Privacy Policy
Last updated: · Effective:
Google Play and the Google Play logo are trademarks of Google LLC. All rights reserved.
The media library shown in screenshots is entirely fictitious and used for illustrative purposes only. All images, brand names, posters, and trademarks displayed are the property of their respective rights holders and are not associated with, endorsed by, or affiliated with JellyWatch.
To request the removal of any data associated with your account, please submit a Data Deletion Request.
Information We Collect #
Local Data: JellyWatch stores all your server configurations, preferences, and session data locally on your device. We do not collect, transmit, or store your personal information in our servers without your explicit consent.
Server Connections: Your Jellyfin server connection details (URLs, authentication tokens) are encrypted and securely stored on your device using Android's secure storage mechanisms.
Usage Analytics (Firebase Analytics): By default, JellyWatch uses Firebase Analytics to collect anonymous usage statistics including:
- Screen views and navigation patterns
- Feature usage and user interactions
- Device type, OS version, and app version
- Session duration and engagement metrics
- Number of servers configured (not server details)
This data is anonymized and aggregated to understand app usage and improve user experience. You can disable analytics at any time in the app's settings.
Crash Reporting (Firebase Crashlytics): To improve app stability, JellyWatch automatically collects crash reports and error logs when the app encounters technical issues. These reports include:
- Device information (manufacturer, model, Android version)
- App version and build type
- Stack traces and error messages
- App state at the time of the crash
Crash reports do not include personal information or your server credentials. This can be disabled in settings.
Performance Monitoring (Firebase Performance): JellyWatch collects app performance metrics such as screen loading times and network request durations to optimize performance. This data is anonymized and does not include personal content.
Google Account (Optional): You may choose to sign in with your Google account to access premium features, submit support requests, and back up or restore your app settings. This is entirely optional, and JellyWatch can be fully used without signing in.
Backup Data (When Logged In): If you choose to use the backup feature with your Google account, we securely store:
- General app settings and preferences
- Notification settings
- Server configurations (URLs, names - credentials are encrypted)
- External service integrations (Jellyseerr, JellyStat, etc.)
- Menu customization preferences
- Last sync timestamp and device ID
All backup data is encrypted and stored securely in our database. Only you can access your backup data.
Support Tickets (When Logged In): When you submit a support request, we collect:
- Your email address and user ID
- Support request details (title, description, type, priority)
- Device information (manufacturer, model, Android version, API level)
- App version and build type
- Support messages and conversation history
This information is used exclusively to provide support and resolve your issues.
Push Notifications (Firebase Cloud Messaging): With your permission, JellyWatch uses Firebase Cloud Messaging to send push notifications for support ticket updates and important app announcements. You can manage notification preferences in settings.
How We Use Your Information #
App Functionality: All locally stored data is used exclusively to provide app functionality, including server connections, user preferences, and session management.
Analytics & Performance: Data collected through Firebase Analytics and Performance Monitoring is used only to understand app usage patterns, identify performance bottlenecks, and improve user experience. You may opt out of analytics collection at any time in the app's settings.
Crash Reporting: Firebase Crashlytics data helps us identify and fix bugs quickly to improve app stability. Crash reports are reviewed by our development team and are not shared with third parties.
Google Account: If you choose to sign in with your Google account, your account information is used only to (1) enable premium features, (2) allow you to submit and track support requests, and (3) back up or restore your JellyWatch settings. We do not use this information for any other purpose.
No Cloud Sync (Without Login): If you do not sign in with Google, your data never leaves your device unless you explicitly choose to back it up manually.
Data Security #
Local Encryption: All sensitive data, including server credentials, is encrypted using Android's built-in security features (EncryptedSharedPreferences) and stored in private app storage.
Network Security: All communications with your Jellyfin servers use HTTPS encryption when available, ensuring your data remains secure in transit. Our backend API also uses HTTPS encryption and Firebase App Check for request verification.
Backup Encryption: When you use the backup feature, your server credentials are encrypted before being stored in our database. We use industry-standard encryption protocols to protect your data.
