Privacy Policy

Last updated: 9 May 2026

The short version: we store nothing about you on our servers. The app talks directly to the servers you tell it to. Crash diagnostics are the one exception, and they're fully described below.

Conductarr ("the app") is a mobile client for managing self-hosted media-server software (Sonarr, Radarr, Prowlarr, Lidarr, Readarr, Bazarr, qBittorrent, SABnzbd, Overseerr, Jellyseerr) on the user's own servers. This policy covers what the app does with your data.

What stays on your device

Everything you configure stays on the device you configured it on:

• Connection details — the URLs, API keys, usernames and passwords you enter for each service — are stored encrypted in Android's hardware-backed keystore (flutter_secure_storage). They are never transmitted to us and never leave the device except in two ways:
  1. As HTTP requests directly to the server you configured.
  2. If you explicitly tap "Backup config" and choose to save the encrypted backup file to a cloud folder you control.
• Push channel configuration (ntfy topic URLs and any optional auth tokens) is stored in the same encrypted keystore.
• App preferences (theme, default tab, library sort order) are stored in standard Android shared preferences on the device.
• Push event log — the in-app activity feed of recent notifications — is stored as a JSON file in the app's private documents directory, capped at 100 entries.

None of this is transmitted to us. None of it is associated with any account you hold with us — there is no account.

What we never collect

• We do not collect personal information (name, email, phone, address).
• We do not collect or transmit your media library contents.
• We do not collect or transmit the API keys, credentials, or URLs of the services you connect to.
• We do not show advertisements.
• We do not embed third-party analytics, tracking pixels, or marketing SDKs.
• We do not access your contacts, calendar, photos, microphone, location, or any sensor.
• We do not require sign-in.

Crash diagnostics (the one exception)

When the app crashes or hits an unhandled error, it sends an anonymised crash report to Sentry, an industry-standard error-tracking service. The report contains:

• The stack trace of the error.
• The device model, operating system version, and app version.
• A randomised installation identifier so that multiple crashes from the same install can be grouped — generated by Sentry, not by us, and cannot be tied back to any other identity.
• The last few in-app navigation events ("breadcrumbs") leading up to the crash, so we can reproduce the issue.

We have explicitly disabled Sentry's "send default PII" feature. As a result, no IP address, no user email, no Android Advertising ID, and no other identifier we would consider personal is included.

We do not collect the API keys, instance URLs, or library contents in crash reports. We use this data solely to fix bugs.

Sentry stores crash reports in the European Union under their privacy policy: sentry.io/privacy. Reports are retained for 90 days by default, then deleted automatically.

If you do not want to send crash reports, you can:

1. Disable network access for the app via Android system settings, or
2. Sideload a self-built APK that omits the Sentry DSN at build time (the source is open).

Network connections you initiate

The app makes network requests in three categories:

1. To your own servers — every Sonarr / Radarr / Prowlarr / Lidarr / Readarr / Bazarr / qBittorrent / SABnzbd / Overseerr / Jellyseerr URL you configure. These requests carry the API key or credentials you entered, exactly as your server expects them. We do not proxy or inspect this traffic.
2. To your ntfy server — when you configure a push channel pointing at ntfy.sh or a self-hosted ntfy instance, the app maintains a long-poll subscription so it can surface notifications.
3. To Sentry — only when an error occurs, as described above.

There are no other outbound connections.

Backup files

If you use the "Backup config" feature, the app encrypts your configuration with the passphrase you choose (AES-256-GCM with a key derived via PBKDF2-HMAC-SHA256, 100,000 iterations) and saves the resulting file to the location you pick. We do not see this file. The file's security depends on the strength of the passphrase you choose; pick a strong one and store it in a password manager.

Children's privacy

Conductarr is intended for adult users managing their own server infrastructure. It is not directed at children under 13 (or 16 in jurisdictions where that is the relevant age threshold) and we do not knowingly collect any data from children.

Your rights

Because we do not store data about you, there is no account to delete and no profile to access. If you have submitted crash diagnostics through Sentry and want them removed, contact us at the address below and we will request deletion via Sentry's data subject request channel.

If you are in the UK or EU, the GDPR-equivalent rights apply:

• Right to access your data
• Right to correct your data
• Right to delete your data
• Right to data portability

Exercise these by emailing the contact address below.

Changes to this policy

If we change this policy, the "Last updated" date at the top will change and the new version will be published at the same URL. Material changes will also be flagged in the app's About screen on the next update.

Contact

Mathew West
hello@conductarr.app
Jurisdiction: United Kingdom