Back to tubetime.cc

Privacy Policy

Last updated: March 1, 2026

1. Introduction

Welcome to TubeTime ("we", "us", "our"), accessible at tubetime.cc. We are committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information.

2. Data We Collect

2.1 Account Data (optional)

If you choose to create an account, we collect:

  • Username — chosen by you, displayed publicly in rooms
  • Email address — used for account identification purposes only
  • Password — stored as a securely hashed value (bcrypt); we never store or see your plain-text password

2.2 Room Data

When you create or join a room, we process:

  • Room ID and name — to identify and manage rooms
  • Video URLs — the YouTube URLs loaded into rooms
  • Chat messages — transmitted in real time to other room participants; chat messages are not stored on our servers and are lost when you leave the room

2.3 Technical Data

We automatically collect limited technical data for security and rate limiting:

  • IP address — used solely for rate limiting and abuse prevention; not stored long-term
  • Browser type / User Agent — standard HTTP headers, not stored

2.4 Cookies

We use a single, strictly necessary cookie:

  • refreshToken — an httpOnly cookie used to keep you logged in. It contains no personal information and cannot be read by JavaScript. It expires after 12 months or when you log out.

We do not use any advertising, analytics, or tracking cookies.

3. How We Use Your Data

We use the collected data exclusively for:

  • Providing and maintaining the TubeTime service
  • Authenticating your account and keeping you logged in
  • Enabling synchronized video playback and real-time communication in rooms
  • Preventing abuse and enforcing rate limits
  • Processing verification requests for creator badges

We do not use your data for advertising, profiling, or selling to third parties.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

  • YouTube — when you load a video, your browser connects directly to YouTube. YouTube's own privacy policy applies to that connection. We do not share any of your account data with YouTube.
  • Cloudflare — we use Cloudflare for CDN and DDoS protection. Cloudflare may process your IP address in accordance with their privacy policy.
  • Legal obligations — we may disclose data if required by law or to protect our rights.

5. Data Security

We implement appropriate technical measures to protect your data:

  • Passwords are hashed using bcrypt with individual salts
  • Authentication tokens are hashed (SHA-256) before database storage
  • Refresh tokens use automatic rotation with reuse detection
  • All connections are encrypted via HTTPS/TLS
  • Security headers (CSP, HSTS, X-Frame-Options) are enforced
  • Rate limiting is applied to all authentication endpoints

6. Data Retention

  • Account data — retained as long as your account exists
  • Saved rooms — retained as long as the room owner's account exists
  • Chat messages — never stored; only transmitted in real time
  • Refresh tokens — expired and revoked tokens are automatically cleaned up
  • IP addresses — used only in-memory for rate limiting; not persisted

7. Your Rights

You have the right to:

  • Access your personal data stored by us
  • Correct inaccurate data (e.g. update your email via Account Settings)
  • Delete your account and all associated data
  • Withdraw consent at any time by deleting your account

To exercise any of these rights, please contact us at [email protected].

8. Children's Privacy

TubeTime is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

10. Contact

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us:

[email protected]