Mediora Privacy Policy

Mediora is a free social-media video downloader app. You do not need an account to use it, and we do not ask for names, email addresses, phone numbers, or similar direct contact details. The app and backend process the pseudonymous data needed to perform downloads, enforce quotas, provide support, and keep the service reliable.

Last updated: April 30, 2026

Who runs this

• Developer & publisher: Morph Haven — morphaven@outlook.com
• App: Mediora — Social Media Video Downloader
• Android package name: app.mediora.android
• iOS bundle ID: app.mediora.ios
• Category: Tools / Social
• Jurisdiction: Republic of Turkey (KVKK-compliant; equivalent rights for GDPR users)

What we process

You're never asked to create an account; we don't collect names, email, phone numbers, or any direct contact identifier. The app does process the following pseudonymous data so it can work:

Pseudonymous install ID

A random UUID generated on your device. Mobile API requests send this ID so Mediora can enforce per-install quotas, bind Premium entitlement checks, limit duplicate feedback, and detect abuse. The raw install ID is used only for short-lived quota/reward windows and request handling. Persistent backend records store hashed versions of the install ID in analytics, feedback, and entitlement tables so repeated app activity can be grouped without storing the original UUID.

Request IP address

Standard server access logs and rate limits may process your IP address. We may derive an approximate country from proxy headers or a GeoIP database for abuse prevention, proxy routing, and aggregate operational analytics. We do not use IP addresses for ad targeting or precise location profiling.

URLs you paste

The TikTok, Instagram, Twitter/X, Pinterest, Reddit, Facebook, Twitch, or Bilibili link you paste is sent to our backend so it can fetch the public video metadata (title, duration, format list) and return it to you. URLs and metadata may be kept in a short TTL cache so repeat requests are faster. Persistent extraction analytics store platform, country, Premium state, proxy usage, success/failure, and hashed install ID; they do not store the raw submitted URL.

Feedback and support reports

If you submit a bug report from the app, Mediora stores your platform selection, optional URL, app version, description, timestamp, and a short salted hash of your install ID in a feedback log. If support notifications are enabled, the same report may be sent to Morph Haven's configured email or Discord notification channel.

Purchases and entitlement status

Premium purchases are handled by Google Play Billing or Apple App Store / StoreKit. We never see your card details. The backend may store hashed purchase tokens or signed transaction identifiers, product ID, platform, subscription state, expiry time, update time, and hashed install ID so Premium can be verified server-side.

Download history (on your phone)

Recent downloads (platform, title, date, local file path, and save status) are kept in your device's local storage. Android uses Room; iOS uses SwiftData. They never leave your phone. Cleared in-app where available or by uninstalling the app.

Ads and the advertising ID

Ad-supported builds show banner, interstitial, and rewarded ads via Google AdMob. On Android, AdMob may use the Android Advertising ID (AAID). On iOS, AdMob may use Apple's advertising identifier (IDFA) only where App Tracking Transparency and consent choices allow it.

• To stop it on Android: Phone Settings → Privacy → Ads → Reset / Delete Advertising ID.
• To control it on iOS: iOS Settings → Privacy & Security → Tracking.
• To turn off personalized ads: AdMob shows a GDPR/UMP consent screen where required; you can decline personalization there. On iOS, Mediora starts the consent/ad flow only after you choose a rewarded ad action.
• Premium subscription removes all ads — and the advertising ID stops being used by Mediora at that point.

Third parties

• Google Play Billing — handles Android Premium subscriptions where available. Payment is collected by Google; we never see your card details. The subscription record lives in your Google Play account. The app and backend verify whether the subscription is active and store only the entitlement state needed to unlock Premium.
  • Cancel: the in-app "Manage subscription" button takes you straight to Play Store → Profile → Payments and subscriptions → Mediora. After cancelling you stay Premium until the end of the billing period.
  • Refund: Google Play offers an automatic full refund within 48 hours of the first purchase. After 48 hours, email morphaven@outlook.com and we'll review the request.
• Apple App Store / StoreKit — handles iOS Premium subscriptions where available. Payment is collected by Apple; we never see your card details. The app and backend verify signed transaction status needed to unlock Premium.
  • Cancel: iOS Settings → Apple Account → Subscriptions → Mediora.
  • Refund: Apple handles App Store refund requests through reportaproblem.apple.com.
• Google AdMob — for ad delivery. AdMob privacy policy: policies.google.com/privacy. For personalized ads, AdMob processes the advertising ID, approximate location (country/city), and app usage signals. Mediora only receives aggregate revenue reports — never individual user data.
• Cloudflare Turnstile — used on the website to block bot signups. Generates a short-lived token similar to a CAPTCHA. Doesn't collect email or user info. Cloudflare privacy policy: cloudflare.com/privacypolicy.
• Mediora backend — runs the actual video metadata extraction (yt-dlp based) behind morphaven.com/mediora/api and related infrastructure. It receives your URL, fetches a response from the target platform, and returns it to you. It also stores pseudonymous analytics, feedback, quota/reward state, and Premium entitlement cache records as described above.

