Privacy Policy

We don't want your data. Here's exactly what exists anyway.

Data that touches the server

Data	Where stored	How long
Room codes	SQLite	24 hours, then deleted
Chat messages	SQLite	24 hours, then deleted
Who's in a room	Memory only	Until the room ends

That's the complete list. Nothing else.

Data that never touches the server

Your video and audio (P2P mesh mode — goes directly browser-to-browser)
Your real name (optional, unverified — type literally anything)
Your IP address (not logged)
Any persistent identifier of any kind

SFU mode (server-assisted calls)

For larger groups, media may pass through the server via an SFU (Selective Forwarding Unit) to improve quality. This media is forwarded in real-time to other participants, never recorded, never stored, and gone the moment the call ends.

The SFU routes video — it does not watch it.

Third-party services

none

No Google Analytics, Sentry, Mixpanel, Datadog, ad networks, or anything else phoning home.

The app makes no requests to third-party services during a call. Zero external telemetry.

What we do not collect

Accounts, emails, or passwords
Cookies
Analytics or usage tracking
Error or crash reports
Advertising or device IDs
Browser fingerprints
Cross-session tracking of any kind

Self-hosted instances

If someone else is running TalkToFriend on their own server, that operator controls everything — their infrastructure, their data, their rules. This policy only covers instances operated by the original author.

TalkToFriend is open source. If you're using a third-party hosted instance, you can read the code to verify what it does.

Your rights

Since we don't know who you are and store nothing about you beyond 24 hours, there's genuinely nothing to delete, export, or correct. Your data is already gone before you think to ask for it.

Questions

Open an issue on GitHub. That's the support channel.

Short policy because there's genuinely not much to say.