Privacy Policy

Last updated: June 20, 2026

CouchCam ("we", "us", or "our") operates the CouchCam Roku channel and the couch-cam.com website. This policy explains what data we collect, how we use it, and your rights.

1. What we collect

• Ring OAuth tokens — encrypted access and refresh tokens issued by Ring when you authorise CouchCam. Retained until you remove CouchCam from Ring Linked Apps.
• Ring account ID — an internal identifier used to associate your Ring account with your Roku device. Never exposed in responses.
• Session tokens — a random UUID generated per Roku device. Retained until you remove CouchCam from Ring Linked Apps.
• Pairing codes — temporary 6-character codes used to link your Roku to your Ring account. Expire after 10 minutes and are purged from our database.
• Server logs — standard web-server access logs (IP address, request path, timestamp) retained for up to 7 days for debugging and abuse prevention, then automatically deleted.

2. What we do NOT collect

• We do not record, store, or transmit video or audio from your Ring cameras. All video is streamed in real-time and never written to disk beyond the live HLS buffer (last ~10 seconds in RAM), which is discarded when streaming stops.
• We do not collect video metadata such as motion event timestamps, location data, or device status beyond what is needed to route a live stream request.
• We do not collect your Ring username, password, or account email.
• We do not use advertising trackers or analytics SDKs.
• We do not sell or share your data with third parties for any purpose other than operating the service.

3. Purposes for which data is processed

Each data element is used for a single, specific purpose:

• Ring OAuth tokens — authenticate to the Ring API to fetch your camera list and initiate live WHEP video streams on your behalf. No other use.
• Ring account ID — link your Ring account to your Roku device during pairing. No other use.
• Session token — authenticate your Roku device on every API request (camera list, stream start/stop). No other use.
• Pairing codes — one-time bridge between your Roku and your Ring account during the 10-minute setup window. No other use.
• Server logs — debugging service issues and detecting abuse (e.g., rate-limit violations). No other use.

4. AI model training & AI capabilities

CouchCam does not use any customer data — including Ring OAuth tokens, session data, video streams, or server logs — for AI or machine learning model training, either internally or via third-party services. No video or image data from your Ring cameras is ever analysed, stored, or processed by any automated intelligence system operated by CouchCam.

CouchCam currently has no AI capabilities of any kind — no motion detection, no person/pet/vehicle detection, no image recognition, and no accuracy scoring. CouchCam is a pure live-streaming app: video is passed from Ring cameras to your Roku TV in real-time with no automated analysis.

If AI capabilities are introduced in the future (e.g., on-device detection features), we will: (1) update this policy with a new "Last updated" date at least 30 days before the feature is enabled; (2) post a notice on couch-cam.com; and (3) describe the capability, what data it processes, its accuracy limitations, and how to opt out. Users who do not wish to use any future AI features will always have an opt-out available before the feature is activated.

5. Data retention

• Ring OAuth tokens & session tokens — retained until you remove CouchCam from your Ring linked apps (Ring app → Account → Linked Apps). Upon removal Ring fires a webhook and we permanently delete all associated data within seconds.
• Pairing codes — pending codes expire after 10 minutes and are automatically purged. Completed codes are purged after 30 minutes.
• Server logs — automatically deleted after 7 days.
• Live video buffer — the last ~10 seconds of HLS segments exist only in server RAM and are discarded immediately when the stream stops or the server restarts.

6. Data sharing & sub-processors

CouchCam shares data with two sub-processors:

• Amazon Web Services (AWS) — our backend server runs on an AWS EC2 instance (us-east-1 region). AWS stores the encrypted Ring OAuth tokens on our behalf and cannot decrypt them. AWS is bound by its Privacy Policy and our Data Processing Addendum.
• Roku Inc. — the CouchCam channel runs on your Roku device. Roku's video player renders the live Ring camera HLS stream on-screen, and the CouchCam session token is stored in the Roku device registry. Roku does not receive Ring OAuth tokens or Ring account credentials. Roku's handling of on-device data is governed by its Privacy Policy and the Roku Developer Distribution Agreement.
• Ring LLC (Amazon) — Ring OAuth tokens are sent to the Ring API to fetch your camera list and initiate live streams. Your use of Ring cameras is governed by Ring's Privacy Policy.

No other third parties receive your data. We do not use advertising networks, analytics platforms, or data brokers.

7. Human review of customer data

No employee, contractor, or agent of CouchCam views, accesses, or reviews video or audio from your Ring cameras for any purpose. Video is streamed in real-time directly to your Roku device and is never persisted to storage. Server logs (IP address, request path, timestamp) may be reviewed by the developer solely for debugging service issues; they contain no video content.

8. Security

All communications between your Roku, our server, and the Ring API use TLS 1.2 or higher. OAuth tokens are encrypted at rest using AES-256-GCM. Our server is a single-tenant EC2 instance with firewall rules restricting inbound access to ports 80 and 443 only.

9. Your data control

You control all data CouchCam holds about you:

• View your data — all data CouchCam holds is limited to encrypted OAuth tokens, a session token, and access logs. There is no user profile, video history, or settings to review.
• Delete your data — remove CouchCam from the Ring app (Account → Linked Apps → Remove CouchCam). This triggers immediate, permanent deletion of all your tokens and stream data from our servers. Alternatively email privacy@couch-cam.com for manual deletion within 48 hours.
• Revoke video access — removing CouchCam from Ring Linked Apps immediately revokes the OAuth token, preventing any further stream access.

10. Opt-out mechanisms

• Stop all data processing immediately — remove CouchCam from Ring app → Account → Linked Apps. This is the primary opt-out and takes effect within seconds.
• Stop streaming without unlinking — simply close the CouchCam channel on your Roku. No data is collected when the channel is not running.
• Delete account & all data — email privacy@couch-cam.com. Permanent deletion completed within 48 hours with written confirmation.

11. Your privacy rights & how to exercise them

You have the right to access, correct, delete, or port your personal data, and to object to or restrict its processing, subject to applicable law (including GDPR and CCPA where applicable).

To submit a Data Subject Access Request (DSAR) or deletion request:

• Email privacy@couch-cam.com with subject line "Privacy Request"
• Include: your request type (access / deletion / correction / portability), and enough information to identify your account (e.g., the Roku device used or approximate date of pairing)
• We will acknowledge within 5 business days and complete the request within 30 days

For immediate deletion, removing CouchCam from Ring Linked Apps is faster (takes effect in seconds).

12. Children's privacy

CouchCam is not directed at children under 13. We do not knowingly collect data from children.

13. Changes to this policy

We may update this policy. The "Last updated" date at the top will reflect any changes. For material changes we will update this page and, where reasonably possible, notify users via the CouchCam channel or couch-cam.com. Continued use of CouchCam after changes constitutes acceptance.

14. Contact

Privacy questions or requests: privacy@couch-cam.com