MediaMaster

Privacy Policy & Acceptable Use

Last updated: April 26, 2026

This file is the public static copy; it uses the same layout and styles as the in-app policy screen.

1. Introduction

This document describes how the MediaMaster open source application and related public web pages may use data, which third parties may be involved when you use certain features, and rules for acceptable use. By using the app or the project’s public site (if any), you agree to these terms. If you do not agree, you should not use the software or the site.

2. How we describe data practices

The desktop app is designed to work primarily on your computer: it reads local game libraries, can call official or community APIs over the internet when you use linking or sync features, and may store preferences and library snapshots locally in the app (for example in browser storage and in the application data directory). There is no project-wide account database shipped with the stock open source app. The project’s public website is simple static HTML and CSS: we have not added scripts or server code there that store names, messages, or analytics in a database we control. Hosting still passes traffic through Cloudflare, which processes standard request metadata by default (see section 5). This page describes the stock app and that public site; forks that add services must provide their own notices.

Local use, no project cloud (stock app): Merged library data, linked-store state, and API results you request are stored only on this device under your OS user profile and in app or Electron/browser storage (see section 3), for whoever is using the app on that machine. The stock open source project does not operate a central database on project-run servers that aggregates or syncs many users’ game libraries. When this policy says “one place” or a unified view, it means one local dashboard on your computer — not a company-held central copy of your games in the stock build.

Sharing with friends (optional, peer-to-peer): Where the app provides social or friend features, friend connections are added peer-to-peer between you and each other person. The stock open source app does not use a centralized database operated by the project to store friend lists or relationship graphs — those links are not uploaded to a project-run social server in that build. You may, at your discretion, share library information and usernames (or display names you use in the app) with people you connect with in this way — for example to compare collections or see what others are playing. The stock app does not broadcast that information publicly without you choosing to share it. Forks that add relay servers, a central friend directory, or other models must state them clearly.

3. Data on your device

  • App configuration and credentials: Optional API keys, OAuth client identifiers, and related secrets may be stored under your user profile in application data (for example, Steam Web API key, IGDB/Twitch client credentials, Microsoft client ID for Xbox sign-in, XboxUnity credentials where supported). You control these settings.
  • Library and UI state in the web layer: Merged game lists, linked-store flags, and similar UI state are stored in the browser localStorage keyed to your signed-in account identifier (and related storage keys in code such as mediamaster-games-library:v1: and linked-store keys). This stays on your machine in the Electron (or browser) profile.
  • Local media cache: Cover art and banners may be downloaded and cached to disk; the app uses internal URLs to reference cached images.
  • Scanned paths: You choose directories for game installs, ROM folders, and emulators; those paths are used locally to discover titles and file sizes.
  • Friend sharing (if enabled): Friends are added peer-to-peer; the stock app has no project centralized friend database. If you show your library or username to connected friends, you choose what to share — user-initiated disclosure (see section 2).

4. Network services and third parties

When you connect accounts or use sync features, the app talks to the relevant providers over HTTPS. Those companies process requests under their own terms and privacy policies. The following are examples of services reflected in the application code paths (exact availability depends on your platform and configuration):

4.1 Epic Games (Epic Games Store)

If you link an Epic Games account in MediaMaster, the app uses Epic’s sign-in and API flows (including patterns compatible with community tooling such as Legendary) to read data that Epic exposes for your account. Epic is an independent data controller for data processed on Epic’s systems; their practices are described in Epic’s privacy policy. This section explains what MediaMaster is trying to do with that access and why, not to replace Epic’s own disclosures.

What category of data is involved (typical for linked-store use): Epic may process (and the app may receive and show in the UI) identifiers tied to your account, a display name or username–like label, game ownership and entitlements, title metadata (names, art references, install or launch state where available), and, where the APIs and your settings allow, achievement or stats-style information to enrich the library. Exact fields depend on Epic’s current APIs and your account.

