Plex

Plex is a client–server media player system plus an ancillary software suite.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 22, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

This policy doesn't require the service to alert the user in the event of a data breach.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? Yes

5/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

This Privacy Policy may be updated from time to time. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy on the Plex website. You are advised to consult this Privacy Policy regularly for any changes.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Revised January 1, 2020

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 22, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

In order to help keep your media secure, we provide publicly trusted TLS certificates for end-to-end encrypted connections among all of our servers, Services, and client applications. For more information, please review our support article on the topic. We have put in place commercially reasonable physical, electronic, and organizational procedures to safeguard and secure the information we collect. For example, password information is stored on our servers and is protected using hashing and encryption technologies. We do not store any of your payment or credit card information on our servers. The data is encrypted and securely stored by an independent company, Braintree, which provides payment-processing services for Plex. Please review the Braintree Security Policy for more information.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

Plex processes and uses Collected Information with your consent, you can withdraw your consent by updating your privacy settings or closing your account. Plex also processes Collected Information when it needs to do so to fulfill a contract with you to provide you services, in its legitimate interest to aid in developing and improving the services, or when required by law. If you do not want to provide certain information to us in order to fulfil our agreement with you to provide the services, we may not be able to provide you the fullest version of our services.

We use the Collected Information to provide you with the Services, improve the Services, enhance your user experience, and communicate with you. For example, for Third-Party Content, we use information about your interactions with the Services to track the watch state of media items that have been linked to the Services on devices that have been linked to the Services. We use this information to allow you to resume watching in the same watch state on different Plex-linked devices.

We use your profile information to contact you about your account or about new Plex functionality and certain Plex news and information. You may opt-out of certain types of communications by editing your account settings.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