Data Retention: Analytics data collected by Firebase Analytics is stored and processed by Google according to their privacy policies. Backup data is retained until you delete it or request deletion. Support tickets are retained for 2 years after closure for quality assurance purposes. Crash reports are retained for 90 days.
Access Control: Our backend database is protected by Firebase authentication and uses strict security rules. Only authenticated users can access their own data. Our team has limited access only for support purposes when explicitly requested.
Third-Party Services #
Firebase Services: JellyWatch uses the following Firebase services from Google:
- Firebase Analytics - Anonymous usage analytics (can be disabled in settings)
- Firebase Crashlytics - Crash reporting and error tracking (can be disabled in settings)
- Firebase Performance Monitoring - App performance metrics (can be disabled in settings)
- Firebase Cloud Messaging (FCM) - Push notifications for support updates
- Firebase Firestore - Secure cloud database for backups
- Firebase Authentication - Secure user authentication
- Firebase App Check - API request verification and abuse prevention
All Firebase services are subject to Google's Privacy Policy. Data collected by Firebase is used exclusively for the purposes described in this privacy policy.
Backend Infrastructure: Support tickets and related data are stored in our secure MySQL database hosted on our backend infrastructure. All communications with our backend use HTTPS encryption and Firebase App Check for request verification.
Google Play Services: JellyWatch uses Google Play Services for app distribution, updates, in-app purchases, and Play Integrity API for security verification.
Google Sign-In (Optional): JellyWatch allows you to sign in with your Google account to enable premium features, support requests, and backup/restore features. This login is optional, and the app works without it.
No Advertising: JellyWatch contains no ads, no tracking pixels, and no third-party advertising networks.
Web Application (JellyWatch Web) #
JellyWatch is also available as a web application accessible from any browser at https://jellywatch.app/app. The web app shares the same backend infrastructure as the Android app and is subject to the same privacy principles.
Google Sign-In (Required for Web App): The web app requires signing in with a Google account via Firebase Authentication to access your dashboard and configure services. Your Google account information (email address and Firebase UID) is used solely to identify your account and secure your data.
External Service Credentials: When you connect third-party services (Sonarr, Radarr, Seerr, Prowlarr, qBittorrent, Deluge, Transmission, uTorrent), we store on our server:
- The service URL (e.g.
https://your-sonarr.domain.com) - The API key or credentials encrypted before storage
- A display name for the service
These credentials are never exposed in plain text. They are decrypted server-side only to perform proxied API requests on your behalf, then immediately discarded from memory.
Media Server Token (Jellyfin / Emby): To display active sessions on the dashboard, you may provide your Jellyfin server URL and API token. This token is stored encrypted and used exclusively to query your server's /Sessions endpoint.
Proxied API Requests: All requests to your connected external services (Sonarr, Radarr, Seerr, etc.) are routed through our backend server. This means your API keys are never exposed to the browser. Our server acts as a secure relay. It does not log, store, or analyse the content of these API responses beyond what is needed to display them in your dashboard.
Real-Time Dashboard (WebSocket): The dashboard uses a WebSocket connection to push live data (active sessions, torrent status, service health) to your browser. This data is fetched from your configured services in real time and is not persisted beyond the current session.
Premium Purchase (Stripe): The web app offers a one-time lifetime premium purchase processed by Stripe. When you complete a payment:
- Payment details (card number, etc.) are handled entirely by Stripe and never pass through our servers
- We receive a webhook confirmation from Stripe containing your Firebase UID, the Stripe Payment Intent ID, and the payment status
- We store in our database: your Firebase UID, app type, payment intent ID, purchase status, and timestamps
- No financial data is stored on our servers
Stripe's data processing is governed by Stripe's Privacy Policy.
No Tracking or Analytics on the Web App: Unlike the Android app, the web application does not use Firebase Analytics, Crashlytics, or any third-party tracking. No usage statistics, page views, or behavioural data are collected from the web interface.
Data Stored for Web App Users: In summary, the following data is stored on our servers for web app users:
- Firebase UID and email address (from Google Sign-In)
- Configured external service URLs and encrypted API keys
- Encrypted Jellyfin server URL and API token (if provided)
- Premium purchase record (if applicable), no financial data
- Support tickets (if submitted)
Web App Data Deletion: You may request deletion of all your web app data (service credentials, server token, premium record) by contacting us at support@jellywatch.app. Upon request, all your data will be permanently deleted from our servers.
