Privacy and security details

VDO.Ninja - Privacy, Policies, and Data-collection

Privacy & Security (Plain-English Explainer)

VDO.Ninja is peer-to-peer. By design, your IP address can be visible to the people you connect with.
We don’t store your call content. We keep only minimal technical logs for short periods to run and protect the service.
We front parts of the site through Cloudflare for DDoS/bot protection. Cloudflare logs technical request data, including full URLs with query parameters.
If you need more privacy, use a VPN or relay (TURN/SFU)—with a trade-off in latency/bandwidth.

In a direct P2P call, your device connects to the other person’s device. That usually exposes your IP address (and basic network/device info) to the other participant.
You can reduce this exposure by using a VPN, forcing a TURN relay path, or enabling “IP leak” protections in your browser/OS. This can affect quality/performance.
Because this exchange is inherent to P2P, VDO.Ninja can’t stop someone you’re talking to from learning your IP. Connect with people you trust.

No call content storage. We don’t keep your video/audio/text after a session ends.
We may keep minimal technical metadata (e.g., timestamps, error codes, IPs seen by our edge, room name/token you used, pre-check test results) for short periods to operate, debug, fight abuse, and comply with law if needed.
Cloudflare protects our site and some endpoints. Cloudflare automatically logs things like your IP, full URL (including query parameters), User-Agent, country/region, referrer, and security signals. Cloudflare may set security cookies/tokens. Cloudflare keeps its own logs under its own policies.
We may share high-level, anonymous usage spikes with the community (e.g., “traffic doubled today”); not individual user data.

We don’t use tracking cookies for ads.
Your browser’s local storage may hold preferences (camera/mic selection, device names, last settings, etc.). It’s for convenience only and stays on your device unless you clear it.
Cloudflare may use its own technical cookies for security/performance.

TURN can relay encrypted media if direct P2P is blocked (e.g., strict NAT). Data is encrypted (WebRTC). Some deployments add TLS on top. TURN typically doesn’t store content.
SFU/Meshcast forwards media for multi-party/broadcast workflows. It’s not end-to-end encrypted by default, so server-side recording is technically possible.
STUN/ICE servers, plus our handshake (signaling) server, help peers discover and connect.
The handshake server keeps temporary connection info in memory to make public service possible; it’s cleared once you disconnect.

If you embed or connect third-party services (e.g., Meshcast, YouTube, Twitch, Discord), their privacy/terms apply to their parts.
Meshcast: Being SFU-based, it isn’t full end-to-end encrypted like a pure P2P call. Viewers can see the Meshcast stream ID, and anyone with that ID can watch (no VDO.Ninja room password required). If that’s a concern, avoid Meshcast for that session.
A domain-isolated build is available at https://isolated.vdo.ninja, which attempts to block third-party domains inside the VDO.Ninja UI.

Even if you host the website code yourself, your browser will still talk to STUN/TURN/WSS servers unless you change the defaults.
Full isolation requires running your own STUN/TURN/WSS and configuring your deployment to use them instead of the defaults.
Reference handshake server (private/small-scale use): https://github.com/steveseguin/websocket_server/
Managed third-party handshake examples are supported.
We run multiple handshake/website/TURN servers worldwide; primary nodes are in the USA. A backup is at https://backup.vdo.ninja.

Treat room names and stream IDs like passwords. Don’t share widely.
Avoid putting raw passwords in URLs; prefer entering them in the UI.
Room names (typically encrypted) and salted stream IDs are sent to the handshake server so peers can find each other.
Passwords are meant to remain client-side (unless you place them in the URL) and are used to encrypt room names, further salt stream IDs, and encrypt initial handshake data.
Hosting on a different domain also acts as a salt; a room/stream on one domain generally won’t interoperate with a different domain’s deployment without deliberate changes.

Anyone can record what they can view (OBS, system tools). Don’t assume a session is unrecorded.
We can’t forcibly end P2P calls already in progress or remove content from devices we don’t control.
We don’t proactively monitor calls. We respond to reports best-effort and may not be online when a live stream is happening.

Because IP exchange is inherent to P2P and we don’t control participants’ devices, we can’t guarantee privacy, service, or security. Use VDO.Ninja at your own risk.
For sensitive use cases, consider a VPN, relay mode, passwords, and careful link sharing with trusted peers only.

Last updated 9 days ago

Was this helpful?