Privacy

Effective 2026-04-14 · version 1.0

We try to collect as little as possible.

• Accounts — email, optional name. Used to sign you in and email you receipts / magic links.
• API usage — timestamps, stream ids, amounts billed. Used for metering and payouts.
• Payment info— Stripe or wallet addresses — stored only if you're a broadcaster. Card numbers never touch our servers.
• Submitted cameras — the metadata you give us, plus the IP prefix (for rate-limiting, not identification).

We don't sell your data. We don't run ads.

One cookie, for authentication (Better Auth session). It's HttpOnly, Secure, SameSite=Lax. No trackers. No analytics cookies.

Frames we pull from upstream cameras are cached in a short-lived ring buffer (60-second TTL) — just long enough to serve a couple of agent requests. We don't keep long-term archives. Frames are attributed to the upstream source and we respect takedown requests.

Some cameras in the directory are on public streets and may incidentally capture identifiable people. We don't run face recognition. We don't provide tools for anyone else to do biometric identification on feeds in the directory (see Terms § 8). If a specific camera captures you in a way that concerns you, write to privacy@videoai.comand we'll take it down.

Wherever you are, you can email privacy@videoai.com to:

• Get a copy of the data we have on you.
• Correct it.
• Delete it (we'll honor this unless we're legally required to retain for tax / audit).
• Opt out of any non-essential processing.

If you're in the EU/UK, you also have GDPR rights including lodging a complaint with your local DPA. If you're in California, CCPA rights apply.

• Account data: until you delete your account + 30 days.
• Usage events: 2 years (required for accounting).
• Ring-buffer frames: 60 seconds.
• Source attribution + takedown records: indefinitely.

privacy@videoai.com