# VDO.Ninja Privacy Policy **Effective Date:** December 26, 2025\ **Supersedes:** September 8, 2025 VDO.Ninja is a peer-to-peer tool for real-time video, audio, and text. We don’t host your call content, and we aim to keep what we process minimal. This policy explains **what we (and our providers) process**, **why**, and **your options**. If you disagree with this policy, please don’t use the Service. *** ### 1) What we don’t store by default * **No call content storage.** We do **not** store your video, audio, or text content after a session ends. * **No tracking ads/cookies.** We don’t use tracking cookies for advertising. *** ### 2) What is naturally exposed in P2P calls * **Your IP address and basic device/network info** can be visible to **the peers you connect with**. That’s how P2P works. * You may use a **VPN** or force a **relay (TURN/SFU)** path to reduce exposure (trade-off: performance/latency). *** ### 3) What we (and our providers) may process **Operational metadata (minimal by design):** * **Connection diagnostics** (timestamps, error codes), **IP address**, **User-Agent/browser details**, **room name or token** used, and **optional pre-check test results**. * **Why:** to set up/maintain connections, fight abuse (rate-limit/anti-flood), run speed tests you trigger, and comply with law when required. **Quality of Service (QoS) analytics (opt-out available):** * **Where collected:** QoS analytics are collected on **vdo.ninja** and **backup.vdo.ninja** only. **Self-hosted instances do not send QoS data** to us unless explicitly configured to do so. * We collect **anonymized connection analytics** to monitor service health and improve reliability. This includes: * **Session metadata:** duration, connection type (publisher/viewer/director), success/failure status * **Technical details:** browser type, platform (desktop/mobile/tablet), transport type (P2P/TURN/SFU) * **Performance metrics:** packet loss, round-trip time, jitter, bitrate (aggregate statistics) * **Media info:** video/audio codec, resolution * **Server hostnames:** only for **official VDO.Ninja TURN and Meshcast servers**; custom/private servers are recorded as "private" (no hostname captured) * **Geographic region:** derived from GeoIP lookup (**IP address is not stored**) * **Sanitized errors:** error messages with sensitive data (room IDs, passwords, IPs) removed * **What we do NOT collect:** room names, stream IDs, passwords, tokens, IP addresses, or any call content. * **Why:** to identify connection issues, optimize server infrastructure, and improve service reliability. * **Retention:** QoS data is retained for approximately **30 days**. * **Opt-out:** Add `&qos=0` to your URL to disable QoS reporting entirely. **Cloudflare (reverse proxy / DDoS & bot protection):** * We front the site and some endpoints with **Cloudflare**. Cloudflare **automatically** receives and logs: * **IP address** and **approximate location** (country/region) * **Full request URL (including query parameters)**, headers, and **referrer** * **User-Agent** / device details; TLS/network metadata * Derived security signals and **security cookies/tokens** (to separate humans from bots) * **Important:** **We do not control Cloudflare’s independent logs or retention.** Cloudflare may process this data on infrastructure **outside your country** to deliver security and performance. If you object to Cloudflare processing, please don’t use the Service. **TURN/SFU/STUN & hosting:** * **TURN** relays encrypted media when direct P2P is blocked (state is typically **ephemeral**). * **SFU / Meshcast** forwards media for multi-party/broadcast; **not E2EE by default** and **server-side recording is technically possible**. * **STUN** (e.g., Google STUN or Cloudflare STUN) helps discover paths through NAT; it exposes your IP/port to that STUN service. * Some infrastructure may run on providers like **Google Cloud** or other reputable hosts (they process operational data to run their services). **Optional sign-in / integrations (only if you enable them):** * If you connect **YouTube, Discord, Google Drive, Dropbox, etc.