Privacy Policy

This Privacy Policy describes how Ultiplay LLC handles information in connection with the Ultiplay desktop application and the ultiplay.net website (together, the "Services").

1. Summary

We designed Ultiplay to be local-first. The Software does not require an account, does not transmit your media library, does not collect analytics or telemetry from inside the desktop app, and does not sell personal information. The only routine network requests the desktop application makes are:

1. Update checks to our public S3 release manifest.
2. License key validation (Gold tier only).
3. Support-bundle uploads that you trigger from inside the app (e.g., "Send Bug Report").
4. User-initiated requests to third-party media services (e.g., a URL you paste into the player; YouTube downloads via yt-dlp).

2. Information we collect

2.1 Information you provide directly

• License key (Gold tier): the key you enter to activate Gold features. Validated against our license server; the key and your activation-request metadata are processed for validation, fraud prevention, and device-limit enforcement.
• Purchase information (Gold tier): name, email, billing details, and transaction ID, collected by our payment processor, Stripe, Inc. Payment-card numbers are handled directly by Stripe under their PCI-DSS-compliant systems; Ultiplay does not store full card numbers, expiration dates, or CVCs on our systems.
• Support correspondence: any information you send when you contact us by email or via the in-app "Send Bug Report" workflow, including your name, email address, message contents, and any attachments you choose to include.
• Support bundles (only when you explicitly trigger them): a zip archive containing log files, the app's settings JSON, basic system information (OS version, screen layout, GPU, installed VLC/FFmpeg versions), and — only if you opt in at the bundle dialog — a screenshot of the current app window. Support bundles are uploaded to our private S3 bucket and routed by AWS Lambda to our triage inbox.

2.2 Information collected automatically

• Update-check requests: when the Software checks for updates, your device sends a standard HTTPS request to our S3 endpoint. The request includes information your network and Amazon's servers normally log (IP address, request timestamp, User-Agent). Ultiplay does not associate update-check IP addresses with individual users.
• License activation requests (Gold tier): when validating a license key, the request includes the license key, a non-reversible per-device installation identifier used to enforce the device limit, the application version, your operating system, and your IP address.

2.3 Information NOT collected

• We do not collect or transmit the names, file paths, contents, thumbnails, or metadata of media files you load, play, record, or screenshot in the Software.
• We do not transmit your viewing history, playback position, layout configurations, or recording outputs.
• We do not include any third-party analytics, advertising, telemetry, tracking-pixel, fingerprinting, or crash-reporting SDK inside the desktop application. The desktop app does not "phone home" outside the four documented requests in Section 1.
• We do not access your microphone, webcam, contacts, or address book.

2.4 Third-party services initiated by you

When you paste a URL or use a feature that fetches media from a third-party service (for example, YouTube, Twitch, or any site supported by the bundled yt-dlp library), your device communicates directly with that service. Those communications are governed by that service's own privacy policy, not ours. Ultiplay does not proxy, log, or intercept that traffic.

2.5 Website analytics (ultiplay.net only)

On the ultiplay.net website (not the desktop app) we use Vercel Web Analytics, a privacy-friendly, cookieless analytics service, to understand aggregate traffic — for example, how many people visit a page, which referral source or advertising campaign brought them, and roughly which country they are in. It does not set cookies, create a persistent identifier, build a profile of you, or track you across other websites, and we do not receive any data that identifies you individually.

To attribute a download or purchase to the advertisement that referred you, our own website code also briefly remembers the campaign parameters (e.g., utm_source, utm_campaign) from the address you arrived on, storing them in your browser's sessionStorage for the duration of your visit (cleared when you close the tab) and, if you proceed to checkout, passing them to Stripe so the sale can be credited to the right campaign. This is first-party and sets no cookie. See our Cookie Policy for more.

3. How we use information

We use the limited information we collect to:

• deliver, maintain, secure, and improve the Services;
• distribute updates and security patches;
• validate Gold licenses and enforce the device limit;
• process purchases and refunds;
• respond to your support requests and reproduce reported bugs;
• detect, prevent, and address fraud, abuse, or technical issues; and
• comply with legal obligations.

4. Legal basis (for users in jurisdictions that require one)

Where required (e.g., GDPR-covered jurisdictions), we process information on the basis of (a) performance of a contract (delivering the Software and Gold features you paid for), (b) legitimate interests (security, fraud prevention, license enforcement), (c) consent (optional screenshot in support bundles), and (d) legal obligations.

5. Sub-processors and sharing

We do not sell or rent personal information, and we do not engage in cross-context behavioral advertising. We share information only as follows:

Service providers ("sub-processors") that operate on our behalf under contractual confidentiality and security obligations:

• Legal requests when we believe in good faith that disclosure is required by law, subpoena, or court order, or is reasonably necessary to protect our or others' rights, property, or safety.
• Business transfers in connection with a merger, acquisition, financing, or sale of assets of Ultiplay LLC, subject to standard confidentiality protections and a notice to affected users.

6. Data retention

7. Security

We use industry-standard technical and organizational measures to protect information, including TLS for data in transit, least-privilege IAM policies on AWS, encryption at rest for S3 buckets and DynamoDB tables, and access controls on the support inbox. No system is perfectly secure. You are responsible for keeping your license key, computer, and account credentials confidential.

8. Your rights

Depending on your jurisdiction, you may have the right to:

• access, correct, or delete your personal information;
• object to or restrict certain processing;
• withdraw consent (where processing is based on consent);
• request portability of your information;
• lodge a complaint with a data-protection authority; and
• opt out of any "sale" or "sharing" of personal information (we do not engage in either, but you may still submit such a request).

To exercise these rights, contact us at privacy@ultiplay.net. We will respond within the timeframe required by applicable law (typically 45 days under CCPA / 30 days under GDPR).

9. California residents (CCPA / CPRA notice)

In the prior twelve (12) months, we have collected the following categories of personal information described in this Policy:

• Identifiers — license key, IP address, email, per-device installation hash.
• Commercial information — purchase history, refund history.
• Internet or network activity — update-check logs and license-validation logs.

We have not sold or shared personal information for cross-context behavioral advertising, and we do not have actual knowledge of selling or sharing the personal information of consumers under 16. California residents may exercise CCPA / CPRA rights by emailing privacy@ultiplay.net.

10. European / UK residents (GDPR / UK GDPR notice)

If you are in the EEA, UK, or Switzerland, the data controller is Ultiplay LLC, 481 W. Prentice Ave #111, Littleton, CO 80120, USA. International transfers (e.g., to AWS, Stripe, or Zoho in the United States) are conducted under appropriate safeguards such as the EU Standard Contractual Clauses, with the receiving sub-processor's own Data Processing Addendum. You may contact us at privacy@ultiplay.net or lodge a complaint with your local supervisory authority. Ultiplay LLC does not currently maintain an EU/UK representative under Art. 27 GDPR; if our processing of EU/UK residents' data crosses the volume thresholds requiring one, we will appoint a representative and update this notice.

11. Children's privacy

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, contact privacy@ultiplay.net and we will delete it. If you are in the EEA/UK and under the age of digital consent in your country (16 in some Member States), do not use the Services without parental / guardian consent.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be highlighted at ultiplay.net/privacy and noted in the "Effective" date at the top of this page, with an entry in the Document History on the legal index. Your continued use of the Services after a change indicates acceptance.

13. Contact

Privacy questions: privacy@ultiplay.net