handles subscription collection, invoicing and tax obligations; its own privacy policy applies.
- IPTV providers you add: channel/movie content comes from the third-party sources you add. Mi Player does not provide, host or moderate this content; the provider's own privacy policy applies to those connections.
- We do not sell your data and do not share it with third parties for marketing purposes.
7. Your Rights (KVKK art. 11 / GDPR)
- Access your data and request a copy
- Rectification (incorrect/incomplete data)
- Erasure — you can delete your account and all your data yourself via Settings → Account → Permanently delete account; this action cannot be undone.
- Object to processing and data portability
You can send your requests to info@mi-player.com.
8. Retention Period
Your data is retained as long as your account is active. When you delete your account, all associated data is permanently deleted (via cascade).
9. Children's Privacy
Mi Player is not designed for people under 18 and does not knowingly collect data from anyone under this age.
10. Changes
We may update this policy from time to time. For significant changes we will notify you in the app or by email.
11. Contact
For privacy-related questions and requests: info@mi-player.com
For questions and requests about this document, feel free to write to us.
info@mi-player.com