Start a video conference
Spin up a private room and share the link. Audio, video, and screen sharing go directly between the browsers on the call — peer to peer. Our server only relays the initial connection setup; it never sees your media.
New room
How your media stays private
- Audio and video are encrypted end-to-end (DTLS-SRTP) and sent directly between browsers.
- You can check who's on the call at any time — and it doubles as a tripwire if a name you don't expect shows up.
- Rooms auto-expire and are deleted. No accounts, no recordings.
What our server can and can't see
Your media is peer-to-peer. Audio, video, and screen shares are encrypted with DTLS-SRTP and sent directly between the browsers on the call. Our server never relays, records, or decrypts your media — we only run a STUN server (no TURN) that helps your browsers find a direct path to each other.
What the server does see. To set up the call, your browsers exchange connection details (SDP and ICE candidates) and our signaling server relays those between you. They describe how to connect — including IP addresses and codec capabilities — but contain none of your audio or video.
The honest caveat. Because we relay the connection setup, a malicious or compromised signaling server could in principle insert itself in the middle (a man-in-the-middle). Your browsers verify each other's encryption fingerprint, but that fingerprint travels through us — so the cryptography alone doesn't stop us, only our honesty and our open-source code do. We don't do this. If that residual trust is unacceptable, use a tool with out-of-band fingerprint verification.
The roster. The list of who's on the call is a convenience, not a cryptographic identity proof. Names are typed in by each participant and are not verified. Treat it as a tripwire: if a name you don't recognize appears, hang up.
The optional password. If you set one, it's a random value generated in your browser. Your browser sends only a SHA-256 hash of it (bound to this room's id) — the password itself never reaches our server. We store the hash and compare it, in constant time, when someone joins. It keeps out a stranger who has the link but not the password; it does not encrypt your media.
A STUN-only honest limit. Because we run no relay server (TURN), if two people are both behind strict ("symmetric") NATs, their browsers may be unable to find a direct path and the connection will fail. There is no fallback for that case, by design — this is the price of keeping media strictly browser-to-browser.
Lifecycle. Rooms expire (3 hours, 24 hours, or 7 days) and are then deleted from the database. Leaving the call removes you from the roster; a missed heartbeat removes you automatically. We never log SDP, ICE candidates, display names, or tokens.