Effective Date: November 18, 2023

Welcome to VDO.Ninja, a peer-to-peer networking service designed to facilitate seamless video and audio communication. This Privacy Policy outlines our practices regarding the collection, use, and protection of your information.

1. Data Collection and Use

• IP Addresses: VDO.Ninja operates as a peer-to-peer network, which may share your IP address and basic system information with remote guests you connect with. Using VPNs, TURN servers, or enabling IP-leak protection will offer enhanced privacy, however doing so could be detrimental to the performance of the service.

• Personal Information: We do not store personal information longer than necessary. This may include data for TURN relay servers, error reporting, rate-limiting, speed-test results, and anti-flooding measures.

• Cookies and Local Storage: VDO.Ninja does not use tracking cookies. Local browser storage may be used for storing user preferences and settings; not for tracking purposes.

• Third-Party Services: When using third-party services like Discord or YouTube, their respective privacy policies apply.

2. Data Deletion Policy

• No User Accounts: VDO.Ninja does not create user accounts in its web or mobile app versions, thus eliminating the need for a mechanism to delete user accounts. However, related products or services may have their own privacy policies and data management procedures.

• Web Version: In the web version of VDO.Ninja, users can delete any local preference data, such as camera configuration settings. An option to do so is provided in the user settings menu, or it may be done using their browser's built-in clear local storage options.

• Mobile App: The native mobile app versions of VDO.Ninja may store stream IDs, room names, and user settings locally. This data can be manually cleared or overridden by the user at any time. Additionally, all such local data is deleted when the app is uninstalled.

• Data Retention: Data collected during optional pre-check performance tests is automatically deleted after a period of typically 7 days. Any personal data in general is not retained longer than necessary for the technical functioning of the service.

3. Data Security and Responsibility

• Media Data: Media data transferred via TURN servers is encrypted per the WebRTC standard. Media sent via Meshcast or other SFU services will not be end-to-end encrypted by default, and so may technically allow for server-side recording. Any viewer of a stream can record the stream without notice to others. Built-in recording options are offered, including the option to upload direct to cloud services. External recording tools, like OBS Studio, can also be used to record.

• System Information: Basic debug and system statistical information may be transmitted between peers, including browser user agent, basic hardware specifications, IP address, display name, and operating system details. Performing the optional pre-check system test may also store such test result information for a limited period of time on a server, only as technically required to offer the service.

• User Auth Credentials: Credentials may be cached in local browser storage and are subject to expiration.

4. Third-Party Services and Cloudflare

• Cloudflare: We use Cloudflare for web server caching, DNS, STUN, TURN geo-routing, security services, bandwidth testing, and probably more. Cloudflare's use of data is GDPR-compliant.

• Meshcast.io: This third-party service, when used with VDO.Ninja, operates independently of our privacy practices.

• Invite.cam: May retain details of social-sign-in credentials within a database for purposes of authenticating users and store VDO.Ninja related settings.

• Google: We may use Google for STUN services and host the core servers on Google Cloud.

• SSO: We may offer Social Sign In (SSO) options for additional functionality using services such as Dropbox, Google Drive, Discord, and YouTube chat.

5. User Responsibility

• Stream ID and Room Names: Treat these as sensitive information and choose secure values that cannot be guessed. We provide options for additional client-side encryption for added security, but the system may choose to fail-safe rather than to fail-securely in some cases.

• Handshake Server: The initial connection is managed by a server, but subsequent data transfers are peer-to-peer when possible. While connected to the handshake server new peer connections can potentially be established.

• Self-Hosting: Unless specified, self-hosting VDO.Ninja will still result in the the system still using the official handshake servers and other such services by default. You must configure your VDO.Ninja deployment to use your own such services if desired. Any self-hosted handshake server code provided is intended for private personal use; it's not secured for public use or access.

6. Legal Disclaimer

• No Guarantee of Privacy or Security: While we strive to protect your information, we cannot guarantee absolute privacy or security. Use of VDO.Ninja in any capacity is at your own risk.

• Contact Information: For privacy-related inquiries, contact steve@seguin.email.

7. Amendments

• This policy may be updated periodically. We encourage users to review it regularly.