End-to-End Encryption
Your credentials and data stay private. Always.
TL;DR
- Device-local keys, AES-256-GCM, TLS 1.3, secure pairing
- We can't read your credentials; only your devices can
- Provider Match uses aggregated stream quality analytics—never your credentials
- Zero-knowledge architecture: we can't see your credentials
- Device-generated keys stored locally (Keychain/Keystore/WebCrypto)
- PostgreSQL RLS for additional access control
- Key rotation supported for enhanced security
What We Encrypt
We encrypt all sensitive data before it leaves your device:
- Provider credentials: M3U URLs, Xtream codes, usernames, passwords
- Authentication tokens: Session tokens, refresh tokens, API keys
- Personal preferences: Favorite channels, viewing history (if enabled)
All encrypted data is stored as ciphertext only. Without your device's key, this data is completely unreadable—even to us.
Key Management
Device-Local Vault Key
Each device generates its own unique encryption key:
- iOS/macOS: Stored in Keychain with hardware encryption
- Android: Android Keystore with hardware-backed security
- Web: WebCrypto API with IndexedDB storage
Device Pairing
When adding a new device, we use a secure pairing process:
- New device generates a temporary key pair
- Existing device displays a 6-digit pairing code
- Keys are exchanged using ECDH (Elliptic Curve Diffie-Hellman)
- Vault key is wrapped and transmitted securely
- New device unwraps and stores the key locally
Cryptographic Details
Symmetric Encryption
AES-256-GCM- 256-bit keys
- 96-bit random IVs per record
- Additional authenticated data (AAD)
- 128-bit authentication tags
Key Wrapping
AES-KW / XChaCha20-Poly1305- RFC 3394 compliant AES key wrap
- Alternative XChaCha20 for web clients
- PBKDF2 with 100,000 iterations
Transport Security
TLS 1.2+ Required- TLS 1.3 preferred
- Certificate pinning in native apps
- HSTS with preload
- Perfect forward secrecy
Additional Layers
Defense in Depth- PostgreSQL row-level security
- Encrypted database backups
- Audit logging (no PII)
- Rate limiting & DDoS protection
Threat Model
Database Breach
If our database is compromised, attackers get only ciphertext. Without device keys, the data remains encrypted and unusable.
Insider Access
Our team has no access to encryption keys or plaintext data. All sensitive operations happen on your device.
Lost Device
Revoke access from account settings. The device's local key becomes invalid, and encrypted data remains protected.
Government Requests
We can only provide encrypted data. Without your device's key, we cannot decrypt your credentials or personal information.
Frequently Asked Questions
Can you see my IPTV password?
No. Your passwords are encrypted on your device before being sent to our servers. We store only the encrypted version and have no way to decrypt it.
Does AI see my stream URLs?
No. AI processing happens on channel metadata and EPG data only. Your actual stream URLs and credentials never leave the encrypted vault.
What if I lose all my devices?
For security, we cannot recover encrypted data without a device key. We recommend keeping at least one backup device paired to your account.
Can I export my data?
Yes. You can export all your data in decrypted format from any paired device. Go to Settings → Privacy → Export Data.
How do I delete everything?
Account deletion is immediate and permanent. All encrypted data is purged from our servers. Go to Settings → Account → Delete Account.
Is this open source?
Our encryption libraries and security-critical code are open source and available for audit on GitHub. See our security repository.
Ready to take control of your privacy?
Join thousands who trust mytelly.app with their IPTV.