Privacy Policy

Last updated: May 6, 2026

1. Who We Are

sideby.me ("we", "us", "our") operates the website at sideby.me and the following infrastructure (collectively, the "Service"):

  • watch.sideby.me - the web application you interact with in your browser.
  • sync.sideby.me - a real-time Socket.IO server that handles room state, video synchronization, chat, and WebRTC signaling.
  • pipe.sideby.me - a Cloudflare Worker that proxies video streams where CORS policies require it.
  • lens.sideby.me - a headless Chromium service that extracts playable video URLs from third-party websites on your behalf.
  • pass.sideby.me - a browser extension that detects video URLs on web pages.

This Privacy Policy explains what data we collect, why, and how we handle it.

2. Data We Collect

2.1 Website & Sync Server

  • No accounts. We do not require sign-ups or collect email addresses, passwords, or personal profiles.
  • Display names. When you create or join a room, you provide a temporary display name (2–20 characters). This is stored only for the duration of the room session in Redis and is deleted when the room closes.
  • Video URLs. When you share a video in a room, the URL is transmitted to other participants in real time via our sync server (sync.sideby.me). Video URLs are included in operational logs and traces for debugging. When the Lens headless capture service is required (see section 2.2), the extracted media URL is temporarily stored in Cloudflare KV for up to 1 hour.
  • Chat messages. The last 20 chat messages per room - including message text, display name, anonymous user UUID, timestamp, and emoji reactions - are stored in Redis for up to 24 hours. They are automatically deleted when the room closes or the 24-hour TTL expires, whichever comes first.
  • Playback state. The current video URL, playback position (timestamp), and playing/paused state are stored in Redis for the duration of the room session and deleted when the room closes.
  • Connection metadata. Our server may temporarily log IP addresses and connection timestamps for rate-limiting and abuse prevention. These logs are automatically purged within 30 days. Additionally, your IP address may be exposed to Google STUN servers during WebRTC peer-to-peer setup and to Metered.live TURN relay servers when a direct P2P connection is not possible. Video proxy traffic to pipe.sideby.me passes through Cloudflare infrastructure.
  • Anonymous user identifiers. Each session is assigned an anonymous UUID (version 4) generated per connection. This ID is used to correlate room events (join, leave, chat, reactions) within a session. It is not linked to any personal identity and is discarded when the session ends.

2.2 Lens Headless Capture

  • Source page URL. When a video URL cannot be resolved by lighter extraction methods, it is sent to our Lens service. Lens opens the page in a headless Chromium browser, intercepts its network traffic, and extracts the playable video stream URL. The source page URL is included in distributed tracing logs for operational debugging.
  • Captured media payload. The extracted media URL and associated HTTP headers (such as authorization tokens required for playback) are written to Cloudflare KV with an expiry of up to 1 hour. This data is automatically deleted when it expires.
  • Background refresh. If a Lens-captured stream URL is about to expire, our sync server automatically re-submits the original video URL to Lens to refresh the capture. This happens in the background without additional user action.

2.3 Sideby Pass (Browser Extension)

  • Network request monitoring. The extension uses the webRequest API to observe network traffic in your browser locally in order to detect video and streaming URLs (e.g., .mp4, .m3u8 files). This analysis happens entirely on your device. We do not transmit your browsing history, request logs, or any page content to our servers.
  • DOM scanning. The extension injects content scripts to scan the DOM for <video> elements and intercepts XHR/Fetch responses to find video URLs from site APIs. All processing is local.
  • Data sent externally. The only data transmitted to sideby.me is the video URL you explicitly choose to "pass" when you click "Create Room" or use the context menu. No data is sent without your direct action.

3. How We Use Your Data

  • To synchronize video playback between room participants in real time.
  • To provide the video detection functionality of the Sideby Pass extension.
  • To relay video streams through our proxy service where CORS policies or authentication headers require it.
  • To extract playable video URLs from third-party websites on your behalf when you share a video link.
  • To prevent abuse and ensure fair use of our infrastructure.

We do not sell, rent, or share your data with third parties for advertising or marketing.

4. Data Storage & Retention

  • Room state (participant names, video URL, playback position, room settings) is stored in Redis and permanently deleted when the room closes.
  • Chat messages (last 20 per room) are stored in Redis for up to 24 hours. They are automatically deleted when the room closes or after 24 hours, whichever comes first.
  • User socket mappings (anonymous UUID → connection ID) are stored in Redis for up to 2 hours per session.
  • Cloudflare KV stores the captured media URL and HTTP headers from Lens captures for up to 1 hour, after which the entry expires automatically.
  • Server logs (IP addresses, timestamps, video URLs in traces) are retained for a maximum of 30 days for security and debugging purposes, then automatically purged.
  • Extension data is stored entirely in your browser's local memory and is cleared when you close or navigate away from a tab.

5. Cookies & Local Storage

sideby.me uses minimal client-side storage. We use localStorage for UI preferences (e.g., theme, notification sound settings, subtitle preferences) and sessionStorage for short-lived session data (e.g., your host token for up to 5 minutes after creating a room). We do not use third-party tracking cookies or analytics services. See our Cookie Policy for the full list.

6. Third-Party Services

We use the following third-party services as part of the technical infrastructure:

  • Cloudflare - Our video proxy (pipe.sideby.me) runs as a Cloudflare Worker. Captured media payloads from Lens are stored in Cloudflare KV. Video bytes proxied through pipe.sideby.me pass through Cloudflare's network infrastructure.
  • Metered.live - We fetch WebRTC TURN relay credentials from whonoahexe.metered.live to enable NAT traversal for peer-to-peer voice and video connections. Your IP address is sent to TURN relay servers when a direct P2P connection is not possible.
  • Google STUN - We use Google's public STUN servers (stun.l.google.com) for WebRTC connection setup. Your IP address is exposed to these servers during the ICE candidate exchange.
  • Platform APIs - When you share a URL from Instagram, Reddit, TikTok, Vimeo, Dailymotion, Twitch, or Twitter/X, our sync server makes server-side requests to those platforms to extract the playable video URL on your behalf. The URL you submitted is sent to those platforms' servers as part of this process.
  • OpenTelemetry (internal) - We use OpenTelemetry for internal operational observability. Logs and traces include room IDs, anonymous user UUIDs, and video URLs. Message content, raw IP addresses, authentication tokens, and cookies are redacted from all telemetry data.

We do not integrate with third-party analytics, advertising networks, or social login providers.

7. Children's Privacy

Our Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us so we can take appropriate action.

8. Your Rights

Because we collect minimal data and do not maintain user accounts, most data protection rights (access, correction, deletion) are satisfied by design. Session data expires automatically, and we have no way to link anonymous UUIDs to a specific individual after the session ends. If you have questions or requests regarding your data, contact us at hello@sideby.me.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

← Back to Legal