Privacy Policy
Last updated: June 21, 2026
KromaPlay is a playback-first media player for Plex and Jellyfin, available on iOS, Windows, and Android. It is a client for your own Plex and Jellyfin servers — it does not host, stream, or store any media of its own. You bring your own server; KromaPlay just plays what's on it.
This policy explains exactly what data the app touches, what stays on your device, and the one feature that sends anything off your device. We've written it to be specific rather than generic, because the honest answer for most of KromaPlay is short: almost nothing leaves your device, and we collect nothing about you.
The short version
- KromaPlay creates no account of its own. You sign in to your Plex or Jellyfin server, not to us.
- There are no analytics, no advertising, and no third-party tracking in the app.
- Your media streams directly from your server to your device. It does not pass through us.
- One feature, and only one, sends data off your device: the Kadence AI DJ. It is opt-in — if you never use it, nothing ever leaves your device.
Data the app accesses (and where it stays)
To do its job, KromaPlay handles the following data. Unless this policy says otherwise, all of it stays on your device or travels only between your device and your own server.
Server connection details and authentication tokens
When you connect to a Plex or Jellyfin server, KromaPlay stores the server address and the authentication token issued by that server. These tokens are saved in your operating system's secure credential store:
- iOS — the iOS Keychain
- Windows — Windows Credential Manager
- Android — the Android Keystore-backed secure storage
These tokens never leave your device except to talk to the server that issued them. We never receive them.
Library metadata
KromaPlay reads metadata from your server — titles, artwork, descriptions, track and episode lists, your "Continue Watching" items, search results, and available subtitle and audio tracks — so it can show your library and let you browse, search, and pick what to play. This data comes from your server, is used to render the app, and is not sent anywhere else.
Playback position
As you watch or listen, KromaPlay reports your playback progress back to your own Plex or Jellyfin server (so things like resume points and "Continue Watching" stay in sync across your devices). This is standard client behaviour and goes only to your server — not to us.
Media streams
Audio and video are streamed directly from your server to your device for playback (including direct play and, when your server requires it, transcode fallback). The media itself never touches our infrastructure.
What leaves your device — the Kadence AI DJ
KromaPlay includes an optional AI DJ feature called Kadence. It is the only part of the app that sends any data off your device, and it does so only when you actively use it.
When you ask Kadence for a playlist, the app sends the following to KromaPlay's managed Cloudflare Worker, which forwards it to the Anthropic Claude API to generate playlist suggestions:
- The vibe / prompt text you typed (for example, "rainy Sunday morning jazz").
- A list of your top-played artist names, used to tailor suggestions to your taste.
- A device identifier — specifically your Plex client ID — used only for rate limiting.
That is the complete list. In particular, Kadence does not send:
- any audio, music files, or media content;
- your Plex or Jellyfin authentication tokens or server address;
- your name, email, or any account identity;
- your full library or listening history beyond the top-artist names above.
The Cloudflare Worker passes your prompt and artist names to Anthropic's Claude API to produce a suggested playlist, then returns the suggestions to the app, which matches them against your own library and plays them. Your use of this feature is subject to Anthropic's terms and privacy practices:
- Anthropic Privacy Policy: anthropic.com/legal/privacy
- Anthropic Usage Policies: commercial terms and acceptable use
Retention for Kadence
KromaPlay's Cloudflare Worker keeps only rate-limit counters keyed to your device id — enough to prevent abuse of the service. It does not keep logs of your prompts or artist lists as a user profile, and it does not build a history tied to you. Anthropic's handling of the request is governed by Anthropic's own policies linked above.
What we do NOT collect
To be unambiguous, KromaPlay does not:
- collect analytics or usage statistics;
- show advertising or contain ad SDKs;
- use third-party trackers, fingerprinting, or marketing/attribution tools;
- create an account for you or maintain user profiles on our side;
- upload your media, audio, or library contents anywhere;
- sell, rent, or share your data — because we don't collect it to begin with.
Children's privacy
KromaPlay is a media player intended for a general audience and is not directed at children under 13. We do not knowingly collect personal information from children. KromaPlay creates no accounts and gathers no personal data of its own; any content you access is whatever lives on your own Plex or Jellyfin server, which is under your control.
Your choices and controls
- Don't use Kadence, and nothing leaves your device. The AI DJ is the only off-device feature. If you never invoke it, KromaPlay operates entirely locally and against your own server.
- Sign out to clear your tokens. Signing out of a server removes its stored authentication token from your device's secure credential store.
- Uninstall removes the app and its locally stored credentials from your device.
- You control your own server. Library metadata and playback position live on your Plex or Jellyfin server, and you manage that server's data and privacy settings yourself.
Changes to this policy
If KromaPlay's data behaviour changes, we will update this policy and revise the "Last updated" date above. Material changes will be reflected here before the behaviour ships.
Contact
Questions about this policy or KromaPlay's privacy practices:
- Email: [email protected]
- Website: kromaplay.app