Platform content

Mediora itself hosts no video content. It fetches publicly available content published by TikTok, Instagram, Twitter/X, Pinterest, Reddit, Facebook, Twitch, and Bilibili at the user's request. Copyright in any downloaded content belongs to the original publisher; you are responsible for using it only for personal use or other purposes the publisher has explicitly permitted.

Data sharing and sale

No personal data is sold to third parties. We don't share user profiles with ad networks or data brokers. The advertising ID that AdMob uses for targeting falls under Google's own policy — you can reset or delete it from Android settings, and you can control iOS tracking permission from iOS Privacy & Security settings.

Backup

• Android cloud backup: OFF. allowBackup=false — your download history and settings are not included in Google Drive backups.
• Android device-to-device transfer: ON. Android's Setup Wizard can copy directly from your old phone to a new one without going through the cloud.
• iOS backup: iOS may include app-local data in encrypted device or iCloud backups according to your Apple backup settings. Downloaded files remain local to your device storage unless you share or move them yourself.

Data retention and deletion

To remove your in-app history:

• "Settings → Clear history" wipes recent downloads where available.
• Uninstalling the app deletes all local data.

Server-side pseudonymous analytics, feedback, quota/reward, and entitlement records are kept as long as needed for service operation, abuse prevention, support, and aggregate reporting. To request deletion of matching pseudonymous backend records, email morphaven@outlook.com and include the install ID shown in the app settings so we can locate the hashed records where technically feasible.

Security

• The local database lives in the platform app sandbox. Android uses app-private storage; iOS uses the app container.
• All network traffic is TLS-encrypted; cleartext HTTP is rejected.
• Release builds go through R8/ProGuard minification and obfuscation before reaching Play Store.
• Play Billing purchase tokens are signed and verified on Google's side.
• App Store transactions are signed by Apple and must be verified server-side before iOS Premium is trusted.
• Backend SSRF protection: the server only fetches URLs whose host belongs to a small whitelist (TikTok, Instagram, Twitter, Pinterest, Reddit, Facebook, Twitch, Bilibili); HTTP redirects are not followed.

Permissions

The Android permissions Mediora requests, with reasons:

• INTERNET, ACCESS_NETWORK_STATE — fetch video metadata and watch download status (required).
• POST_NOTIFICATIONS (Android 13+) — requested only when you start a Batch download, so per-item progress can show as a notification.
• FOREGROUND_SERVICE, FOREGROUND_SERVICE_DATA_SYNC — keep long downloads running in the background.
• com.google.android.gms.permission.AD_ID — required by Google Play for any app that uses AdMob; only active in the free (ad-supported) build. Premium turns ads off, and this permission stops being exercised.

The iOS permissions Mediora requests, with reasons:

• Photo Library Add access — only to save downloaded media to Photos when you choose that action.
• Tracking permission — requested only if an ad-supported iOS build needs App Tracking Transparency for personalized ads.

Mediora does not request location, contacts, camera, or microphone access.

Children

Mediora is not directed at children under 13. We do not knowingly collect data from anyone under 13. Ad requests are configured conservatively for age-appropriate delivery: Android may use Google's under-age/age-treatment controls where applicable, and the iOS client sets Google Mobile Ads age treatment and maximum ad content rating to the teen level before loading ads.

Your KVKK / GDPR rights

Under the Turkish Personal Data Protection Law (KVKK, no. 6698) and equivalent rights for GDPR users:

• The right to know whether your data is being processed — Mediora processes pseudonymous app data as described above.
• The right to request information if it has been processed.
• The right to request correction or deletion.
• The right to know whether data has been transferred to third parties — AdMob (Google), Play Billing (Google), Apple App Store / StoreKit (Apple), Cloudflare Turnstile (Cloudflare).
• The right to object to outcomes derived from automated processing.

Send any data-rights request to morphaven@outlook.com.

Changes

This policy may be updated over time. Material changes are surfaced in the app and reflected in the "Last updated" date above. Mediora release notes can also be tracked from the Play Store or App Store listing page, depending on your platform.

Contact

For any privacy question: morphaven@outlook.com