Cute Koala representing privacy and data security

Privacy Policy

Security & Privacy

1. Hosting & Logfiles

This site is hosted on a private server. To ensure stability, standard server logs (IP, browser, time) are collected, but not linked to individuals and are automatically deleted after 7 days.

2. No Third Parties & Open Source

KoalaSync deliberately avoids analytics tools, tracking cookies, or advertising networks. We do not load any third-party resources (such as Google Fonts) to maximize the protection of your privacy.

Since KoalaSync is 100% open-source, every single line of code can also be publicly viewed and audited for security on our GitHub repository.

3. Relay Server Architecture

Our relay server operates exclusively in memory (RAM). Messages between participants are not stored on hard drives and are volatile. As soon as a room is closed, all associated metadata is immediately deleted. We don't track you. We only track our server, relying on aggregated, anonymous, and non-personal system performance metrics to monitor server health.

4. Browser Extension

To enable cross-device synchronization, the KoalaSync browser extension temporarily captures data from the currently active video tab (e.g., tab title, media metadata like the video title, and playback state). This data is exclusively sent to other participants in your room for synchronization. We explicitly do not read, store, or transmit your general browsing history.

5. Extension Permissions

To fulfill its technical purpose, the browser extension requires certain permissions. Each permission is used exclusively for core functionality:

  • storage: Allows local storage of your username, server URL, and room credentials in your browser so you don't have to log in every time.
  • tabs: Required to list open tabs in the extension's dropdown and read their titles, making it easy for you to select the correct video tab.
  • scripting: Required to securely inject the synchronization script (content.js) into your selected video tab.
  • alarms: Prevents the extension's background service worker from being suspended by the browser during an active synchronization session.
  • activeTab: Enables secure, temporary interaction with the currently active tab for direct playback commands.
  • notifications: Enables optional desktop notifications, such as when a new friend joins the room.
  • <all_urls> (Host permission): Allows the extension to scan for HTML5 video elements on any website, enabling cross-platform synchronization (e.g., on YouTube, Netflix, Jellyfin etc.).

6. Brute-Force Protection

For the security of our users, we store failed login attempts (IP address and room ID) for a maximum of 15 minutes in RAM to prevent automated attacks. This data is deleted without a trace afterwards.

7. Your Rights

You have the right to information, correction, or deletion of your data. However, since we do not store any personal data permanently, linking data to your person is technically impossible in most cases.

Contact for questions: