Privacy Policy — Top Video Downloader
Effective date: 2026-06-27 Last updated: 2026-06-27
This document describes what the Top Video Downloader desktop application (“the App”) and its accounts/licensing backend (“the Service”) collect, why, and what they deliberately do not collect. It is written to match how the software actually behaves — the privacy guarantees below are enforced by construction in the code, not merely promised.
Operator / data controller: [LEGAL ENTITY — to be filled in before public launch]. Contact: [privacy@your-domain]. The bracketed fields are the only things gated on incorporating a legal entity; the substance of this policy is final.
1. The one-paragraph version
The heavy lifting — fetching and saving videos — happens entirely on your computer, using your own network connection. The Service exists only to manage your account, your rights (free tier / credits / subscription), and payments. We designed it so the Service never needs to know what you download. Your email address is the only piece of personal information we store. Video URLs, video titles, and your platform login cookies are never sent to us.
2. What stays on your device and is never transmitted to us
These are stored locally on your computer (in the App’s local data directory), and the App contains no code path that uploads them:
- The URLs you paste and the videos you download. The App downloads directly from the source platform to your chosen folder. We never receive the URL, the video title, the file, or its contents.
- Your download history (a local convenience list). It records a coarse platform name (e.g. “youtube”), the outcome, and your chosen file name — on your machine only. You can clear it at any time, or turn it off in Settings.
- Platform login cookies. When you sign in to a content platform (e.g. to download age-restricted or private content you have access to), the embedded login window talks only to that platform. The resulting cookies are stored encrypted on your device (the encryption key lives in your operating system’s secure keystore) and are handed to the downloader locally. They are never uploaded to the Service.
- Crash-recovery journal and app settings. Local files used to resume interrupted downloads and remember your preferences.
3. What the Service stores
| Data | Why | Notes |
|---|---|---|
| Email address | Your account identity, license-key delivery, payment receipts, and renewal reminders | The only personal data we store. No password (sign-in is by license key). |
| Device identifier | Enforces the “2 devices per account” limit and binds your rights token | A random identifier generated on your device; not linked to hardware serials or advertising IDs. |
| Account rights & ledger | Tracks your free-tier usage (by server clock), credit balance, and subscription period via an append-only ledger | Financial integrity; no video content is referenced. |
| Payments | Records crypto invoices and confirmations needed to grant rights and (if requested) issue refunds | Includes the on-chain transaction id and, for a refund you request, the payout address you give us. We do not store card data — we take no card payments. |
| Aggregate telemetry (optional, opt-out) | Product quality: download success/error rates by platform, app version, OS | See §4. Contains no URLs, titles, or content. |
4. Telemetry — aggregate only, and optional
If telemetry is enabled (you can turn it off in Settings → Privacy), the App sends small aggregate events. The event format is a closed whitelist — there is no field in which a URL or a video title could travel, and the server table has no column to store one. Every field an event can contain:
event— one of:app_started,reserve,download_started,download_succeeded,download_failedplatform— a coarse slug only (e.g.youtube), never the URLerror_class— a category (e.g.network,geo_restricted), never a messagequality_height,audio_only— the requested qualityduration_ms— how long an operation tookapp_version,os(windows/macos/linux),ts(timestamp)
Telemetry is authenticated but the link to your account is optional and may be detached for retention. Turning telemetry off stops these events entirely.
5. What we never do
- We never store or receive the URLs, titles, thumbnails, or contents of what you download.
- We never receive your platform login cookies or credentials.
- We take no card payments and store no card data (payment is via cryptocurrency through our payment processor).
- We do not sell or rent your data, and we do not use third-party advertising or tracking SDKs.
6. Third parties
- Payment processor (NOWPayments). When you buy credits or a subscription, the invoice/payment is handled by our payment provider. They process the crypto transaction; we receive only the confirmation needed to grant your rights. See their own privacy policy for how they handle on-chain data.
- Email delivery. A transactional email provider sends your license key, receipts, and renewal reminders to the email you provided.
- Content-delivery / edge (Cloudflare). Sits in front of the Service for security and rate-limiting; it processes connection metadata (e.g. IP addresses) to deliver and protect the Service.
- Update channel (CDN). The App checks a signed update channel for new versions of its downloader engine and of the App itself. These requests carry no account data.
We do not download anything for you on our servers — the content platforms you download from are not our partners and receive your requests directly from your own device.
7. Cookies on our website
Our marketing/download website uses only what is strictly necessary to serve the download and the legal pages. The desktop App is not a web page and sets no tracking cookies.
8. Data retention
- Email and account/ledger records are kept while your account exists and as long as required for tax/accounting of payments, then deleted.
- Aggregate telemetry is retained in aggregate; the optional user link may be detached earlier.
- Local data (history, cookies, settings) lives only on your device until you clear it or uninstall the App.
9. Your rights
Because the only personal data we hold is tied to your email, you can:
- Access / export the account data associated with your email.
- Delete your account and associated personal data (subject to financial record-keeping obligations for completed payments).
- Opt out of telemetry at any time in the App settings.
To exercise these, contact [privacy@your-domain] from your account email. Depending on your location (e.g. EU/UK GDPR, CCPA), additional statutory rights may apply; we honour them on the same single-identifier basis.
10. Children
The App and Service are not directed to children under the age required for a binding contract in your jurisdiction (at minimum, under 16). We do not knowingly collect data from them.
11. Security
Token signing keys and the binary-update signing key are kept separate and off the public Service. Login cookies are encrypted at rest on your device. The Service sits behind an edge proxy with rate-limiting. No system is perfectly secure, but the architecture minimises what is exposed by keeping content and credentials on your device.
12. Changes to this policy
We may update this policy; the “Last updated” date will change and material changes will be announced in-app or by email. Continued use after an update constitutes acceptance.
13. Contact
[LEGAL ENTITY] — [privacy@your-domain] — [postal address, if required by your jurisdiction].