Introduction
This Privacy Policy explains how M3U Maker collects, uses, and protects your personal data when you use our website at m3umaker.com.
M3U Maker is operated from the Netherlands. For the purposes of the EU General Data Protection Regulation (GDPR), the operator of M3U Maker is the data controller and can be reached at [email protected].
By using M3U Maker, you agree to the collection and use of information in accordance with this policy.
Data We Collect
Account data
Your email address and a hashed version of your password. Passwords are never stored in plain text.
Usage & activity data
Your IP address, browser type, and an activity log of key actions (login, logout, uploads, playlist changes, plan changes) for session management, security, and abuse prevention.
Uploaded content
M3U playlist files and source URLs you upload, stored to provide the service. We do not inspect their contents beyond what is technically necessary to process them.
Payment data
For paid plans: your PayPal subscription identifier, or — for crypto payments — the wallet address you provide, the blockchain network, transaction hash, and amount. We never receive or store your card details or PayPal login.
Support & analytics
Bug reports you submit (subject, description, the page and browser user-agent), and which payment method/plan you click during checkout, used to improve the service.
How We Use Your Data
- To provide, maintain, and improve our service
- To process subscriptions, trials, and crypto payments
- To send transactional emails (e.g. password reset, payment and subscription notifications)
- To detect and prevent abuse, fraud, or security incidents
- To prevent repeated misuse of the free trial after account deletion
- To clean up inactive accounts (files are deleted after 14 days of inactivity)
- To analyze usage patterns via Google Analytics
Our legal bases are: performance of a contract (providing the service and processing payments), our legitimate interests (security, abuse and fraud prevention, product improvement), compliance with legal obligations (financial record keeping), and your consent (analytics cookies).
Payment Data
Paid plans are billed through PayPal or paid in USDT cryptocurrency. We do not collect or store your card number or PayPal credentials — PayPal processes those directly.
For crypto payments you provide the wallet address you will send from so we can match your transaction on the public blockchain. To detect incoming payments we query public blockchain explorers (Etherscan for Ethereum, BNB Chain and Polygon; TronGrid for Tron) and a public exchange-rate API (frankfurter.dev) for the EUR→USD rate. No personal account data is sent to these services.
Wallet addresses and blockchain transactions are inherently public. Anything you send on-chain is visible to anyone.
Google Analytics
We use Google Analytics to understand how visitors use our site. Google Analytics collects data such as your IP address, browser, and pages visited, and may store cookies on your device.
You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on. Data collected is subject to Google's Privacy Policy.
Third Parties & International Transfers
We do not sell or trade your personal data. We share data only with the processors needed to run the service:
- PayPal — subscription billing
- Etherscan & TronGrid — reading public blockchain transactions to confirm crypto payments
- frankfurter.dev — EUR→USD exchange rate (no personal data sent)
- Google — Analytics (see section 5)
- Our hosting and email infrastructure providers
- When required by law
Some of these providers (e.g. PayPal, Google) are based outside the EU. Where data is transferred internationally, it is done under appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.
Data Retention
| Data type | Retention period |
|---|---|
| Account & personal content | Until you delete your account |
| Uploaded files | Deleted after 14 days of account inactivity |
| Payment & billing records | Up to 7 years (statutory financial record-keeping), in a form no longer linked to an active profile after account deletion |
| Activity logs | Anonymised on account deletion; deleted after 90 days |
| Trial-abuse signal | A one-way hash of your email is kept after deletion to stop repeated free trials |
| Session data | Deleted on logout or after prolonged inactivity |
Account Deletion & Your Rights (GDPR)
You can permanently delete your account at any time from Account → Delete Account in your dashboard. This erases your playlists, source files and personal content, cancels any active subscription, and anonymises your activity history.
If you are located in the European Union, you also have the following rights:
Request a copy of the data we hold about you
Request correction of inaccurate data
Delete your account and associated data
Request your data in a machine-readable format
Object to processing of your data
Note: when you exercise erasure, we may still retain payment and billing records for the statutory period required by tax and accounting law. These are kept only for that legal purpose and are not linked to an active profile.
To exercise any of these rights, contact us at [email protected].
Security
We take appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and server-level access controls. However, no method of transmission over the internet is 100% secure.
Cookies
We use cookies for session management and analytics. For more information, see our Cookie Policy.
Contact
If you have any questions about this Privacy Policy, please contact us at [email protected].