PRIVACY POLICY Effective date: February 14, 2026 Kernel Media Server ("us", "we", or "our") provides self-hosted server software and related components (the "Service"). This Privacy Policy explains what data we collect as the software vendor and what data is processed locally by each installed server instance. No Cloud Backend, No Central Authentication, No Phone Home ----------------------------------------------------------- Kernel Media Server does not require or use a central cloud backend to operate. Kernel Media Server does not provide central account authentication for your server users. Kernel Media Server does not include built-in telemetry or analytics that send usage data to our own hosted infrastructure. By default, server data stays on the server where the software is installed. Definitions ----------- * **Service** Service means the Kernel Media Server software, APIs, and web interfaces running in your own deployment. * **Personal Data** Personal Data means information relating to an identified or identifiable person. Data Collection by Us (the Vendor) ---------------------------------- From operation of installed server software, we do not collect, receive, or store your users' personal data in our own infrastructure. Specifically, we do not centrally collect: * User accounts from your server * Passwords or password hashes from your server * Media library contents or watch history from your server * Device IDs, IP addresses, or connection logs from your server * Recording metadata or playback data from your server We do not sell personal information. If you contact us directly (for example, support or business communications), we may process the information you voluntarily provide in that communication. Data Processed by Your Server Instance (Not by Us) -------------------------------------------------- The software running on your server may locally process and store data required to provide functionality, such as: * User and authentication data * Device and active connection data * Channel, guide, and library metadata * Recording and playback-related data * Local logs, caches, and diagnostics This processing is performed by the installed server instance and is controlled by the server owner/operator, not by us as the vendor. External Network Requests ------------------------- The software may make outbound network requests directly from your server only for features configured by the server owner/operator (for example, playlist URLs, guide sources, image sources, or optional third-party integrations). Those destinations may receive technical request data from your server (for example, IP address and request headers). There is no mandatory vendor-controlled "phone home" endpoint for usage telemetry, analytics, or central login. Roles and Responsibility ------------------------ If you run a server instance for others, you are responsible for that instance's data practices, access controls, retention settings, and legal compliance. Security -------- We design the software to support reasonable security practices, but no method of transmission or storage is 100% secure. Server owners/operators are responsible for securing their own infrastructure, network exposure, backups, credentials, and operational settings. Data Retention -------------- As vendor, we do not centrally retain operational user data from your installed server. Retention of data inside a deployed server instance is controlled by that server's administrator and local configuration. Children's Privacy ------------------ Our Service is not directed to children under the age of 18. Changes to This Privacy Policy ------------------------------ We may update this Privacy Policy from time to time. Changes are effective when posted with an updated effective date. Contact Us ---------- If you have questions about this Privacy Policy, contact us using the method listed on the main website where this policy is published.