Our intent for using Epic data in the app: (1) to merge your Epic library into the same dashboard as other stores; (2) to show who is signed in (account display information); (3) to show game information and play/install-related status where available; (4) to show achievement-related data in the library and detail views when exposed by the platform; and (5) over time, to combine on this device your games, social, friends, or catalog information (where Epic makes it available to third-party clients) with your other stores in one local dashboard — understanding that not every Epic feature (e.g. full friends features) may be available outside Epic’s first-party launcher.

Where it lives in MediaMaster (stock app): There is no project-wide cloud database operated by the open source app for this data; merged responses are stored on your device (for example in browser storage and app state) as part of the unified library, consistent with the rest of this policy.

4.2 Steam (Valve)

When you connect Steam features, the app may use a Steam Web API key you provide, read local Steam library data, and call Valve’s services over the network. Valve is the data controller for data processed on Steam’s systems; see Steam’s privacy policy. MediaMaster’s role here is to explain why we use that access, not to replace Valve’s text.

What category of data is involved (typical): store and library metadata, app IDs, play time or achievement data where the APIs and your settings expose it, and profile or display information associated with your Steam account. Images may load from Steam’s CDN (Valve or partners may use infrastructure such as Cloudflare on their side).

Our intent: merge your Steam library with other stores, show game details and optional achievement-style information, and keep your dashboard consistent with a single sign-in experience where supported.

Where it lives in MediaMaster (stock app): merged data is stored on your device with the rest of the unified library, not in a project-run cloud account database.

4.3 Microsoft / Xbox

Microsoft / Xbox sign-in and library-style features use Microsoft identity and Graph-style flows (for example a registered app and device-code or browser-assisted sign-in). Microsoft is the data controller for Microsoft-account data; see Microsoft’s privacy information.

What category of data is involved (typical): account identifiers, profile or display names, and game or entitlement information available to the app for the permissions you grant.

Our intent: show who is signed in, merge eligible Xbox/PC library information into the same UI as other platforms, and display title metadata the service returns for your account.

Where it lives in MediaMaster (stock app): on your device (browser storage and app state) as with other linked stores.

4.4 GOG

If you use GOG linking or library flows in the app, requests go to GOG’s services over HTTPS. GOG / CD PROJEKT is the controller for that side of processing; see GOG’s privacy policy.

What category of data is involved (typical): account-linked library and product metadata, and similar game-list information the integration returns.

Our intent: list owned titles and metadata in the unified library when you enable the integration.

Where it lives in MediaMaster (stock app): on your device as merged library data.

4.5 Electronic Arts (EA)

Optional EA or Origin-style flows, where present in the app, call EA’s services. EA is the data controller for personal data on EA’s systems; see EA’s privacy and cookie policy.

What category of data is involved (typical): account authentication context and, where the service exposes it, entitlements and catalog metadata for your library integration.

Our intent: show EA-linked games alongside other stores when you use the feature.

Where it lives in MediaMaster (stock app): on your device as with other stores.

4.6 Ubisoft

Ubisoft Connect / Uplay–style library discovery, where available, uses Ubisoft’s services. Ubisoft is the data controller for that processing; see Ubisoft’s privacy policy and Ubisoft’s terms of service.

What category of data is involved (typical): sign-in and session data on Ubisoft’s side, and library or title metadata the API returns to the app.

Our intent: merge supported Ubisoft titles into the dashboard when you connect the account.

Where it lives in MediaMaster (stock app): on your device only, for the stock app.

4.7 PlayStation

PlayStation network–related discovery, where the code path exists and you authenticate, uses Sony Interactive Entertainment services. SIE / PlayStation is the data controller for account data on their side; see PlayStation’s privacy policy.

What category of data is involved (typical): OAuth or token-based sign-in handshakes and such title or entitlement metadata as the integration is allowed to fetch.

Our intent: reflect your PlayStation library in the combined view when the feature is enabled and the platform allows third-party access.

Where it lives in MediaMaster (stock app): on your device in merged library state.