**, those services may share identifiers/permissions with us **only to enable that feature**. Their policies apply to their use of data. * **Invite.cam** and other companions may store their own sign-in details/settings under their own policies. **Mobile app & credentials:** * Native apps may store **stream IDs, passwords, room names, and settings locally**; credentials may be cached locally and expire. Uninstalling the app removes local data. *** ### 4) Cookies & local storage * We don’t use tracking cookies. * We use **local storage** for **preferences** (e.g., camera/mic). Clear it in **Settings** or via your browser’s “Clear site data.” *** ### 5) Recording & security realities * **WebRTC encryption:** Media is encrypted in transit. * **SFU/Meshcast:** Not E2EE by default; a server could record. * **Anyone can record:** Viewers/participants can record locally (OBS/system tools) without notifying others. * **Built-in features:** If you enable recording/upload, content may be saved to a cloud you select (their policies apply). *** ### 6) Retention * **Routine ops data:** typically **7–30 days**. * **QoS analytics:** typically **\~30 days**. * **Pre-check test results:** typically **\~7 days**. * **Incident/legal holds:** If there's a lawful request or a safety report, we may preserve **relevant** logs for the legally required period (e.g., up to **1 year** for certain child-safety matters). * **Cloudflare:** keeps its **own** security logs per its policies (we don't control that). We don't keep more than we need. *** ### 7) Deletion & your controls * **No user accounts** → little to delete. We generally don’t maintain profiles. * **Web:** Clear preferences in **Settings** or via your browser’s site-data controls. * **Mobile:** Clear/override settings in-app; uninstalling deletes local app data. * **Newly added or experimental features:** Please ask us if not yet covered here. * **Ask us:** You can request access/deletion of any operational data we still hold (note: due to minimal logging, we may have very little). *** ### 8) International transfers Operational data (IP addresses, URLs, diagnostics) may be processed on infrastructure **outside your province/state or country**, including by **Cloudflare** and hosting providers. By using the Service, you **consent** to this cross-border processing for security and performance. *** ### 9) Legal bases (EEA/UK, if applicable) We rely on: * **Contract necessity** (to provide features you request), and * **Legitimate interests** (security, DDoS/bot mitigation, abuse prevention, reliability, and product improvement). *** ### 10) Children’s privacy The Service is intended for individuals **16+** and is **not** directed to children under 16. If you believe a minor has used the Service or provided data, contact us and we’ll take appropriate steps. *** ### 11) Safety & reporting (important) * **Do not send us illegal media** (e.g., CSAM). If you have such evidence, report it to your **national child-safety hotline** (e.g., **Cybertip.ca** in Canada, **NCMEC CyberTipline** in the U.S.) and send us the **report number** with a plain description (room name, timestamps, screen names). * We may disable links we control, block IPs/ranges/ASNs, **preserve relevant logs**, and **report** suspected child exploitation to hotlines/authorities. * We do **not** proactively monitor communications. *** ### 12) Self-hosting Unless fully reconfigured, a self-hosted copy may still use **official handshake/relay infrastructure** by default. If you self-host for public use, you’re responsible for **securing** your deployment and setting your own privacy/abuse processes. *** ### 13) Security We use reasonable technical and organizational measures (TLS, Cloudflare DDoS/bot protections, minimal retention). No system is perfectly secure. Use strong room tokens, share links carefully, and consider VPN/relay trade-offs. *** ### 14) Changes to this policy We may update this policy from time to time. If we make **material** changes, we’ll update the effective date and post a notice. Continued use after changes take effect means you accept the updated policy. *** ### 15) Contact Privacy questions/requests: [**steve@seguin.email**](mailto:steve@seguin.email)\ Abuse & child-safety reports: [**steve@seguin.email**](mailto:steve@seguin.email) (plain description only; **no illegal media**)\ Copyright notices: [**steve@seguin.email**](mailto:steve@seguin.email) *** #### One-line summary We don't store your call content. **Cloudflare** fronts our site and logs request data (including **IP** and **full URLs with query parameters**) for security and performance. We collect **anonymized QoS analytics** (no IPs, room names, or content) on official VDO.Ninja domains to monitor service health. We keep only minimal operational logs and may preserve incident-related data when legally required. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vdo.ninja/help/privacy-and-security-details/vdo.ninja-privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.