Video Downloader - 4kDown Privacy Policy

Privacy Policy
Last updated: 30-07-2025

This Privacy Policy outlines the practices of CompToost, the developer of the mobile application “Video Downloader – 4kDown” (package name: com.comptoost.videodownloader), regarding the collection, use, maintenance, and disclosure of information from users of the application.

This policy applies to all data collected through the application, whether automatically or directly provided by users. CompToost is the sole entity responsible for processing user data under this Privacy Policy.

The application, "Video Downloader - 4kDown" (package name: com.comptoost.videodownloader), is developed and operated by. This entity is responsible for the processing of personal data under this Privacy Policy. The name of the application and the developer entity must be explicitly stated within the policy text to meet Google Play's requirements for clear accountability.⁴ It is not sufficient to merely refer to "we" or "the app" throughout the privacy policy. Google Play explicitly requires that "The entity (for example, developer, company) named in the app's Google Play store listing must appear in the privacy policy or the app must be named in the privacy policy".⁴ This prevents any ambiguity for users and regulators regarding who is legally responsible for data practices. Without this explicit identification, the policy might be deemed non-compliant, as it fails to provide a clear point of contact for legal and privacy inquiries.

3. Information Collection and Use

This section meticulously details all types of information the application collects, differentiating between data directly provided by the user (if any) and data collected automatically, including information gathered by integrated third-party SDKs. Transparency in this area is paramount for Google Play compliance and user trust.

Data Provided by the User

Based on the provided application description and dependencies, "Video Downloader - 4kDown" does not appear to implement features such as user accounts, direct user input forms for personal data (e.g., name, email address), or payment processing. Therefore, the application currently does not directly collect personally identifiable information that users explicitly provide. Should future versions of the application introduce features requiring direct user input of personal data, this section of the Privacy Policy must be promptly updated to reflect those new data collection practices.

Information Collected Automatically

The application collects various types of information automatically to provide its services, enhance user experience, and for operational purposes.

• Device and Usage Information: The application, through its networking libraries (e.g., OkHttp) ⁹ and potentially image loading libraries (Glide) ¹¹, will automatically collect standard technical data such as the device's IP address, type, unique device identification numbers, and operating system version. This data is essential for ensuring application compatibility, optimizing performance, and for security purposes. Glide explicitly mentions collecting IP address, device type, and other technical information.¹¹ The

  android.permission.ACCESS_NETWORK_STATE permission is declared, allowing the application to monitor the status of network connectivity. This is crucial for the application's core functionality of downloading videos and ensuring stable network operations.⁹

• Unique Device Identifiers:

  • Advertising ID (AAID): The com.google.android.gms.permission.AD_ID permission is declared. This is a unique, user-resettable, and user-deletable identifier provided by Google Play services for advertising purposes.² This ID is used by third-party advertising partners, such as Unity Ads, to personalize advertisements displayed within the application.¹

  • App Set ID: The com.google.android.gms:play-services-appset dependency indicates the use of the App Set ID. This identifier is intended for essential non-advertising use cases, such as analytics and fraud prevention, and must not be connected to the Advertising ID or any personal and sensitive data for advertising purposes.² The application's use of both the Advertising ID and App Set ID represents a critical distinction that must be clearly articulated. The Advertising ID is specifically for advertising purposes and its associated personalization and sharing.¹ In contrast, the App Set ID is explicitly designated for non-advertising purposes such as analytics and fraud prevention, and Google's policy strictly prohibits linking it with the Advertising ID or any personal/sensitive data for advertising.² Failure to maintain this distinction in practice and in the policy can lead to compliance violations.

• Application Usage Data:

  • Playback and Media Analytics Data (ExoPlayer): The application utilizes androidx.media3:media3-exoplayer and related ExoPlayer components. ExoPlayer can collect detailed playback analytics data, including total playback time, adaptive playback quality metrics (e.g., average video resolution), rendering quality metrics (e.g., dropped frames), and resource usage metrics (e.g., bytes read over the network).¹² This data is typically processed and interpreted to understand how the application is used, improve playback performance, and inform future application development.¹² This data is generally anonymized or aggregated and stored locally or reported to analytics services.