You may provide us with profile information such as your e-mail address, username, a profile image, and password when you create an account, or when you edit your account information. You may also provide us with your payment information when you sign-up for a paid service. If you choose to connect your account to an account of an external service, such as a social networking site, we may collect certain information from those accounts, such as your name and email address as well as data required to connect to that service. You may provide such authorization during the connection process, or it may be implicit in the service authorization itself. For example, if you choose to connect your Plex account to a social networking account, we may collect your public profile information if you agree to the collection of this information during the connection process. Except for certain exceptions such as Third-Party Control and Playback Mechanisms and image analysis (i.e., metadata about photos when these features are user-enabled, such as geotag information or scene recognition analysis), as described below, we do not collect or store metadata (information about the specific file, cover art, subtitles, running length, etc.) for Personal Content stored on your personal Plex Media Server. However, your Plex Media Server may anonymously send us filenames or other identifiers for your Personal Content for the sole purpose of providing metadata back to your personal Plex Media Server. You may disable this metadata matching capability. We may offer integrations with Third-Party Control and Playback Mechanisms that you may choose to use, such as Sonos, Amazon Alexa, IFTTT, Zapier, SmartThings, webhooks, etc. In order to provide the integrations with the Third-Party Control and Playback Mechanisms, we may collect Metadata for your Personal Content that is needed to integrate with the Third-Party Control and Playback Mechanisms. For example, if you use Amazon Alexa to play a particular song or movie from among your Personal Content at your home, then our Services may search your Personal Content in order to find and play the song or movie that you requested. Information provided by you to the Third-Party Control or Playback Mechanisms is not governed by this privacy policy. We may collect usage statistics for Personal Content. This includes information about your interaction with the Services, such as device information, duration, bit rate, media formats, resolution, and media type (music, photos, videos, etc.). Where possible, we will generalize this information to avoid identifying your Personal Content. Usage statistics do not include specific content titles or filenames. We may use information related to your usage to run and improve our Services, to provide, customize, and personalize communications and other content that we deliver or offer to you. When you use the Services to watch, listen to, or record content from a third-party content provider or source such as any officially supported Third-Party Content that Plex streams to Plex apps, trailers and extras from Internet Video Archive (IVA), or use of our Live TV and DVR service, we may collect information related to that media interaction. For example, we may collect what program or movie you are watching and when, your interaction with any static or video advertising, etc. We may also collect your device information and device location, for example, by using your IP address or by asking for your zip code. We may use this information to run and improve our Services, provide advertising and marketing to you, as well as share anonymous or aggregated versions of the data with third parties. We may collect information about your use of third-party services for reporting to these partners and calculating the fees that we owe them. For example, we report the number of trailers and extras viewed to IVA. We may also collect information about third party services and your use of those services in order to serve video content and advertisements via features that rely on third party providers. This information can include the metadata needed to serve advertising. We may store information about your configuration or use of our Services when you create a Plex Media Server on a local device, connect to a Plex Media Server that you or another person has configured, or download or connect to a Plex app, or interact with or use other Plex software or Service. This information may include an IP address and port number(s), the name of a Plex Media Server, and information used to secure access to our Services. “Interfacing Software” includes but is not limited to, plug-ins for the Services, channel plug-ins, metadata agents, and client applications that communicate directly or indirectly with the Services. We may store copies of Interfacing Software that you provide to Plex and that accesses or calls any software provided by Plex as part of the Services. You may send us logs, metadata, or other information about your devices, media, and experiences for the purpose of resolving an issue you may have with the software or suggesting desired features. On client applications where it is possible, we will offer the ability to opt-out of sending crash reports. If you would like to learn more about the information being sent in crash reports, we encourage you to review the privacy policies for the third-party client applications you are using to access Plex Services. The information being sent to us will only be used to help resolve your issue and / or improve our Services, and using our Services and provision of such information, you agree to such use by us. Like many online services, we may collect information about the devices that are used to access our Services, such as the IP address of the device, the operating system and version of the device, the browser that you use to access a Plex web page, and the versions of the Plex technologies being used. We may also collect location information about the devices that access our Services. When a request for information or content is sent to a Plex Media Server, we may collect an application identifier that identifies which application sent the request. An application identifier uniquely identifies a particular copy of an application. For example, if you download an application from Plex, fully uninstall the copy of the application, and then re-download the application from Plex, the new copy of the application will be associated with a different application identifier than the uninstalled copy of the application. Note that simply deleting the app without fully uninstalling may not reset the application identifier. We may provide, and you may choose to use, the Plex Relay Service to connect or stream your Personal Content to another device. If you choose to use the Plex Relay Service, we will transfer the data necessary to perform the service. All such traffic is encrypted from end-to-end in a manner that makes it impossible for Plex or the Plex Relay Service to decrypt or view any data. The data transferred via the Plex Relay Service is not stored by Plex except for the temporary buffering of data required to provide you with an optimal streaming experience. You can disable the Plex Relay Service by turning off Remote Access in your server settings. Like many online services, Plex uses cookies, tracking pixels, and similar technologies to collect information that helps us provide our Services to you. We also use these technologies to help market our products and services to you and other customers. For more information about these technologies and how you may control them, please see the detailed description of Tracking Technologies.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? Yes

0/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Citation

When you use the Services to watch, listen to, or record content from a third-party content provider or source such as any officially supported Third-Party Content that Plex streams to Plex apps, trailers and extras from Internet Video Archive (IVA), or use of our Live TV and DVR service, we may collect information related to that media interaction. For example, we may collect what program or movie you are watching and when, your interaction with any static or video advertising, etc. We may also collect your device information and device location, for example, by using your IP address or by asking for your zip code. We may use this information to run and improve our Services, provide advertising and marketing to you, as well as share anonymous or aggregated versions of the data with third parties.

We may collect information about your use of third-party services for reporting to these partners and calculating the fees that we owe them. For example, we report the number of trailers and extras viewed to IVA. We may also collect information about third party services and your use of those services in order to serve video content and advertisements via features that rely on third party providers. This information can include the metadata needed to serve advertising.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-out basis, but only for some non-critical data/uses

1.5/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

We may ask for your consent to have Plex share your third-party media consumption information together with your personal information with our content programmers, service providers, and other third parties. If we have asked for your consent, we will provide you with a way to view or change your consent preference by updating your account settings.

