Start Free Trial

Privacy Policy

Plain English. What we collect, why we collect it, how long we keep it, and how to make us delete it.

Last updated: May 15, 2026

Boss IPTV ("we", "us", "our") runs the streaming service at bossiptv.cam. This policy lays out what personal information we collect, what we do with it, who else sees it, and the rights you've got over it. We've kept the lawyer-speak to a minimum — if anything's unclear, message us on WhatsApp and we'll explain it like a human.

1. Who's behind Boss IPTV

We're an independent IPTV subscription operator. Our customer dashboard and lead intake run through dashboardiptv.com, and the site you're reading right now is hosted on Vercel's global edge network. For privacy questions, use the contact page or ping us on WhatsApp — we usually reply within a couple of hours.

2. What we actually collect

Stuff you give us directly

  • Email address — we need it to send your M3U link, Xtream codes, and account recovery info. No email, no service.
  • Payment details — handled entirely by Stripe, PayPal, or our crypto processor. We never see your full card number. We only get a transaction ID and the last 4 digits for reconciliation.
  • Name — optional. We only ask if you open a support ticket so we know what to call you.
  • Messages — anything you send us through the contact form, email, or WhatsApp gets stored alongside your support ticket.

Stuff we pick up automatically

  • IP address — used at sign-up to spot fraud and to show you the right currency on the pricing page. It's not kept in our analytics database long-term.
  • Browser and device — collected so we can tell whether your stream issue is a Firestick problem, an iOS problem, or something else.
  • Pages you visit — only if you've accepted analytics cookies. Details in our Cookies Policy.

3. Why we use this data

  • To set up your account and email you the credentials.
  • To take your payment and renew your plan when you tell us to.
  • To answer support tickets — we can't help you if we don't know your email.
  • To stop chargeback fraud and shared-account abuse.
  • To work out which pages and which traffic sources actually convert.
  • To meet legal duties — tax records, takedown notices, that sort of thing.

We don't sell your data. We don't rent it. We don't trade it. There's no automated profiling that affects what you pay or what you see.

4. Legal basis (for our EU readers)

Under GDPR we need a reason to process your data. Ours are:

  • Contract — we can't deliver your subscription without your email and payment info.
  • Legitimate interest — stopping fraud and improving the service nobody objects to.
  • Consent — for analytics and marketing cookies only. You can pull that consent any time.
  • Legal obligation — when tax authorities or courts ask for records.

5. Your GDPR rights (EU / UK / EEA)

If you're in Europe, you can ask us to:

  • Show you a copy of what we hold about you.
  • Fix anything that's wrong.
  • Delete it all — your "right to be forgotten".
  • Pause processing while a dispute is sorted out.
  • Hand over a portable copy in JSON or CSV.
  • Object to any processing based on legitimate interest.
  • Withdraw consent for cookies and marketing in one click.

Email us through the contact page and we'll action your request within 30 days — usually within 5.

6. CCPA rights (California)

California residents can:

  • Find out exactly what categories of personal info we've collected on them.
  • Request deletion of that personal info.
  • Opt out of any "sale" — though again, we don't sell your data, so there's nothing to opt out of.
  • Not be treated worse for asking. We won't cancel your plan or hike your price because you exercised a right.

Use the contact page and put "CCPA request" in the subject so we route it correctly.

7. LGPD rights (Brazil)

Brazil's LGPD gives you the same core rights — access, correction, deletion, portability, and an explanation of how your data's used. Same process: send your request via our contact page. We respond in Portuguese if you'd prefer.

8. Who else sees your data

A short list, and only what each one needs:

  • Stripe / PayPal — to process your card or PayPal payment. They have their own privacy policies.
  • Our crypto processor — if you pay in BTC, USDT, or ETH, the on-chain transaction is public by nature.
  • Google Analytics — pseudonymous traffic data, only if you accepted analytics cookies.
  • Vercel — our hosting provider, which sees server logs (IP, request path) for short periods.
  • dashboardiptv.com — our own customer dashboard, where support tickets and account records live.
  • Law enforcement — only when there's a valid court order or subpoena.

9. How long we keep things

  • Email + account record — we keep it for 24 months after your last login, then we delete it.
  • Payment records — 7 years, because that's what tax law requires in most of the countries we serve.
  • Support tickets — 24 months after the ticket's closed.
  • Server logs — Vercel rotates these within 30 days.

Want it gone sooner? Ask us. We'll wipe everything except the payment record (legally we can't touch that one until the retention period's up).

10. Cookies

We use a small set of cookies — one for your session, one for cookie consent itself, and (only with your permission) one for Google Analytics. Full list and how to switch them off in our Cookies Policy.

11. How we keep your data safe

Everything's served over HTTPS with modern TLS. Account data sits in encrypted databases. Only a couple of senior support staff can see customer records, and we audit access. We don't store payment card numbers — that's Stripe's problem, not ours, and they're better at it than we'd be.

12. International transfers

Our servers and processors are spread across the US, EU and edge locations worldwide via Vercel. If you're in the EU, your data may be transferred outside the EEA. Where that happens, we rely on the EU Standard Contractual Clauses or an equivalent safeguard.

13. Children

Boss IPTV isn't aimed at anyone under 18. We don't knowingly collect data from kids. If you reckon a child's signed up, message us and we'll delete the account.

14. When we update this policy

We'll bump the "Last updated" date at the top of the page. For changes that affect your rights — new data categories, new processors — we'll email every active subscriber 30 days before the change kicks in.

15. Get in touch

Privacy questions, deletion requests, or you just spotted something in this policy that doesn't add up? Contact us or message us on WhatsApp. We aim to reply within 48 hours, and usually it's faster.