Privacy Policy

Last updated: May 2025

We don't collect personal data. We don't log the URLs you paste. We don't track you across sessions. Downloaded files are deleted from our server shortly after delivery. The only data we store is what you choose to submit — like a contact form message.

Contents

  1. What we collect
  2. What we do not collect
  3. Cookies & session data
  4. How downloads work
  5. Contact form data
  6. Third-party services
  7. Data retention
  8. Your rights
  9. Security
  10. Changes to this policy
  11. Contact us

1. What we collect

We collect only the minimum data necessary to provide the service:

  • Server logs: Standard web-server access logs (IP address, timestamp, HTTP method and path, response code, user-agent string). These logs are used solely for security monitoring and are automatically rotated and deleted after 7 days.
  • Rate-limit counters: An anonymised hash of your IP address is held in memory for up to 1 hour for rate-limiting purposes only. It is never written to permanent storage.
  • Contact form submissions: If you use the Contact page, we store your name, email address, subject, and message in order to reply to you. See section 5.

2. What we do not collect

  • We do not log or store the URLs you submit for downloading.
  • We do not create user accounts or require registration.
  • We do not fingerprint your browser or device.
  • We do not associate download activity with any identity.

3. Cookies & session data

We use a minimal session cookie (session) that is required for the download of certin platforms.

The theme preference you set (dark/light) is stored in localStorage, which stays on your device and is never transmitted to our servers.

4. How downloads work

When you request a download:

  • Your URL is sent to our server, which uses yt-dlp to fetch the media from the source platform.
  • The file is temporarily stored in a server directory while it is prepared for delivery.
  • The file is streamed to your browser and then deleted from our server within minutes of the download completing.
  • We do not keep copies, build libraries, or retain any downloaded content.

We are not responsible for how you use downloaded content. It is your responsibility to respect the intellectual property rights and terms of service of the platforms you download from.

5. Contact form data

If you contact us via the Contact page, we collect your name, email, subject, and message. This information is:

  • Used solely to respond to your enquiry.
  • Sent to and stored in our administrative email inbox.
  • Never shared with third parties, sold, or used for marketing.
  • Retained only as long as necessary to resolve your query, after which it may be deleted on request.

To request deletion of a message you submitted, email us at sirenapari@gmail.com with the subject "Delete my data".

6. Third-party services

We use the following third-party services whose privacy policies apply independently:

  • Google Fonts — for typography. Google may log font requests. You can review Google's Privacy Policy.
  • Hosting — our infrastructure providers process all traffic. They may log IP addresses, request metadata, and other standard server logs. We choose providers with strong privacy commitments and minimal data retention policies.
  • Source platforms (YouTube, Instagram, etc.) — when we fetch media on your behalf, those platforms may log the request from our server IP.

7. Data retention

  • Server access logs: 7 days, then automatically purged.
  • Rate-limit data: up to 1 hour in memory, never persisted.
  • Downloaded media files: deleted within minutes of delivery.
  • Contact form messages: retained in email until manually deleted; available for deletion on request.
  • Blog comments: stored indefinitely unless you request removal.

8. Your rights

Depending on your jurisdiction, you may have rights including access, correction, deletion, restriction of processing, data portability, and the right to object. To exercise any of these rights, contact us at sirenapari@gmail.com. We will respond within 30 days.

Because we collect so little data, most requests can be fulfilled immediately. We do not have the ability to identify you from an IP address alone.

9. Security

We take reasonable technical precautions to protect data in transit and at rest:

  • HTTPS/TLS encryption for all traffic.
  • Rate limiting on all public API endpoints to prevent abuse.
  • Parameterised database queries to prevent SQL injection.
  • Input validation and output escaping on all user-supplied data.
  • Session cookies with HttpOnly, Secure, and SameSite flags.
  • File upload restrictions (type checking, size limits, sanitised filenames).

No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly by emailing sirenapari@gmail.com.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. We encourage you to review this page periodically. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact us

Questions, concerns, or data requests can be sent to: