Privacy Policy

Scope

This policy applies to the Aviato server software, the official Aviato mobile and web apps, the Aviato plugin marketplace, the Aviato Afterburner subscription service, and the aviato.media website. References to “Aviato” below cover all of these.

Default behavior

Aviato does not collect, transmit, or share information about your server, library, or activity by default:

• Aviato includes no telemetry, no analytics SDKs, and no background “phone home” mechanisms.
• Library content, playback history, watch state, and the local Aviato users you create on your server remain on your server. Ato has no access to them.
• The official Aviato mobile and web apps connect to your server, not to Ato. They do not include third-party analytics or advertising identifiers.
• The aviato.media website operates without analytics, advertising pixels, or third-party trackers.

Crash reports (opt-in)

Crash reporting is disabled by default. When you enable it, Aviato transmits an error report to Ato when it encounters an unexpected error. A report contains:

• A randomly generated server identifier so related errors can be correlated. The identifier is generated locally and cannot be used to identify you.
• Stack traces and surrounding error context.
• The names of plugins, libraries, and (when relevant) the specific library item being processed when the error occurred.
• The Aviato version.

Crash reports do not include your IP address or other personally identifying information. Library item names may include the titles of media in your library; if this is a concern, leave crash reporting disabled.

Send Feedback (opt-in)

The Send Feedback feature transmits the same payload as a crash report along with the message you write. You may optionally include your email address if you would like a reply.

Plugin marketplace

Each plugin install is recorded as a single increment to that plugin’s aggregate install counter. Ato does not record who installed a plugin, does not maintain per-server install histories, and does not link installs across plugins or sessions.

Like any internet service, the marketplace endpoint observes the source IP of the install request at the network level for the duration of that request. Ato does not store these IP addresses and does not use them for analytics or profiling.

Aviato Afterburner accounts

Aviato Afterburner is the paid tier of Aviato, sold as a monthly or annual subscription. Subscribing requires creating an Ato account. This is the only context in which Aviato collects personal information about you. Ato collects only what is needed to administer the subscription:

• Name and email address, used to issue licenses, deliver receipts, and respond to billing inquiries.
• Subscription and license records, including billing cadence, renewal status, and the servers on which each license has been activated. These records are used to administer billing and to enforce per-server licensing.

Payments

Payment information — including the card or other payment method retained for recurring billing — is collected and stored by a PCI-compliant third-party payment processor, not by Ato. The processor’s privacy notice will be linked at checkout and governs its handling of that information.

How Ato shares data

Ato does not sell personal data and does not share personal data for advertising, marketing, or profiling.

Ato shares limited data with vendors that operate parts of the Afterburner service on Ato’s behalf — currently cloud hosting, payment processing, and transactional email — under contracts that restrict those vendors to providing the service to Ato.

Ato may disclose information when legally required to do so, including in response to a valid subpoena, court order, or other legal process. Where permitted, Ato will notify the affected account holder and will resist overbroad or improper requests.

Retention and security

Data sent to Ato is stored on infrastructure operated by Ato or by the vendors described above, encrypted in transit (TLS) and at rest. Access is limited to Ato personnel and authorized vendor personnel who require it.

Retention windows:

• Crash reports and Send Feedback submissions: up to 90 days, then deleted.
• Plugin marketplace install counters: aggregated; raw events are not retained.
• Afterburner account and license records: retained while your account is active and for up to seven years after closure to satisfy tax and accounting record-keeping obligations, then deleted.

Your rights

If you have an Ato account, you may:

• Request a copy of the personal data Ato holds about you.
• Ask Ato to correct inaccurate personal data.
• Ask Ato to close your account and delete the personal data tied to it, subject to retention obligations under applicable tax, accounting, or other law.
• Opt out of non-essential email.

To exercise these rights, email legal@ato.software. Ato responds within 30 days.

If you reside in the European Economic Area, the United Kingdom, or California, the rights granted to you by the GDPR or the CCPA apply to your interactions with Ato regardless of where Ato is based.

Children’s privacy

Aviato is not directed at children under 13 (or under 16 in the European Economic Area and the United Kingdom), and Ato does not knowingly collect personal data from them. If you believe a child has provided Ato with personal data, email legal@ato.software and Ato will delete it.

Changes to this policy

Ato may update this policy from time to time. The “Last updated” date above will reflect any change. Material changes will, where reasonable, be communicated to Afterburner subscribers by email or through the Aviato app. Continued use of Aviato after a change becomes effective constitutes acceptance of the updated policy.

Contact

Privacy questions and requests: legal@ato.software.