  • General Application Interactions: The application may collect anonymized usage data, such as which features are used and how often, to improve the application.¹³ This data helps improve the overall user experience and application functionality.

• Notifications Data: The android.permission.POST_NOTIFICATIONS permission is declared. This allows the application to send notifications to the device, likely related to the status of video downloads, new features, or important application updates.¹³ These notifications are solely for enhancing the user experience within the application.

• Local Storage Access (Read/Write External Storage): The android.permission.WRITE_EXTERNAL_STORAGE and android.permission.READ_EXTERNAL_STORAGE permissions are declared (with maxSdkVersion="28"). For devices running Android 9 (API level 28) or lower, these permissions enable the application to access and write video files to the device's shared or external storage. This is fundamental to the application's core functionality of downloading and saving video content for offline viewing. The policy explicitly states that the application does not collect any other data from the user's storage beyond what is necessary for managing downloaded video files.¹³ Although these permissions are deprecated for Android 10 (API 29) and above, their inclusion with

  maxSdkVersion="28" means they are still active and relevant for users on older Android versions (up to Android 9). For these users, the application must comply with Google's requirements for runtime permission requests and clear in-app disclosures before accessing data gated by these permissions.⁴ The privacy policy must explicitly address these permissions for the relevant segment of the user base, detailing their specific purpose (downloading and playing video files) and confirming that no other personal data is accessed from storage.

• Image Loading Data (Glide): The com.github.bumptech.glide:glide library is used for efficient image loading and caching within the application.¹¹ While primarily a performance utility, Glide, like other network-enabled libraries, may collect basic technical usage data (e.g., IP address, device type) for its own internal diagnostics or aggregated performance monitoring.¹¹ This data is typically anonymized and used to improve the library's functionality.

Information from Third Parties

The application integrates third-party services that collect data independently or in conjunction with the application's operations.

• Unity Ads Data Collection: The application integrates Unity Ads (com.unity3d.ads). Unity, as an advertising network, collects the device's Advertising ID (Ad ID) to personalize advertisements that are displayed within the application.¹ Unity explicitly states that it may "share" this Ad ID with its advertising and publishing partners. These partners may use this Ad ID to access information about online activities, purchases, or websites visited, for the purpose of delivering more relevant personalized ads.¹ Unity's legal framework acknowledges that certain advertising and analytics activities may constitute a "sale" or "sharing" of information under the California Consumer Privacy Act (CCPA).¹

• Google Play Services Data Collection: The application leverages various Google Play Services components, including those related to advertising and app set IDs. Google collects data from applications using its services for multiple purposes, including:

  • Providing, maintaining, and improving its services.

  • Developing new services.

  • Providing personalized services, including customized content and advertisements based on interests and activity across Google services.³

  • Measuring performance and understanding how services are used, often through tools like Google Analytics.³

  • Google states that it "never sells your personal information to anyone, including for ads purposes".⁷ However, data is used for personalized advertising based on user activity.³

4. How Information is Utilized

This section explains the specific purposes for which the collected information is utilized, linking data types to their functional or operational roles within the application and its ecosystem.

To Provide and Maintain Application Functionality

Information is used to enable the core features of the application, including automatically detecting video links from web browsers (using Jsoup) ¹⁴, facilitating the download of video files in various resolutions and formats, and managing these files for local playback. This also includes utilizing information to ensure the application's stability, performance, and compatibility across different devices and Android versions.

For Analytics and Performance Improvement

Data is collected to analyze application usage patterns and user interactions (e.g., through ExoPlayer analytics) ¹² to understand how features are used, identify areas for improvement, and optimize the user experience. This also involves monitoring application performance, identifying and troubleshooting technical issues, and preventing crashes. The App Set ID is utilized for essential non-advertising analytics and to prevent fraudulent activities.²

For Advertising and Personalization

The "Video Downloader - 4kDown" application displays advertisements to support its free-to-use model. Information is used to display these advertisements within the application. Some advertisements may be personalized based on the device's Advertising ID and inferred interests, making the ads more relevant.¹ This personalization is conducted by third-party advertising partners like Unity Ads.

For Security and Fraud Prevention

Information is used to protect the application and its users from fraudulent activities, unauthorized access, and other security threats. This ensures the integrity and security of the systems and those of third-party partners.¹ The App Set ID may also contribute to fraud prevention efforts.²

For Communications

The POST_NOTIFICATIONS permission ¹³ enables the application to send notifications to the device related to the status of downloads, important application updates, new features, or other relevant information to enhance the user experience.

It is crucial to clearly distinguish between data used solely by the application developer for internal application functionality and improvement (first-party use) and data shared with third-party SDKs for their own purposes (e.g., Unity Ads for ad personalization). This distinction significantly enhances transparency and helps users understand the flow of their data. For every type of data collected, the privacy policy must explicitly state why it is collected and how its use benefits the user or contributes to the application's functionality. This moves beyond mere disclosure to a justification of data practices, which is essential for building and maintaining user trust and meeting Google Play's requirements.⁴

5. Sharing and Disclosure of Information

This section transparently outlines the circumstances under which the application shares or discloses user information with third parties, clearly identifying the types of entities involved and the purposes of such sharing.

With Service Providers

• Advertising Networks: The Advertising ID and related device information are shared with Unity Ads and other integrated advertising partners. This sharing is for the purpose of displaying personalized advertisements within the application and for measuring the effectiveness of ad campaigns.¹ Unity explicitly states that certain advertising activities may constitute "sharing" or "selling" under privacy laws like the CCPA.¹

• Analytics Providers: Anonymized or aggregated application usage data and performance metrics may be shared with analytics service providers, such as those integrated through Google Play Services (e.g., Firebase Analytics, Google Analytics).³ This data helps to understand how the application is used, identify trends, and improve application functionality and user experience.

• Other Operational Service Providers: Other third-party service providers may be engaged to assist with various aspects of application operation, such as cloud hosting, crash reporting, or technical support. These providers are obligated to protect user information and use it only for the purposes for which it is disclosed to them.

For Legal Reasons and Law Enforcement

Information may be disclosed if required to do so by law, in response to a subpoena, court order, or other legal process, or if there is a good faith belief that such disclosure is necessary to comply with legal obligations, protect rights or property, or ensure the safety of users or the public.¹⁶

In Case of Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of assets, user information may be transferred to the acquiring entity as part of that transaction.¹⁶ Users will be notified via a prominent notice on the application or website of any such change in ownership or control of personal information.

Unity's explicit statement that certain advertising activities may constitute "selling" or "sharing" under the California Consumer Privacy Act (CCPA) ¹ is a critical point. Even if the application developer does not literally "sell" data for monetary exchange, the policy must address this legal nuance, especially for users in jurisdictions with similar expansive definitions. This necessitates a dedicated section on "Do Not Sell or Share My Personal Information" and clear instructions on how users can exercise this right. A generic statement about sharing data with "service providers" is insufficient for comprehensive compliance. The policy should specifically name the key advertising and analytics SDKs used (Unity Ads, Google Play Services) and briefly explain what data is shared with them and why it is shared. This level of detail aligns with Google Play's requirement to disclose "the type of parties with whom it's shared" ⁴ and fosters greater user trust.

6. Advertising and User Choices

This section provides users with clear, actionable information about how advertising is handled within the application, particularly personalized ads, and how they can exercise control over their ad experience.

Personalized Advertising Explained

The "Video Downloader - 4kDown" application displays advertisements to support its free services. Some of these advertisements may be personalized to user interests. This personalization is based on information collected from the device, primarily the Advertising ID, and activities inferred by third-party advertising partners.¹ The goal of personalized advertising is to make the ads seen more relevant and useful.

Opting Out of Personalized Ads

Users have the right to control how their data is used for personalized advertising. It is important to note that opting out of personalized ads does not mean that ads will no longer be seen; it means the ads seen may be less relevant to interests.

