Privacy Policy

How your data is collected

Data submitted in forms, such as the sign up form or the playlist form, is recorded in a database. So is data received via API integration. This is done to keep track of your user account. Some metadata is also recorded, such as failed sign-in attempts, and any errors you encounter. This is done to keep your account secure, and quickly find problems with the website. Data about what a baton holder is watching and their progress in a playlist is recorded as well. This is necessary to support syncing clients, and to resume a video in progress if the baton holder leaves and re-joins a room.

How your data is protected

  • In Transit
    ReelSync enforces HTTPS between browser and the server. This secures the connection between you and ReelSync with encryption and authentication. Videos aren't required to be HTTPS though, see "Out of Band" below for details.
  • On Disk
    Your password is stored as a salted and hashed value using 52,000 rounds of Rfc2898. This ensures your password won't be leaked if ReelSync ever gets hacked. Your other data is stored in a Microsoft Azure datacenter. All data is encrypted at rest, so no backups contain your cleartext personal information.
  • Out of Band
    ReelSync doesn't host any video content. This is a very important thing to know: Everything you watch comes from somewhere else. If you watch a video coming from sketchyvidhost.ru, and they want to track which IP addresses are consuming their media, ReelSync can't stop that. If a video is served over an insecure connection, then anyone between you and the host can see what you're watching and could even tamper with the video stream. Be careful about where you get your videos, be careful about whose stream you join, and only click links from people you trust.

Other uses of your data

There are none. I will never sell or otherwise share your data with a third party. If any data is collected, it's strictly to support a feature of the site.

Cookies and other browser storage

A few cookies are set in your browser when you sign-in or navigate the site. All cookies are first-party cookies, and none of them track you. A couple of localstorage objects are set too. Localstorage data is held in your browser, but it isn't transmitted to the server on every request.

  • .AspNetCore.Cookies
    This is your account cookie. It lets the server know who you are when you ask it to do something. Without it, you could never be logged in. It's a pretty big cookie because it's encrypted/signed, and it stores some information about your account, like your username and your role.
  • .AspNetCore.Antiforgery.[somestuff]
    This is an antiforgery cookie. It protects you from cross site request forgery attacks. Forgery is where another website tries to use your browser to do something on ReelSync without your permission. This cookie makes doing such a thing impossible by acting as a per-request automatic password.
  • Localstorage
    A few values are set by the media player, like 'following', 'subtitles', and 'volume'. These settings are only used to save and load your player preferences.

Your Email Address

Your email address is required for account verification and password recovery. Like the rest of your data, I promise to never give your email address away to a third party. Your email address will only be used to send system messages about your account. If your account is locked, a password reset is requested, or there is a security breach of the site, your email will be used to contact you. You will also be contacted if this privacy policy is changed in a significant way. No marketing mail will ever be sent.

Do you know what I type in chat?

ReelSync does not store any chat messages. Chat messages are relayed to other people in a room, and that's it. If there's a problem relaying a message then a log entry will be made with the time and your IP or username, but the actual content of your message is never recorded. That said, chat messages are not end to end encrypted. Treat chat as a fun, but only semi-secure channel.

Deleting Your Data

When you delete a video or a playlist, it's really deleted from the database. However, a daily backup is taken which includes the database, and your data will still be in it. These backups are retained for seven days. So on the eighth day after you've deleted something, you can be sure it's truly and permanently gone.

You absolutely have the right to delete your entire account too, but there isn't currently a "delete your account" feature on the site. Please contact support if you want to delete your account. We'll make sure it's all really gone.