Why I Built This

I built Grand Media Station because I was frustrated with the existing options.

FileBot has been the go-to for years, but it requires trusting a closed binary with your file system and API credentials. When I looked at the security architecture of the tools in this space, I kept finding the same problems: API keys bundled in the binary, credentials stored in plain text config files, no transparency about what data leaves your machine.

I'm a security engineer by background. Building something that ignored those problems wasn't an option.

So I built the tool I wanted to use — one that takes the security of your homelab seriously.

What This App Keeps in Mind

Security First

No API keys live in the binary. TVDB requests are proxied through my server. TMDB requests go directly from your machine to TMDB. Any credentials you provide are stored in your operating system's keychain (Windows Credential Manager on Windows, the equivalent on Linux) — not in a config file.

Privacy by Default

Inside the app, you are an anonymous UUID — a random identifier generated on your machine. There are no user accounts, no registration, no profile. The app doesn't know or care who's renaming what. If you purchase a paid license, Paddle (our payment processor) collects standard billing information tied to your license key — that's between you and Paddle. But the app itself never sees that data.

Transparency

I'm clear about what the app does and doesn't do. License validation requires a periodic check against my server. TVDB metadata requests are proxied through my server, and I log basic request data for those. TMDB requests go directly from your machine to TMDB — I never see them. There's a 30-day offline grace period so connectivity issues don't break your workflow. No telemetry, no usage tracking beyond what I've described here.

Reliability

This is a tool for your homelab. It needs to work when you need it, not just when my server is healthy. The offline grace period exists because I've been on the other side of "subscription software that stopped working because the vendor had an outage." That's not acceptable for a desktop tool.

How I Handle Anonymity

Inside the app, your only persistent identifier is an anonymous UUID — a randomly generated string created when you first activate your license. That UUID is what my licensing server knows about. The app doesn't collect your name, email, or IP address.

If you purchase a paid license through Paddle, they collect standard billing information as your payment processor. That billing data is tied to your license key but lives in Paddle's system — the GMS app never sees it.

When you submit a support ticket through the app, it's attached to your UUID. I can help you with your issue without ever knowing who you are. If you choose to include identifying information in your ticket, that's your choice — the system doesn't require it or ask for it.

This isn't a legal technicality. It's a design decision made from the start, not bolted on after the fact.