You may choose to opt-out of sharing the playback statistics for Personal Local Content that you store on your personal Plex Media Server by updating your Privacy Preferences.

Plex may also use third-party advertising companies to serve ads, which may, directly or indirectly, collect or use information about user visits to websites and mobile app usage over time and across non-affiliated websites and mobile apps to display advertisements more tailored to users’ interests on this browser or device, and those browsers or devices associated with it. A user can visit www.aboutads.info/choices and/or download the appropriate version the AppChoices app at http://www.youradchoices.com/appchoices if a user wishes to learn more about this practice or would like to know more about his/her choices regarding that activity by companies participating in those choice tools. Please visit the Opt-Out Options for Third-Party Advertising page for any specific third party advertising companies’ opt-out information.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? Yes, but you can opt-out

3.5/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

We may use this information to run and improve our Services, provide advertising and marketing to you, as well as share anonymous or aggregated versions of the data with third parties. [...] We use Collected Information related to Third-Party Content to allow us and our partners to personalize marketing, advertising, and other content delivered or offered to you. For example, we may use or share Collected Information related to Third-Party Content that is necessary to serve video content and advertisements, including the source of the content, full information about the content including title, device identifiers, timing and location of your consumption, your user information, your IP address, etc. We also share the metadata needed to serve video or audio advertising. [...] Plex may also use third-party advertising companies to serve ads, which may, directly or indirectly, collect or use information about user visits to websites and mobile app usage over time and across non-affiliated websites and mobile apps to display advertisements more tailored to users’ interests on this browser or device, and those browsers or devices associated with it. A user can visit www.aboutads.info/choices and/or download the appropriate version the AppChoices app at http://www.youradchoices.com/appchoices if a user wishes to learn more about this practice or would like to know more about his/her choices regarding that activity by companies participating in those choice tools. Please visit the Opt-Out Options for Third-Party Advertising page for any specific third party advertising companies’ opt-out information.

Note

The opt out page is at https://www.plex.tv/about/privacy-legal/opt-out-options-for-third-party-advertising/

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 22, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

If you choose to connect your Plex account to a third-party account or service to have us and /or that third party provide a particular feature or service, we will provide that external service with the information needed to have us and / or that third party perform the requested feature or service. For example, if you connect your account to a social networking site and give us permission to publish posts on your behalf, we will do so. Additionally, unless you request or allow us to publish other information, the content of the published posts will be limited to describing your interactions with the Services. As another example, if you choose to have us send (or “scrobble”) your listening history to Last.fm, obtain metadata from a third party service, or use a third-party recommendation service, we use Collected Information to engage with and / or send the Collected Information to that service when you request that service. The shared information may include metadata about the media (such as title, duration, author, cover art, dates associated with the media, and other relevant information) and information about the media itself (such as resolution, bit rate, format, location, etc.). [...] Plex may share Collected Information as expressly set forth in this Privacy Policy, including the following limited situations: With third parties that assist us in providing you with our Services, such as payment processors, business and analytics providers, content providers, marketers, and cloud service providers, but we require our third parties to only use your information for the purposes of providing the services requested of them and in accordance with this Privacy Policy. [...] With third parties to improve and deliver advertising to you on our behalf. If you request or consent to our sharing of Collected Information with a third party. [...] We will not share with third parties for their use or sell Collected Information about your Personal Content.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, using an automated mechanism

5/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

You may delete your account by selecting the option to delete your account in the Settings page. We will delete your information without unreasonable delay after receiving the request except that we may retain archived copies of your information as required by law.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided May 22, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

Plex may share Collected Information as expressly set forth in this Privacy Policy, including the following limited situations: If we believe that the disclosure is reasonably necessary to (a) satisfy an applicable law, regulation, legal process, or enforceable governmental request; or (b) protect or defend the safety, rights, or property of Plex, the public, or any person.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Plex has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Plex, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

4.6/10

How we calculate ratings →


Version Added

May 22, 2020

Ratings Updated

May 22, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions