Privacy Policy

Last updated: April 10, 2026

SecureVideoStream ("we," "our," or "us") operates the securevideostream.com website and the SecureVideoStream platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information: When you create an account, we collect your username and password (stored as a salted, hashed value using PBKDF2 with 100,000 iterations — we never store plain text passwords).

Usage Data: We may collect information about how you access and use the platform, including:

• Videos viewed and playback activity
• Session duration and timestamps
• Device type, browser, and operating system
• IP address

Google Drive Data: If you connect your Google Drive account via OAuth, we access your Drive files in read-only mode to list and stream video files. We do not store, copy, or modify any files in your Google Drive. Your Google OAuth tokens are stored securely in server-side session cookies and are never exposed to third parties.

Transcription Data: When you use the AI transcription feature, audio is processed locally on our server using Whisper AI. No audio or transcription data is sent to external services.

2. How We Use Your Information

• To provide and maintain our video streaming service
• To manage your account and authentication
• To enforce DRM licensing and content protection
• To generate video transcriptions when requested
• To monitor and prevent unauthorized access or abuse
• To improve our service and user experience

3. Data Security

We implement industry-standard security measures including:

• Encryption: AES-128-CBC encryption for video content, AES-256-GCM for signed URLs
• Authentication: JWT-based sessions with httpOnly, sameSite cookies
• Password Protection: PBKDF2 hashing with 100,000 iterations
• DRM Protection: Per-session licenses, concurrent stream limits, content key rotation
• SSRF Protection: Private IP blocking for remote video proxy

4. Third-Party Services

We may integrate with the following third-party services:

• Google Drive API: For accessing your private video files (requires your explicit consent via OAuth)
• YouTube: For proxying YouTube video content (via yt-dlp)
• AWS S3: For streaming videos from your S3 buckets

Each integration only occurs when explicitly configured by the account administrator. We do not share your data with these services beyond what is necessary to provide the functionality.

5. Data Retention

• Account data: Retained while your account is active
• Session data: Automatically expires after 24 hours
• DRM licenses: Expire after 4 hours
• Google OAuth tokens: Expire after 1 hour
• YouTube cache: Retained until manually cleared by the administrator
• Transcription files: Retained alongside video files until deleted

6. Your Rights

You have the right to:

• Access your personal information
• Request deletion of your account and associated data
• Disconnect third-party integrations (Google Drive) at any time
• Revoke Google OAuth access via your Google Account settings

7. Cookies

We use essential cookies for:

• Session management: httpOnly cookie to maintain your login session
• Google Drive tokens: httpOnly cookie to maintain Drive access during your session

We do not use tracking cookies, advertising cookies, or analytics cookies.

8. Children's Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

• Website: securevideostream.com
• Email: support@securevideostream.com