4.8 IGDB (via Twitch)

When you configure IGDB for metadata and artwork, the app calls IGDB using Twitch developer credentials (for example a client id/secret in environment variables or a file under app user data). Amazon / Twitch and related entities set their own rules; see Twitch’s privacy policy and IGDB’s documentation for how API access is handled.

What category of data is involved (typical): application-only credentials on your machine, and non-account game metadata (titles, art URLs, platform tags) returned by the API — not a substitute for your storefront passwords.

Our intent: enrich tiles and detail pages with cover art, descriptions, and labels that help identify games across stores.

Where it lives in MediaMaster (stock app): API keys stay in your profile / app data; fetched metadata is cached locally for performance.

4.9 Community art (e.g. XboxUnity)

Optional community or alternate art sources (for example XboxUnity) are separate services. The operator of each service is the data controller for data they process; MediaMaster only stores the credentials and responses you direct the app to use.

What category of data is involved (typical): usernames and passwords or API tokens you choose to save for that integration, and image or metadata files returned to match titles.

Our intent: optional supplemental artwork when first-party or IGDB art is missing or insufficient.

Where it lives in MediaMaster (stock app): on your device (secure app storage and local cache), treated as sensitive.

4.10 Emulator & public catalog data

Emulator-related lists and “known good” name databases may be bundled with the app or downloaded in build scripts from public repositories (for example on GitHub). That data is generally not personal data — it is community or public domain–style name lists and checksum references.

What category of data is involved (typical): public title identifiers, file hashes, and optional community achievement or compatibility metadata, as shipped with the build you install.

Our intent: help you map ROMs and disc images to human-readable names and optional achievement-style overlays where enabled.

Where it lives in MediaMaster (stock app): in application files and local cache on your machine, without sending your ROM names to a project-operated account database.

4.11 Embedded store and browser

The app can embed full storefronts and the open web in native webviews. Each site is its own controller: those sites set cookies, run scripts, and apply their own terms. A local HTTP proxy may help with embedding; traffic still terminates at the third party you browse.

What category of data is involved (typical): whatever you enter or the site reads under their policies (payment details, account cookies, analytics), not under MediaMaster’s control.

Our intent: let you use storefronts and the web inside the app shell without leaving the desktop experience.

Where it lives in MediaMaster (stock app): normal webview storage on your device, governed by the embedded site, not a MediaMaster cloud profile.

5. Public website and Cloudflare

The public site for this project (for example documentation or a landing page) is hosted on Cloudflare (e.g. Pages or related DNS and CDN). We have not added application code on that site to collect form submissions, run analytics, or store personal data in a project-controlled database. Pages are delivered as static files.

Even for a static site, Cloudflare still processes data about each request by default as part of providing DNS, delivery, and network security. Under its own documentation and privacy policy, that typically includes generalized technical and security-related data such as IP address, information about the TLS connection, timestamps, the requested URL path and hostname, HTTP method, user agent, and similar metadata needed to route traffic, mitigate abuse, and operate the service. That processing is by Cloudflare as infrastructure provider, not by custom code on our pages. For details, retention, and legal bases, see Cloudflare’s policy; we do not maintain a separate parallel log of visitors for the stock site.

Distinction: When game platforms (e.g. Steam) use Cloudflare in their CDN hostnames, that is their relationship with Cloudflare, separate from this project’s own site.

You do not need to visit the public site to run the desktop app locally.

6. Privacy (general)

The app is open source. Features that touch the network do so to provide the service you asked for (sign-in, library sync, artwork, storefronts). We do not operate a single mandatory “phone home” analytics channel for the stock app; telemetry could be added in a fork, so check the build you install.

  • Contact form in the app footer — Uses your email client via mailto:; messages are not stored by our servers in the stock app (there is no default backend for that form).
  • Operators of modified builds — Anyone who ships a modified app or hosted site is responsible for additional notices required in their region.

7. Acceptable use

You must use the app only for lawful purposes and in accordance with its intended design and functionality as provided by the original maker and contributors.

