Mediapull

Legal

Privacy Policy

Effective date: April 16, 2026  ·  Operated by Mediapull

1. Who We Are

Mediapull (“we”, “our”, “us”) operates the website mediapull.net and related services. We are a media conversion tool that allows users to download publicly accessible media from supported platforms for personal use. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian law.

For privacy-related inquiries, contact us at: [email protected]

2. Data We Collect

2.1 Account Data

When you create an account, we collect your email address, chosen username, and encrypted password (or OAuth token if you sign in via Google). We do not store plain-text passwords.

2.2 Payment & Billing Data

Payments are processed by Creem (Armitage Labs OÜ, Estonia). When you subscribe, Creem passes us your name, email address, billing country, and order details for fulfillment. We do not receive or store your full card number, CVV, or bank account details — these are handled exclusively by Creem.

2.3 Usage Data

For subscribed users, we store a download history tied to your account (URLs submitted, platform, format, quality, and timestamp). Free users have no persistent history. We also collect basic server logs (IP address, request path, response status, timestamp) for security and abuse prevention. Logs are retained for 30 days.

2.4 Media Content

We do not store, retain, or possess any media file you download. Any media data that transiently passes through Service infrastructure exists solely to complete your requested transmission and is permanently deleted immediately upon delivery to your device. We do not index, inspect, copy, or analyse the content of any media processed through the Service. All download requests are initiated solely by you — the Service does not autonomously fetch or cache any media content.

2.5 Anonymous Use

If you use the Service without an account (Free tier), we do not collect any personally identifiable information beyond server logs (IP address, request metadata) retained for 30 days for abuse prevention.

3. Legal Basis for Processing

  • Contract (Art. 6(1)(b) GDPR): Account data and billing data are processed to deliver the service you subscribed to.
  • Legitimate Interest (Art. 6(1)(f) GDPR): Server logs and abuse detection are processed to protect the security and integrity of our service.
  • Legal Obligation (Art. 6(1)(c) GDPR): We may retain certain data to comply with applicable tax, accounting, and legal obligations.

4. How We Use Your Data

  • To create and maintain your account
  • To process your subscription and manage billing via Creem
  • To display your download history (subscribed users only)
  • To enforce our rate limits, plan quotas, and Terms of Service
  • To detect and prevent abuse, fraud, and unauthorized access
  • To respond to support requests
  • To comply with legal obligations

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

5. Third-Party Processors

We use the following sub-processors. Each is bound by a Data Processing Agreement:

ProcessorPurposeLocation
Creem (Armitage Labs OÜ)Payment processing, subscription managementEstonia (EU)
Cloud hosting providerServer infrastructure, databaseEU / EEA

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Download history: Retained per plan (7 days for Starter, indefinitely for Pro/Lifetime). Deleted upon account deletion.
  • Server logs: 30 days.
  • Billing records: Retained for 7 years to comply with tax and accounting law.
  • Media files: Not retained. Deleted immediately after your download completes.

7. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
  • Restriction: Request that we restrict processing of your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Cookies

We use only essential cookies required for authentication (session token) and security (CSRF protection). We do not use advertising cookies or third-party tracking pixels. No cookie consent banner is required as we only use strictly necessary cookies.

9. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and HMAC-signed internal API calls. No security measure is perfect. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR (within 72 hours).

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email (for account holders) or by a notice on the website at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy inquiries: [email protected]
For general support: [email protected]