Privacy Policy

Viewlix Privacy Policy

Last updated: May 2026. This policy explains what we collect, why, who we share it with, and your rights under UK GDPR.

1. Who we are

Viewlix is an IPTV middleware service operating in the United Kingdom. We are the data controller for the personal information you provide. Contact us via WhatsApp for any privacy questions.

2. What we collect

We collect only the minimum information required to deliver the service: (a) the name you provide at checkout or trial signup, (b) your WhatsApp number for credential delivery and support, (c) the email address if you provide one (optional — most customers do not), (d) the payment method metadata returned by Stripe or PayPal (we never see card numbers — Stripe handles that), (e) the FireStick model or device type you tell us you use, and (f) standard server logs (IP address, user-agent, request URL, timestamp) for security and abuse-prevention.

3. Why we collect it

Names are used for personalised WhatsApp greetings. WhatsApp numbers are the delivery channel for your Xtream Codes credentials and ongoing support. Email is only kept if you specifically request invoices or receipts by email. Stripe/PayPal metadata is required for refund processing and payment dispute defence. Device type lets our support team send you the right Downloader install code (Smarters Pro for FireStick has a different APK to Smarters Pro for Android phones). Server logs are kept 30 days and used only for security incident investigation.

4. Who we share it with

We share data with: (a) Stripe and PayPal — payment processors required to take card payment, (b) Hostinger — our hosting provider, who sees server logs, (c) WhatsApp/Meta — because messages are delivered over their platform, (d) law enforcement only when legally compelled by a UK court order. We do not sell or share data with advertisers, marketing networks, or data brokers. We do not run cross-site tracking pixels.

5. Cookies

Our site uses essential cookies only — for the shopping cart, language preference, and session continuity. We do not run third-party advertising cookies. Where Google Analytics 4 is enabled, IP anonymisation is on by default and the data is aggregated for traffic-source reporting only. You can disable GA4 via your browser settings or an ad-blocker without breaking the site.

6. Data retention

Customer records (name + WhatsApp + payment ID) are retained for 7 years from the date of last purchase, as required by UK tax law (HMRC). After 7 years they are anonymised. WhatsApp message history is retained for 18 months for support continuity and then permanently deleted. Server logs are 30 days. Trial signups that never convert are deleted at the 90-day mark.

7. Your rights under UK GDPR

You have the right to: (a) access your data — WhatsApp us and we will send you everything we hold within 14 days, (b) correct your data, (c) request erasure ("right to be forgotten") — note we cannot erase HMRC-mandated tax records under 7 years old, (d) object to processing, (e) data portability — we can export your records in JSON if needed, (f) complain to the ICO (Information Commissioner's Office, ico.org.uk).

8. Children

The service is for adults aged 18 or over. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with data, contact us via WhatsApp and we will delete it within 7 days.

9. Security

All web traffic is encrypted via TLS 1.3 (HTTPS). Customer records are stored on Hostinger servers in the EU. Database access is restricted to two named administrators with 2FA. Stripe and PayPal handle payment data on their own PCI-DSS Level 1 infrastructure — we never see or store card numbers.

10. Changes to this policy

We update this policy when our practices change. Material changes are notified via WhatsApp to all active customers at least 14 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

11. Contact

WhatsApp the number published on /contact/ for any data-protection question. For formal subject-access requests under UK GDPR, include "GDPR SAR" in your first message and we will route to the appropriate person.

FireStick-specific privacy notes

Several aspects of Viewlix's data handling apply most directly to FireStick households and deserve a clear explanation:

What your FireStick sends to Viewlix

When Smarters Pro (or TiviMate, or any IPTV player) on your FireStick connects to our Xtream Codes API, our servers see: your subscription username and password (so we can authenticate you), your IP address (so we can route the stream to you), the channel ID you are watching (so we can serve the right stream), and the player User-Agent string (so we can detect compatibility issues). We do not see: your name, your home address, the room your FireStick is in, what else is on your home network, your Amazon account, your Prime Video viewing history, your Alexa interactions, or any other Fire TV usage data. Amazon does not share that information with us and we have no API to request it.

Why we keep your WhatsApp number

WhatsApp is our only support channel. We keep your WhatsApp number for as long as you have an active subscription plus 18 months after your last activity, so that if you return to us we can reconnect to the existing support thread rather than start over. After 18 months of inactivity we delete the number permanently. You can request deletion at any time before the 18-month window expires by WhatsApp-ing us with the phrase "delete my data" — the only HMRC-mandated record we cannot delete sooner is the payment-transaction record itself, which we hold for 7 years as required by UK tax law.

IP-address logging on Fire OS

Every Fire TV Stick connecting to Viewlix shows up in our access logs as a single IP address (the public IP of your home internet connection, typically assigned by BT, Sky, Virgin, TalkTalk, EE or Hyperoptic). We keep these logs for 30 days for security and abuse-prevention purposes — specifically to detect credential sharing, fraudulent subscriptions, or denial-of-service attempts. After 30 days the logs are deleted. We do not match IP addresses to physical addresses, we do not share IP data with marketers, and we do not respond to civil-litigation subpoenas without a UK court order.

Children and FireStick parental controls

Fire TV Stick supports parental controls within Fire OS itself (Settings → Preferences → Parental Controls). Viewlix's adult content categories are opt-out by default — they do not appear in your channel list unless you specifically request them via WhatsApp and confirm you are 18 or older. We strongly recommend enabling the FireStick's own parental-control PIN if children share your living-room TV. If you believe a child has provided us with personal data, contact us via WhatsApp and we will delete it within 7 days.