7.1 No illegal activity

  • No unlawful use: You must not use the app to plan, commit, promote, or assist any illegal activity under any applicable law.
  • Compliance with laws: You are solely responsible for ensuring that your use of the app complies with all local, national, and international laws and regulations.

7.2 Use only as intended

  • Intended functionality: You must use the app only as intended by its original design and documentation. You must not deliberately circumvent, disable, or misuse features in ways that contradict the purpose of the app.
  • No malicious modification: While you may modify the open source code as permitted by its license, you must not distribute modified versions that are designed to deceive, harm, or mislead users or to enable unlawful activity.

7.3 No harm to others

  • No harassment or abuse: You must not use the app to harass, threaten, defame, or otherwise harm other individuals, organizations, or communities.
  • No disruption: You must not use the app to disrupt, damage, or interfere with the normal operation of systems, networks, services, or devices belonging to other users or companies.
  • No malware: You must not use the app to create, distribute, or execute malware, including viruses, worms, ransomware, spyware, or any other malicious code.

7.4 Intellectual property and legal protections

  • Respect for copyrights: You must not use the app to infringe or facilitate the infringement of copyrights, including unauthorized copying, distribution, or public display of protected works.
  • Respect for patents and other rights: You must not use the app to infringe or facilitate the infringement of patents, trademarks, trade secrets, or any other intellectual property or proprietary rights.
  • Content responsibility: You are solely responsible for ensuring that any content you create, upload, process, or distribute using the app does not violate any intellectual property rights or other legal protections.

8. Open source license

The app is licensed under an open source license, which governs your rights to use, modify, and distribute the software. In the event of any conflict between this document and the open source license, the license terms will generally prevail with respect to your rights to the source code.

You should review the specific license file included with the project (for example, MIT, Apache‑2.0, GPL, or another license) to understand your rights and obligations.

9. No warranty

The app is provided “as is,” without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non‑infringement. The authors or contributors are not liable for any claim, damages, or other liability arising from, out of, or in connection with the app or the use or other dealings in the app.

10. Changes to this policy

This document may be updated. When it is, the “Last updated” date at the top changes. Continued use of the app or site after updates constitutes acceptance of the revised terms, except where a stricter standard applies in your jurisdiction. Earlier versions are listed under Policy change history.

11. Contact

If you have questions about this document, use the project repository or the in-app contact form (which opens your email client) if available.

Policy change history

Summary of substantive edits. In the app, use the Policy change history links in the table of contents to open full prior texts. The public site keeps the same history as separate static HTML files (for example privacy-2026-04-25.html and privacy-2026-04-20.html next to privacy.html) so older versions load independently and stay easy to host as the policy grows.

  • April 26, 2026 — Documented Epic Games in depth (account and game/achievement data, library and achievement intent). Added a full §4 subsection for each major store/API (Epic, Steam, Xbox, GOG, EA, Ubisoft, PlayStation, IGDB, community art, emulator/public data, embedded webviews) with controller links, typical data, app intent, and on-device storage; styled the table-of-contents scrollbar to match the app theme. Clarified in §2 and §4.1 that merged data in the stock app stays local to the device and session, with no project-run central game library or friend database; reworded Epic “unified” language so “one place” is a local dashboard. Optional friend features: P2P friend connections, discretionary library/username sharing with connected friends, not public by default. Web policy pages: matching table of contents and file-based version history; updated external legal links (e.g. Epic, GOG, Ubisoft privacy; Ubisoft terms of service) where applicable.
  • April 25, 2026 — Added data-inventory language (local storage, APIs, webviews), Cloudflare and static-site details, in-app table of contents, and archived the prior in-app and web text for comparison. (Clarified default Cloudflare request metadata; no first-party project database for the public site in stock builds.)
  • April 20, 2026 — Initial short in-app policy and acceptable use. Preserved in a dated archive screen and static web file.

Open April 25, 2026 archived policy

Open April 20, 2026 archived policy

Home