Privacy Policy

Last updated: April 2026

Anonymous by design

Nightcap is built to minimize the personal data we collect. You do not need an account to use the core product. However, we do process certain data as described below, some of which constitutes personal data under applicable privacy regulations including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

What we collect and why

Data	Purpose	Lawful basis (GDPR)
IP address (SHA-256 hashed)	Ban enforcement, abuse prevention, rate limiting	Legitimate interest (Art. 6(1)(f))
Session tokens	Session continuity, matchmaking	Legitimate interest
Moderation logs (hashed IP, confidence scores, categories)	Content moderation, safety compliance, transparency reporting	Legitimate interest / legal obligation (Art. 6(1)(c))
Session analytics (chat counts, mode, country)	Service improvement, abuse pattern detection	Legitimate interest
Reports submitted by users	Safety enforcement, compliance with legal obligations	Legitimate interest / legal obligation
Email address (subscribers only)	Subscription management, billing notices, cancellation confirmation	Performance of contract (Art. 6(1)(b))
Payment data (processed by Stripe)	Payment processing for Boosts and subscriptions	Performance of contract

Note on IP hashing: We hash your IP address using SHA-256 with a server-side salt. While we never store your plaintext IP, hashed IPs constitute pseudonymized personal data under GDPR because re-identification is theoretically possible with the salt. We treat this data accordingly.

Automated content moderation

Nightcap uses automated systems to detect prohibited content during your sessions:

Video frames: Periodically sampled and analyzed by AWS Rekognition for prohibited visual content. Frames are processed transiently and not permanently stored.
Text messages: Analyzed by OpenAI's moderation API for prohibited language. Message text is processed transiently.
Client-side detection: MediaPipe runs in your browser for real-time content classification. This data does not leave your device.

When the automated system detects a potential violation, it logs the confidence score, category, and action taken. High-confidence detections may result in automatic session termination and access restriction. All automated decisions can be appealed.

Private Mode and your data

Private Mode disables the automated NSFW content filter. It does not create an encrypted or unmonitored channel. Nightcap retains the right and obligation to scan for illegal content (including CSAM, credible threats, and terrorism-related material) in all modes, including Private Mode. No video or audio is stored permanently.

What we do NOT collect

Permanent recordings of video or audio from your sessions
Conversation transcripts or message content (beyond transient moderation analysis)
Device fingerprints or persistent tracking identifiers
Precise geolocation (country is derived from IP by Cloudflare at the network edge)

Data processors

We share data with the following third-party processors:

Stripe: Payment processing. Subject to Stripe's privacy policy and DPA.
AWS (Rekognition): Video frame moderation. Processed under AWS's GDPR DPA. Frames are not used for model training.
OpenAI: Text moderation. Processed under OpenAI's API data usage policy and DPA. Messages are not used for model training.
Cloudflare: CDN, DDoS protection, WebSocket signaling. Subject to Cloudflare's privacy policy and DPA.
Vercel: Web application hosting. Subject to Vercel's DPA.

Data retention

Hashed IP bans: deleted when the ban expires (max 30 days for temporary; permanent bans retained indefinitely)
Session reports: retained for 90 days
Moderation logs: retained for 90 days (CSAM-related records retained as required by law)
Session analytics: retained for 12 months, then aggregated and anonymized
Subscription/payment records: retained for 3 years for accounting and tax purposes

Law enforcement and legal disclosure

We may disclose information to law enforcement when required by law, subpoena, or court order, or when we have a good-faith belief that disclosure is necessary to prevent imminent harm. We cooperate fully with NCMEC CyberTipline reports and applicable mandatory reporting requirements.

Your rights

Under GDPR, CCPA, and similar frameworks, you have the right to:

Access: Request a copy of the data associated with your IP hash.
Deletion: Request deletion of data associated with your IP hash.
Rectification: Request correction of inaccurate data.
Object: Object to processing based on legitimate interest.
Portability: Receive your data in a structured, machine-readable format.

To exercise these rights, email privacy@nightcap.chat with your current IP address. We will hash it to locate your associated records and respond within 30 days.

California residents:Under the CCPA, you have the right to know what personal information we collect, request deletion, and opt out of any sale or sharing of personal information. Nightcap does not sell personal information. To the extent that sharing data with our processors constitutes "sharing" under CCPA, you may opt out by emailing privacy@nightcap.chat.

Cookies and local storage

Nightcap does not use tracking cookies. We use browser localStorage to store your session token, age verification status, and subscription state. These are functional storage items necessary for the service to operate and do not track you across sites.

Changes to this policy

We may update this Privacy Policy at any time. Material changes will be announced via an in-app banner. Continued use after changes constitutes acceptance.

Contact

Questions? Email privacy@nightcap.chat