• For Google Personalized Ads: Users can reset or delete their device's Advertising ID at any time through their Android device settings. When the Advertising ID is deleted, any attempts to access it will receive a string of zeros instead.²

  • To reset the Advertising ID: Go to Settings > Privacy > Ads > Reset Advertising ID and confirm.

  • To delete the Advertising ID: Go to Settings > Privacy > Ads > Delete Advertising ID and confirm.²

  • To turn off Ads Personalization altogether: Go to Settings > Privacy > Advanced > Ads > Turn on Opt out of Ads Personalization and confirm.² These settings will apply anywhere the user is signed in with their Google Account.⁷

• For Unity Ads Personalized Ads: Unity, as an advertising network, provides mechanisms for users to opt out of personalized ads. Users may find a privacy settings banner or a privacy icon (which typically looks like a small "i" or privacy shield) in the bottom left corner of a personalized Unity ad.¹ Clicking this icon should allow users to adjust their preferences or opt out of personalized advertising from Unity.

"Do Not Sell or Share My Personal Information"

While "Video Downloader - 4kDown" does not directly sell personal information in exchange for money, certain activities, such as the sharing of the Advertising ID with advertising partners for cross-context behavioral advertising, may be considered "selling" or "sharing" under the expansive definitions of privacy laws like the California Consumer Privacy Act (CCPA).¹ To exercise the right to opt out of the "sale" or "sharing" of personal information, users should follow the instructions above for opting out of personalized ads from Google and Unity. These mechanisms are designed to allow control over the use of the Advertising ID for personalized advertising purposes.

Modern data protection regulations and Google Play policies place a heavy emphasis on providing users with clear and accessible mechanisms to control their data, particularly concerning personalized advertising.² Simply disclosing data collection is insufficient; the policy must provide actionable steps for users to exercise their rights. Google's privacy principles explicitly state, "We make it easy for you to control your personal information" ⁷, and they provide detailed instructions for managing the Advertising ID.² Unity also offers in-ad opt-out mechanisms.¹ Therefore, the privacy policy must not only inform users of their rights but also provide the precise, step-by-step instructions (e.g., navigation paths in Android settings, identifying in-ad icons) necessary for them to effectively exercise these controls. This level of detail demonstrates a genuine commitment to user autonomy and compliance.

The significant update to Google Play Services in late 2021 and early 2022, which removes the Advertising ID and returns a string of zeros when a user deletes it ², has profound implications. This means the application and its advertising partners must be designed to gracefully handle the absence of a persistent Advertising ID. The privacy policy should acknowledge this evolving landscape of user control and the potential impact on ad personalization, reinforcing the message that user choices are respected.

7. User Data Protection Rights

This section informs users of their fundamental rights regarding their personal data, aligning with global data protection principles such as those found in GDPR and CCPA, and provides clear instructions on how to exercise these rights.

Rights Regarding Information

• Right to Access: Users have the right to request access to the personal information that may be held about them. This includes requesting information regarding the categories of personal data collected, the purposes of collection, and the categories of third parties with whom data is shared.¹³

• Right to Rectification: Users have the right to request the correction of any inaccurate or incomplete personal data held about them.¹³

• Right to Erasure (Right to Be Forgotten): Users have the right to request the deletion of their personal data under certain circumstances.¹³ It is important to note that certain data may be retained for legitimate reasons, such as legal obligations, fraud prevention, security, or to complete transactions.¹

• Right to Restriction of Processing: Users have the right to request that the processing of their personal data be restricted under specific conditions, for example, if the accuracy of the data is disputed or its processing is objected to.¹³

• Right to Data Portability: Users have the right to request a copy of their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.¹³

• Right to Object: Users have the right to object to the processing of their personal data under certain circumstances, particularly when processing is based on legitimate interests or for direct marketing purposes, including profiling.¹³

• Withdrawing Consent: Where processing of personal data is based on consent, users have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.¹⁶

