← Back to home

Sidecall › Privacy Policy

Privacy Policy

Last updated: April 2026

Contents

  1. Overview
  2. How Sidecall Works
  3. TURN Relay (Free for Everyone)
  4. What We Collect
  5. Support & Donation Data (Optional)
  6. What We Do NOT Collect
  7. Data Storage
  8. Third-Party Services
  9. Browser Permissions
  10. Data Deletion
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact

1. Overview

Sidecall is a Chrome extension for peer-to-peer (P2P) audio and video calls with encrypted messaging. This Privacy Policy explains exactly what data we collect, when, and why.

We designed Sidecall to collect the absolute minimum data necessary to operate the service. The core extension is completely free and does not require any personal information. If you choose to optionally support the project through a recurring subscription or one-time donation, additional data such as your email is involved — but only for that voluntary contribution.

2. How Sidecall Works

By default, all calls and messages use peer-to-peer (P2P) technology via WebRTC:

  • Your audio, video, and messages travel directly between browsers — they do not pass through any Sidecall server.
  • All media is encrypted end-to-end using DTLS-SRTP, a standard WebRTC encryption protocol.
  • Text messages are encrypted using ECDH key exchange and AES-GCM encryption.
  • Our signaling server is used only to help two browsers find each other and establish a connection. It handles small signaling messages (connection offers, network addresses) but never touches call content.
  • Once the P2P connection is established, the signaling server is no longer involved in the call.

In P2P mode, no server can see or hear your conversation. Data flows directly from your browser to your contact's browser.

3. TURN Relay (Free for Everyone)

Some networks (corporate firewalls, strict NAT configurations, hotel or campus Wi-Fi, some mobile carriers) block direct P2P connections. To ensure calls connect for everyone, Sidecall operates its own free TURN relay servers in three regions: Europe (Helsinki), North America (Ashburn), and Asia (Singapore).

How TURN works in Sidecall:

  • TURN is enabled by default and free for all users — no payment, no subscription, no email required.
  • Sidecall always tries direct P2P first. TURN is only used when a direct connection fails.
  • When TURN is used, your encrypted call data passes through one of our TURN servers, which acts as a relay.
  • The TURN server cannot decrypt, read, or listen to your calls — it only relays encrypted packets.
  • You will see a "TURN" indicator in the call screen when a relay is in use (instead of "P2P").
  • If you prefer to never use a relay, you can disable TURN in Settings → Connection (calls may not connect on restrictive networks).

Important: When TURN is active, a relay server is involved in passing your data. However, all data remains encrypted end-to-end — the relay cannot see the content of your calls or messages.

4. What We Collect

For all users, we collect the absolute minimum needed to operate the service:

  • User ID: A randomly generated identifier (e.g., "user_abc123"). It is not tied to your name, email, or phone number. This ID is generated locally in your browser and stored on your device.
  • Online/offline status: Our signaling server knows which User IDs are currently connected, so it can route incoming call notifications to the right device.
  • Offline messages: If someone sends you a message while you're offline, it is stored temporarily on our server (encrypted) and delivered when you come back online. These are deleted after delivery or after 7 days maximum.
  • Last seen timestamp: The server records when each User ID last connected, used to compute aggregate metrics (e.g., total active users). This data is anonymous and not linked to any personal information.
  • IP address (transient): Your IP address is visible to our signaling server during the brief connection process, as is the case with any web service. We do not log, store, or analyze IP addresses.

You do not need to provide any personal information to use Sidecall. No name, email, phone number, or payment details are required for any core feature, including TURN relay.

5. Support & Donation Data (Optional)

Sidecall is 100% free and all features are available without payment. However, you can voluntarily support the project through a recurring subscription or a one-time donation. This is entirely optional — you can use the extension without ever providing this data.

If you choose to contribute, the following data is collected:

  • Email address: Required by Stripe to send you a payment receipt and to manage your subscription. For Patron-tier subscribers, this email is also used to add you to the Chrome Web Store Trusted Testers list (so you can install beta versions of the extension).
  • Stripe customer ID: A unique identifier provided by Stripe to link your subscription to your payment method. We store this to manage your subscription status.
  • Subscription tier & status: We store whether you are a Supporter, Friend, or Patron subscriber, along with the current period end date. Used solely to show your status in the extension and (for Patrons) maintain the Trusted Testers list.
  • One-time donation amount & date: For aggregate statistics only. Not linked to your User ID after processing.

What we do NOT store regarding payments:

  • Credit card numbers, CVV codes, or any card details
  • Billing addresses or personal identification numbers
  • Bank account information
  • Full transaction history (handled entirely by Stripe)

All payment processing is handled exclusively by Stripe, a PCI-DSS compliant payment processor. When you click "Continue to Checkout" in the extension, you are redirected to Stripe's secure checkout page, which is where you enter your payment details. Stripe handles all card data; Sidecall never sees or stores your card information.

