Legal
Privacy Policy
Last updated: June 19, 2026
Syncync lets you watch Netflix and YouTube together in real time, with a built-in video call. This policy explains exactly what the website and Chrome extension collect, how it's used, and the things we never do. It's written to match what the software actually does — no more, no less.
What the extension reads
When you're signed in and on a supported watch page — Netflix (www.netflix.com) or YouTube (www.youtube.com) — the extension reads the player's current time position, play/pause state, and playback rate. That's the minimum needed to keep everyone in the room on the same frame.
It does not capture, record, screenshot, copy, buffer, or store any streaming audio or video. It reads the numeric time position and status only — never the media itself. We are not affiliated with Netflix or YouTube.
Local storage
The extension uses Chrome's storage to briefly hold your pending room join token while a tab opens. It is cleared when your browser session ends and is never synced across devices.
Camera & microphone
The room video call is peer-to-peer (WebRTC). Your camera and microphone streams flow directly between your browser and the other people in your room. We never record or store your audio or video, and it does not pass through our servers. A relay (TURN) server is used only to help two browsers connect when a direct connection isn't possible — it forwards encrypted call data without storing it. Your browser asks for camera/mic permission before any call starts, and you can turn either off at any time.
What our servers receive
While you're in a room, the backend handles:
- Room metadata — room ID, slug, and the title / source URL of what you chose to watch together.
- Playback sync events — play, pause, seek position, and playback rate (the "where is everyone" messages).
- Chat messages — the text you type in the room.
- Presence — when you join or leave.
- WebRTC signalling — connection offers/answers used to set up the peer-to-peer call. The call media itself stays peer-to-peer.
Streaming video/audio is never routed through or stored on our servers.
Account data we store
When you create an account we store your email, display name, a securely hashed password, and your sign-up date. If you sign in with Google, we store your Google account identifier and the email it returns — we never receive your Google password. We keep a short room history (which rooms you hosted or joined, and when) to power your dashboard.
We don't store card details. Payments are handled by Stripe; we receive only your subscription status. To help keep accounts secure, new or changed passwords are checked against the Have I Been Pwned breach database using k-anonymity — only a short, partial hash prefix leaves our server, never your actual password.
Cookies
We set authentication cookies on our own domain so you stay signed in. They are used solely for sign-in — we don't use advertising cookies or third-party tracking pixels. We use Sentry to capture crash and error reports so we can fix bugs; these reports may include basic technical context (browser, error trace) but not your call media or chat content.
Google API limited use
Syncync's use of information received from Google APIs (Google Sign-In) adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google data only to sign you in and identify your account — we never sell it, use it for advertising, or share it except as needed to run the sign-in feature.
Sharing & sale
We do not sell your personal data and do not share it for advertising. We share data only with the providers that run the service — hosting, Stripe (payments), and Sentry (error monitoring) — under terms that bar them from using it for anything else. We may disclose data if required by law.
Retention & deletion
Account data is kept while your account is active. You can delete your account from your settings, or by emailing us; your personal data is removed within 30 days, except where law requires us to keep certain billing records. Room history is short-lived and cleared on a rolling basis. See our data deletion page for the exact steps.
Children
Syncync is not directed to children under 13. We don't knowingly collect data from anyone under 13; if you believe a child has given us data, email us and we'll remove it.
Changes & contact
If we make material changes we'll update the date above and, where it affects data you already gave us, notify you by email. Questions? Email [email protected].