Creator Program #
Creator Referral System: JellyWatch offers a Creator Program that allows registered creators to earn a 5% commission on purchases made using their unique creator code. Participation is voluntary and requires signing in with a Google account.
Creator Account Data: When you register as a creator, we store:
- Your chosen creator code (unique identifier)
- Your display name
- Your Firebase UID (linked to your Google account)
- Referral statistics (number of referrals, earnings)
- Commission records for purchases made with your code
Buyer Creator Code Usage: When a buyer enters a creator code before making a purchase, we record the association between the purchase and the creator code to calculate commissions. The buyer's personal information is not shared with the creator.
Commission & Payouts: Creators earn 5% commission on each purchase attributed to their code. A minimum balance of €15.00 is required to request a payout. To request payment, creators must contact our support team at support@jellywatch.app with their creator code and payout request.
Creator Program Rules & Enforcement:
- Anti-Fraud Policy: Any attempt to abuse or manipulate the Creator Program (including fake purchases, self-referrals, chargebacks after commission payout, coordinated fraud, or violation of Google Play policies) will result in immediate and permanent termination of your creator account.
- Account Termination: Upon detection of fraudulent activity, your creator account will be permanently banned. All pending and unlocked commissions will be forfeited and will not be paid out.
- No Appeals: Creator account bans for fraud or abuse are final and non-reversible. We reserve the right to ban creator accounts at our sole discretion.
- Legal Action: We reserve the right to pursue legal action and report fraudulent activity to relevant authorities and payment providers, including Google.
- Verification Requirements: We may request additional verification or documentation before processing payout requests. Failure to provide requested information may result in payout denial.
Creator Data Deletion: You may request deletion of your creator account and all associated data by contacting our support team. This will permanently remove your creator code, referral history, and commission records. Any pending payouts will be forfeited upon account deletion.
No Data Sale or Sharing #
We Do NOT Sell Your Data: JellyWatch will never sell, rent, or lease your personal information or data to third parties. Your privacy is not for sale.
No Third-Party Sharing: We do not share your personal data with third-party companies for their marketing purposes. The only third-party services we use are Firebase (for app infrastructure), Google Play Services (for app distribution), and our own MySQL database for backups, all solely for providing app functionality.
No Monetization of Your Data: We do not use your data for advertising, profiling, or any form of monetization beyond the app's subscription model. Our business model is based on premium subscriptions, not data exploitation.
Your Rights and Control #
Complete Control: You have full control over all data stored by JellyWatch. You can clear app data, uninstall the app, or reset settings at any time.
Data Export: You may export your server configurations and settings for backup purposes via the app's settings menu.
Analytics & Crash Reporting Opt-out: You can disable Firebase Analytics and Performance Monitoring at any time in the app's settings. These features are enabled by default in release builds to help improve the app, but you have full control.
Optional Google Login: Signing in with your Google account is not required. If you use this feature, you may disconnect your account and delete your backup data at any time.
No Account Required: JellyWatch does not require account creation to function. You can use all core features without signing in.
Data Deletion #
If you signed in with your Google account, you may request the deletion of all data associated with it, including:
- Your Google account connection with JellyWatch
- Your app settings backups
- Your support tickets and related communications
To request deletion, please contact our support team at support@jellywatch.app. Once processed, your data will be permanently deleted and cannot be recovered.
Children's Privacy #
JellyWatch is designed for managing media servers and is not specifically directed at children under 13. No personal information is directly collected by the app.
Parents should supervise their children's use of such applications and ensure proper content filtering is configured on their Jellyfin servers.
Changes to This Policy #
We may update this privacy policy to reflect legal, technical, or functional changes. Any updates will be posted on this page with a revised date.
Changes generally involve clarifications or added protections, rather than increased data collection.
Contact Information #
If you have any questions about this privacy policy or JellyWatch's privacy practices, you can contact us at:
- Email: support@jellywatch.app
Last Updated: | Effective Date: