1.Scope & Controller
This Privacy Policy applies to:
- The NoSignal iOS app distributed via the Apple App Store — a remote-control client for the NoSignal daemon;
- The NoSignal daemon (Linux software) and its licensing infrastructure;
- The nosignal.ro marketing website.
The data controller is:
- Cloud Craft SRL, a Romanian limited liability company;
- Email: [email protected].
2.NoSignal iOS App
The NoSignal iOS app is a thin client. It connects directly from your device to a NoSignal daemon that you own and run on your own server. Cloud Craft does not operate any cloud backend for the iOS app and does not receive any data from it.
2.1 What we collect from the iOS app: nothing
The app contains no analytics framework, no advertising framework, no crash-reporting service operated by us, no remote-configuration service, no advertising identifier collection, and no fingerprinting. The binary speaks only to the NoSignal daemon URL you enter at setup.
The Apple App Store privacy disclosures for this app declare “Data Not Collected” across every category Apple lists, including:
| Apple privacy category | Collected? |
|---|---|
| Contact info, name, email | Not collected |
| Location (precise or coarse) | Not collected |
| Health, fitness, sensitive info | Not collected |
| Contacts, photos, browsing history | Not collected |
| Identifiers (advertising, device ID) | Not collected |
| Usage data, diagnostics, crash logs | Not collected |
| Purchases, financial data | Not collected |
| Tracking across other apps or websites | Not used |
2.2 What the app stores on your device
The app stores the following data locally on your iPhone or iPad only:
- The URL, display name, and accent color of each NoSignal daemon you register;
- Optional saved credentials for each registered instance (operator username and password, or JWT session token), kept in the iOS Keychain under standard system protection — only if you enable “Remember login” for that instance;
- Cached responses from the daemon (channel list, dashboard counters, scanner results, EPG payloads) to reduce network use and improve responsiveness.
This data is never transmitted to Cloud Craft. It is removed when you uninstall the app, when you delete an instance from the app, or when you turn off “Remember login” for that instance.
2.3 What the app sends over the network
When you are signed in, the app sends API requests over TLS directly to the NoSignal daemon you have registered. These requests carry:
- Your operator credentials, JWT, or refresh token, as required by the daemon for authentication;
- The commands and queries you issue from the app (list channels, view telemetry, edit configuration, restart a channel, run a scanner, fetch logs, etc.);
- The responses your daemon returns — transport-stream telemetry, channel state, license info, EPG payloads.
This traffic flows only between your device and your own server. Cloud Craft operates no proxy, no relay, and no observability into this channel. The cryptographic identity of the daemon is established by the TLS certificate that you (the operator) provision on your server.
2.4 Permissions the app requests
The app does not request location, camera, microphone, contacts, calendar, photos, motion, push-notification, Bluetooth, local-network discovery, or any other privacy-sensitive permission from iOS. The app requires only standard outbound network access in order to reach the NoSignal daemon URL you enter.
2.5 Encryption
All communication between the app and your daemon uses HTTPS / TLS provided by Apple's built-in network stack. The app uses only standard system encryption for transport security and Keychain protection; it does not implement, ship, or expose any proprietary cryptography. For US export-compliance purposes, the app is therefore exempt and declares ITSAppUsesNonExemptEncryption = NO.
3.NoSignal Daemon Software (Linux)
The NoSignal daemon runs on your own infrastructure. Cloud Craft does not receive transport-stream content, channel configuration, telemetry, logs, scanner results, EPG data, or operator credentials from a running daemon instance.
Subscription licenses periodically send a small licensing heartbeat over TLS to our license server (typically every ~1 hour). The heartbeat contains:
- An Instance ID (issued by us at license time);
- The installed software version string;
- A soft machine fingerprint (hashes of
/etc/machine-id, primary MAC address, hostname).
The heartbeat is used strictly for license enforcement and product integrity; it is not analyzed for product analytics or marketing. See the Terms & Conditions, §6.1 and §8.
Perpetual licenses never contact Cloud Craft after installation. The license is verified entirely offline using a signed key block.