About Patron tier and Chrome Web Store Trusted Testers:

  • If you subscribe at the Patron tier ($30/month), the email you provide is added to the Chrome Web Store Trusted Testers list. This allows you to install beta versions of Sidecall published as private (non-public) listings in the Chrome Web Store.
  • The email must be linked to a Google Account for Trusted Testers to work. We make this clear in the subscription form.
  • Adding your email to Trusted Testers is done through the Chrome Web Store Developer Console. It is shared only with Google's Chrome Web Store and is governed by Google's own privacy policy.
  • You can be removed from Trusted Testers at any time by cancelling your Patron subscription or by contacting us.

You can cancel your subscription at any time through the Stripe customer portal, accessible from Settings → Support Sidecall → Manage Subscription. Upon cancellation, your supporter status is removed immediately. Your email and subscription data can be deleted upon request (see Data Deletion section).

6. What We Do NOT Collect

  • Call content (audio, video)
  • Message content (text of your conversations) — even offline messages are encrypted
  • Call history or metadata (who called whom, when, for how long)
  • Your real name, phone number, or physical location
  • Browsing activity, history, or any data from other websites you visit
  • Keystroke data, mouse movements, or other behavioral analytics
  • Credit card numbers or banking information
  • Contacts or address book from your device

7. Data Storage

  • Contacts, call history, messages, and settings are stored locally in your browser using Chrome's storage API. They never leave your device unless you explicitly send a message to another user.
  • Signaling data (connection offers, ICE candidates) is processed in real-time and not stored after the connection is established.
  • Offline messages are stored temporarily (up to 7 days) on our signaling server until delivered, then deleted.
  • User registration data (User ID, last seen timestamp) is stored on our server to enable connection routing and aggregate metrics. No personal information is associated with this data.
  • Subscription data (email, Stripe customer ID, subscription tier and status) is stored on our server only for users who voluntarily subscribed via the Support feature. This data is retained as long as the subscription is active, or until you request deletion.

8. Third-Party Services

  • Sidecall TURN servers — Sidecall operates its own TURN relay servers in three regions (Europe, North America, Asia). When TURN is used, your encrypted call data passes through these servers, but they cannot decrypt it.
  • Stripe — processes subscription payments and one-time donations. Stripe is a PCI-DSS compliant payment processor. Sidecall does not have access to your card details. Used only when you voluntarily contribute. Stripe Privacy Policy
  • Google STUN servers — used to discover your public network address for P2P connections. These are standard, free servers provided by Google that only process minimal network information.
  • Google Chrome Web Store (Trusted Testers) — for Patron-tier subscribers, your email is added to the Chrome Web Store Trusted Testers list to enable beta access. The list is managed via Google's Chrome Web Store Developer Console. Google Privacy Policy
  • Railway — our signaling server is hosted on Railway's infrastructure. Railway may log basic request metadata (timestamps, IP addresses) as part of standard hosting operations. Railway Privacy Policy
  • Hetzner — our TURN servers are hosted on Hetzner's infrastructure (Finland, USA, Singapore). Hetzner may log basic request metadata as part of standard hosting operations. Hetzner Privacy Policy

9. Browser Permissions

Sidecall requests the following Chrome permissions:

  • tabs — to open a dedicated call page in a new tab when a call starts, and to open Stripe checkout when you choose to support the project. Only used for those purposes; we do not read or track your other tabs.
  • notifications — to alert you about incoming calls and new messages when the extension panel is not visible.
  • storage — to save your contacts, messages, settings, and User ID locally in your browser.
  • sidePanel — to display the extension interface in Chrome's native side panel.
  • host permission for our signaling server — to establish WebSocket connections for P2P signaling. This is the only external host the extension connects to directly (Stripe checkout opens in a new tab using the standard browser).

The extension only activates when you interact with it. It does not monitor your browsing activity, read website content, or track any data outside its own interface.

10. Data Deletion

All users:

  • All your local data (contacts, messages, settings, User ID) is stored in your browser. To delete it, simply uninstall the extension or clear the data in Chrome's extension settings.
  • Offline messages temporarily stored on our server are auto-deleted after 7 days or upon delivery.
  • Your User ID record on our server (used for connection routing) does not contain personal information and can be removed by contacting us.

Subscribers and donors:

  • You can cancel your subscription at any time via the Stripe customer portal accessible from Settings → Support Sidecall → Manage Subscription. Cancellation is immediate.
  • To request permanent deletion of your email and subscription record from our server, email us at support@sidecall.online. We will process deletion requests within 30 days.
  • For Patron subscribers: cancellation also triggers your removal from the Chrome Web Store Trusted Testers list at the next manual update (typically within 7 days).
  • Payment history is retained by Stripe according to their own policies and legal requirements.

11. Children's Privacy

Sidecall is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For significant changes (e.g., new data collection), we will notify existing subscribers via email. Continued use of the extension after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy, want to request data deletion, or have any other concerns, contact us at support@sidecall.online.