Privacy Policy

1

Introduction

CastleTV ("we", "us", "our") is fully committed to protecting your privacy and personal data. This Privacy Policy explains what information we collect when you visit castletv.net or use our IPTV streaming service, the lawful basis for processing it, how we use and protect it, and the rights you hold over your information. This policy applies to all subscribers, website visitors, and reseller partners. By using the CastleTV service, you confirm that you have read and understood how your data is handled. We process personal data in accordance with the General Data Protection Regulation (GDPR) and, for California residents, the California Consumer Privacy Act (CCPA).

2

Data We Collect

We collect two categories of information: data you provide directly, and data collected automatically during use. Account Data: your name, email address, WhatsApp or phone number, and country — collected for account creation and service delivery. Payment Data: billing information processed entirely by our trusted payment partners; CastleTV never stores full payment card numbers. Device Identifiers: MAC address collected only when activating a MAG Box. Usage Data: channels watched, viewing duration, stream quality, and connection timestamps — used for service optimisation and fraud prevention. Technical Data: IP address, device type, operating system, browser or app version, and approximate location at country or city level — used for security and geolocation compliance. Support Communications: messages, emails, and chat records with our support team — retained for customer service and dispute resolution.

3

How We Use Your Data

Service delivery — creating and managing your account and providing access to the IPTV service (contractual necessity). Customer support — responding to queries, troubleshooting, and resolving billing disputes (contractual necessity / legitimate interest). Payment processing — processing transactions and sending receipts (contractual necessity). Service improvement — analysing anonymised usage patterns to improve performance and features (legitimate interest). Security and fraud prevention — detecting and preventing credential sharing, account abuse, and fraudulent activity (legitimate interest). Legal compliance — fulfilling obligations under applicable law, court orders, or regulatory requirements (legal obligation). Marketing communications — sending service updates or promotional offers only where you have explicitly opted in; you may withdraw consent at any time (consent).

4

Sharing Your Information

CastleTV shares your personal data only in the following strictly controlled circumstances. Payment processors — trusted partners such as Stripe and PayPal who process transactions under formal data processing agreements. Infrastructure providers — cloud hosting and server providers who store data under strict confidentiality obligations. Email and communication platforms — used to deliver transactional emails and support messages, each bound by data protection agreements. Legal obligations — where required by law, court order, or lawful governmental authority. Business transfers — in the event of a merger or acquisition, data may transfer as part of that transaction subject to equivalent privacy protections. With your explicit consent — for any other purpose where you have provided prior written approval. We do not sell, rent, or trade your personal information to any third party for their marketing purposes.

5

Cookies & Tracking

Our website uses cookies and similar technologies. Essential Cookies are required for core functionality — session management and authentication — and cannot be disabled without breaking the site. Analytics Cookies help us understand how visitors interact with our pages using tools like Google Analytics; all data is anonymised and aggregated. Preference Cookies remember your settings and language choices to provide a consistent experience. Marketing Cookies are only set with your explicit consent and can be withdrawn at any time through your browser settings. You may manage or disable non-essential cookies through your browser settings at any time.

6

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law. Account and subscription data is retained for 12 months after account termination. Payment and billing records are kept for 7 years as required by financial regulations. Support communications are retained for 24 months. Usage and streaming logs are held for 90 days. Marketing preferences are retained until you unsubscribe. After the applicable retention period, all data is securely and permanently deleted or irreversibly anonymised.

7

Security Measures

We implement industry-standard technical and organisational security measures including: TLS 1.2+ encryption for all data transmitted between your device and our servers; password hashing using industry-standard algorithms — we never store plaintext passwords; access controls restricting data access to authorised personnel on a strict need-to-know basis; regular security audits and vulnerability assessments; and incident response procedures to detect, contain, and notify you of any data breach within 72 hours as required by GDPR.

8

Your Privacy Rights

Depending on your location, you hold the following rights regarding your personal data. The right to access — request a copy of the personal data we hold about you. The right to rectification — request correction of any inaccurate or incomplete data. The right to erasure — request deletion of your personal data, subject to our legal retention obligations. The right to restrict processing — request that we pause processing your data in certain circumstances. The right to data portability — receive your data in a structured, machine-readable format. The right to object — object to processing based on legitimate interests. The right to withdraw consent — where processing is based on consent, withdraw it at any time. CCPA rights for California residents include the right to know, delete, and opt out of the sale of personal information (we do not sell data). To exercise any of these rights, contact us at hello@castletv.net. We respond to all verified requests within 30 days.

9

Contact & Data Controller

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: Email — hello@castletv.net · WhatsApp — +44 7481 345011 (available 24/7). We are committed to addressing all privacy enquiries promptly and transparently.