How to Exercise Rights

To exercise any of these rights, users should contact the developer at. Identity verification may be required before fulfilling the request to ensure the security of the data. Requests will be responded to within the timeframes required by applicable law (e.g., within 45 days for CCPA requests, with a possible extension of an additional 45 days when reasonably necessary).¹³

While Google Play has specific requirements, a robust privacy policy should proactively incorporate broader data protection rights, such as those derived from GDPR and CCPA. These rights are increasingly becoming global standards, and users from various jurisdictions may access the application.¹ Adopting these comprehensive rights demonstrates a higher commitment to user privacy and helps future-proof the policy against evolving legal landscapes. It is insufficient for a privacy policy to merely list data protection rights. It must provide clear, actionable instructions on how users can exercise these rights. This includes specifying a direct contact method (e.g., a dedicated email address) and outlining the expected process and response timelines (e.g., the 45-day response period for CCPA requests).¹³ This practical guidance is essential for empowering users and demonstrating the developer's commitment to facilitating these rights.

8. Data Security

This section outlines the measures taken to protect user data, emphasizing the application's commitment to security and transparency regarding data storage practices.

Measures Taken to Protect Data

The developer is committed to protecting the information collected. Appropriate technical and organizational security measures are employed, designed to safeguard personal data from unauthorized access, alteration, disclosure, or destruction.

A key security measure for "Video Downloader - 4kDown" is that downloaded video files and their associated metadata (e.g., file name, path, type) are primarily stored locally on the user's device.¹³ This significantly minimizes the risk of server-side data breaches related to downloaded content, as this data is not uploaded or stored on external servers. This design choice to primarily store downloaded video files locally on the user's device is a significant privacy-enhancing feature. Highlighting this as a core security measure inherently reduces the developer's responsibility for securing large volumes of user-generated content on remote servers, minimizing the risk of centralized data breaches.

For any data transmitted over networks (e.g., when detecting links, downloading videos, or communicating with advertising/analytics services), modern cryptography, such as HTTPS/TLS encryption, is utilized.⁴ The networking libraries, such as OkHttp, support and prioritize secure TLS connections.⁹ Security practices are continuously reviewed and updated to protect against evolving online threats.

While commercially acceptable means are strived for to protect personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, absolute security cannot be guaranteed.¹³

The inclusion of androidx.work and the use of Google Play Services components related to advertising and app set IDs (play-services-ads-identifier, play-services-appset) suggests an underlying alignment with modern Android security initiatives, such as Privacy Sandbox and SDK Runtime.¹⁸ While the application itself may not be a "runtime-enabled SDK," its reliance on updated Google libraries means it benefits from the platform's commitment to isolating third-party SDKs and enhancing data security. These initiatives aim to provide "safeguards and protections around user data collections and sharing" and "isolate third-party SDKs from the host app, preventing unauthorized data access".¹⁸ This can be framed as benefiting from Google's broader security ecosystem, demonstrating awareness of and alignment with industry best practices for secure application development, even if it's an indirect benefit.

9. Data Retention

This section clearly explains the application's policies regarding how long different types of user data are retained, distinguishing between user-controlled and developer/third-party managed data.

Policy on How Long Data is Kept

• User-Controlled Data (Local Files): Video files that are downloaded and stored using "Video Downloader - 4kDown" are retained locally on the device. The retention of these files is entirely under user control; they can be deleted from the device at any time. Copies of these files are not retained on the developer's servers. It is crucial to clearly differentiate between data where retention is entirely at the user's discretion (e.g., locally stored video files) and data where retention is managed by the application developer or third-party SDKs (e.g., analytics data, ad IDs). This distinction provides clarity and manages user expectations regarding data deletion.

