No Cap Media

PRIVACY

Privacy Policy

Last updated: May 2, 2026

What We Collect

No Cap Media collects the information needed to run an invite-only media access service. That can include waitlist email addresses, account email addresses, display names, invite codes, plan and device labels, request history, admin actions, IP addresses, user agents, session records, and stream-token metadata.

Upstream account usernames and passwords are handled as server-side secrets. The app stores references to those secrets, not the plaintext upstream credentials, in the application database.

How We Use It

  • To create and protect invite-only accounts.
  • To provision plans, devices, playlists, guide data, and setup links.
  • To review support, abuse, security, and account-history questions.
  • To maintain audit trails for admin actions and plan lifecycle events.
  • To detect misuse, leaked device URLs, rate-limit abuse, and access problems.

What We Do Not Do

  • We do not sell personal information.
  • We do not run third-party advertising profiles.
  • We do not collect payment card information through this app.
  • We do not ask for more profile information than the service needs.

Sharing

We share information only when needed to operate the service, protect the system, respond to abuse or security issues, comply with legal obligations, or use basic infrastructure providers such as hosting, DNS, email, logging, and backup tools.

Retention

Account, plan, device, invite, and audit records are kept while they are needed for operations, security, abuse prevention, support, and account history. Waitlist entries may be kept until they are invited, removed, or no longer useful for the invite process.

The current pruning schedule keeps audit records for about 13 months, source refresh logs for 90 days, revoked stream-token records for 90 days, expired sessions for 30 days, expired verification records for 7 days, and past guide program data for 14 days. Backups are handled separately under the operational backup schedule.

Security

The service uses invite-only accounts, authenticated admin tools, rate limits, server-side secret references, token revocation, and HTTPS in production. No internet service can guarantee perfect security, so device URLs and account access should be treated carefully.

Your Choices

You can ask the No Cap Media admin who invited you to update, deactivate, or remove your account information when that is compatible with security, legal, and operational recordkeeping needs.

Contact

For privacy, abuse, or security questions, use the contact channel provided with your invite or email privacy@nocap-media.fans.

from no cap media · for the fans · circa '94