4.Order Processing & Licensing Data
When you purchase, evaluate, or otherwise acquire a NoSignal license, we process the following personal data as data controller:
- Contact data — name, work email, phone, company role;
- Billing data — legal name, fiscal address, VAT number, payment reference;
- Machine identifiers you supply for license issuance — hashes of
/etc/machine-id, MAC address, hostname (perpetual licenses); or an instance identifier (subscription licenses).
Legal basis: performance of the licensing agreement (Art. 6(1)(b) GDPR) and compliance with Romanian tax and accounting law (Art. 6(1)(c) GDPR).
Recipients: our external accountants, our payment processor, and Romanian tax authorities where required by law. We do not sell or share personal data for advertising or marketing purposes.
5.Website & Cookies
The marketing website at nosignal.ro uses only two first-party cookies, and only after you click “Accept” on the cookie banner:
nosignal_lang— your preferred language (EN or RO);nosignal_theme— your preferred color theme (light or dark).
If you decline, only a one-byte consent marker (nosignal_consent=declined) is set so we do not ask again on the same browser. There are no analytics cookies, no third-party trackers, no advertising pixels, no social-network buttons that track, and no fingerprinting on this website.
Server access logs (IP address, request path, user agent, timestamp) are kept by the hosting provider for a short period for security and operational diagnostics, on the legal basis of legitimate interest (Art. 6(1)(f) GDPR). They are not aggregated, profiled, or used for marketing.
6.Third Parties & SDKs
The NoSignal iOS app contains no third-party SDKs beyond Apple's own platform frameworks. The NoSignal daemon embeds open-source Rust dependencies but communicates only with the operator's own infrastructure and (for subscription licenses) with our license server.
For order processing and licensing administration we use:
- An external accountant (Romania) — processes billing data under a written processing agreement;
- A payment processor for invoice payments — processes payment data under its own privacy policy.
No personal data is shared with advertising networks or data brokers under any circumstances.
7.Your Rights under GDPR
Under EU Regulation 2016/679 (GDPR) you have the right to:
- Request access to the personal data we hold about you;
- Request correction of inaccurate data;
- Request erasure (“right to be forgotten”), subject to retention obligations under Romanian fiscal and accounting law;
- Restrict or object to processing in specific cases;
- Request data portability in a machine-readable format;
- Lodge a complaint with the Romanian supervisory authority — ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal, www.dataprotection.ro).
To exercise any of these rights, contact us at the email address in §13. We respond within thirty (30) days of a verified request.
8.Retention
Personal data we hold for order processing and licensing administration is retained for the duration of the commercial relationship plus the periods required by Romanian fiscal and accounting law — typically ten (10) years for accounting records.
Licensing heartbeat logs are retained for up to twelve (12) months for license-enforcement and abuse-detection purposes, then deleted.
Data stored on your device by the iOS app is retained for as long as you choose. Uninstalling the app removes it. Disabling “Remember login” for an instance clears the saved credentials for that instance from the iOS Keychain.
9.International Transfers
Order-processing and licensing data is stored on infrastructure located in the European Union or the European Economic Area. We do not transfer personal data outside the EEA. If this ever changes, we will publish appropriate safeguards (Standard Contractual Clauses or an equivalent mechanism under Chapter V GDPR) in this policy before any such transfer occurs.
10.Security
We apply technical and organizational measures appropriate to the risk, including TLS-encrypted transport for all licensing and account communications, access control on internal systems, encryption-at-rest for licensing databases, and secure handling of cryptographic license-signing keys. No system is perfectly secure; we cannot guarantee absolute security but we will notify affected data subjects and the supervisory authority of any personal-data breach as required by Art. 33–34 GDPR.
11.Children
NoSignal is a professional broadcast and IPTV operator tool. Neither the iOS app nor the daemon is directed at children under 16, and we do not knowingly process personal data of children.
12.Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the product, the law, or our processing practices. The current version is always published at nosignal.ro/en/privacy.html with the “Last updated” date above. Material changes will be announced on the website and, where applicable, by direct email to licensees.
13.Contact
For privacy questions, data-subject requests, or to exercise any of the rights described in §7:
- Cloud Craft SRL
- Email: [email protected]