Privacy is not a feature. It is the foundation.

All media routes through the platform's own TURN relay servers rather than directly between the two browsers. In standard WebRTC peer-to-peer mode, the two browsers exchange their IP addresses as part of the connection negotiation process. This is the well-known WebRTC IP leak problem. The fix is to force all media through a relay server that the platform controls. Neither the Host's nor the Guest's browser ever learns the other party's IP address.

Both parties connect to the TURN server, and the TURN server relays the media between them. The IP address that each party's browser sees in the connection is the TURN server's IP, not the other person's. This is a non-negotiable requirement. It is also a cost driver, since relaying media is more expensive than peer-to-peer, but it is the only architecture that genuinely protects both parties.

Guests must never be asked to create an account, provide an email address, or supply any personally identifying information. The session URL is their credential. This is both a privacy protection and a UX advantage: reducing friction for the Guest increases the likelihood they actually join the session.

The platform does not record, log, or store any video, audio, or chat content from sessions. This is both a privacy commitment and a legal risk reduction strategy. If the platform does not store the content, it cannot be subpoenaed, breached, or misused. The session exists in memory for its duration and then it is gone.

The one exception is the Verified Snapshot feature, which requires retaining a brief recording for the duration of the Snapshot's validity period. This is explicitly opt-in, requires Host consent, and is clearly disclosed in the privacy policy.

Host accounts require only an email address and a password. No real name, no phone number, no payment address beyond what a payment processor requires for Pro subscriptions. The platform does not know who the Host is in any meaningful sense beyond their email.

No browser-based solution can completely prevent a determined user from capturing what is on their screen, because a person can always point a second camera at their monitor. However, the platform implements meaningful deterrents.

The session page disables the browser's native screenshot shortcut handling where the API permits it. A visible, persistent watermark on the video feed includes the session ID and a timestamp, making any captured image traceable back to the specific session. A clear notice is displayed to both parties at the start of every session stating that screenshots and recordings are prohibited by the platform's terms of service.