• Automatically Collected Data: For automatically collected data, such as application usage analytics, device information, and Advertising IDs, this information is retained only for as long as necessary to fulfill the purposes for which it was collected, including for providing application functionality, analytics, advertising, and fraud prevention. Anonymized or aggregated usage data, which cannot be linked back to an individual, may be retained indefinitely for long-term trend analysis and product improvement.¹¹ For personal identifiers like the Advertising ID, retention is subject to user controls (deletion/reset) ² and the retention policies of third-party advertising partners (e.g., Unity, Google). Google's default for activity data tied to an account is automatic deletion after 18 months.⁷

• Legal and Business Requirements: Certain data may be retained for longer periods if required by law, regulation, legal process, or to comply with legal obligations, resolve disputes, or enforce agreements.¹

Google's policy of automatically deleting activity data tied to an account after 18 months by default ⁷ sets a strong precedent for privacy-preserving data retention. For any personal data collected directly by the application (excluding third-party SDKs where retention is governed by their policies), the application's retention policy should ideally align with or strive to exceed such privacy-centric defaults, or at least offer user-controlled deletion options where feasible. This demonstrates a commitment to privacy that goes beyond mere compliance, aligning with user expectations for data minimization.

10. Children's Privacy

This section clearly states the application's stance on collecting data from children, which is a critical compliance area, especially given the presence of personalized advertising.

Policy on Children's Information

"Video Downloader - 4kDown" is not directed at children under the age of 13. Personally identifiable information is not knowingly collected from children under 13. If a parent or guardian becomes aware that their child has provided personal information without their consent, they should contact the developer immediately at. Steps will be taken to remove such information from the servers.

The application's declaration of its target audience (general audience vs. children) has profound and immediate implications for privacy compliance. Given the application's use of personalized advertising SDKs (Unity Ads, Google Ads), it is highly improbable that it can be classified as "child-directed" without requiring significant technical and policy overhauls to disable personalized ads for minors and obtain verifiable parental consent. Google's policies are very strict regarding children's privacy. Google explicitly states that it does not allow ads personalization for children where it knows that they are under 18.⁷ Furthermore, child-directed applications must not include an SDK that is not approved for use in child-directed services and should not use Google API Services that access data associated with a Google Account if using OAuth technology.⁴ Since the application uses the Advertising ID and Unity Ads for personalization, it must declare itself as not child-directed to avoid immediate policy violations.

11. Changes to This Privacy Policy

This section transparently communicates how and when the privacy policy may be updated, and how users will be informed of such changes.

Policy Updates

The Privacy Policy may be updated from time to time to reflect changes in practices, technology, legal requirements, or for other operational reasons. Any changes will be effective immediately upon posting the revised Privacy Policy on this page. The "Last Updated" date at the top of this Privacy Policy will be updated accordingly.

For material changes to how personal information is collected, used, or shared, especially if there is an intent to use data in a new way or for a different purpose than originally disclosed, prominent notice will be provided within the application or through other direct communication channels (e.g., email if contact information is available) and, where required by law, renewed consent will be obtained.²⁰ Continued use of the application after the revised Privacy Policy has been posted signifies acceptance of the changes. Google's API Services User Data Policy explicitly requires developers to "notify users and prompt them to consent to an updated privacy policy before you make use of Google user data in a new way or for a different purpose than originally disclosed".²⁰ This goes beyond merely posting an update on a website; it mandates a more direct and affirmative re-consent process for significant changes in data handling.

12. Contact Information

This section provides clear and accessible contact information for users to address any privacy-related questions, concerns, or requests regarding their data.

How to Reach Us

For any questions about this Privacy Policy, data practices, or to exercise data protection rights, please do not hesitate to contact us.

Developer: CompToost

Email: comptoost@gmail.com

The developer is committed to addressing inquiries promptly and transparently. Providing a clear and responsive contact mechanism is not just a formality; it is a vital component for building and maintaining user trust and for fulfilling data subject access requests efficiently. Google Play explicitly requires an email address.⁶ The ease with which users can contact the developer about privacy concerns directly impacts user perception and compliance. An unresponsive or difficult-to-find contact method can quickly erode trust and escalate minor issues into policy complaints or legal challenges. Ensuring a dedicated and monitored privacy contact email demonstrates a commitment to transparency and accountability.

13. Google Play Store Specific Compliance Notes

This crucial section provides direct, actionable guidance tailored to Google Play's specific requirements, ensuring the application's privacy policy and Play Console declarations are fully compliant.