Privacy Policy

The data controller is the operator of this Cabin instance. For self-hosted deployments, the controller is the entity that owns and operates the server. For the hosted SaaS service, the controller is identified on the website with contact details.

• Account data: email, hashed password, display name, plan tier, account creation date.
• Content (stored, not inspected): video files you upload or download, titles you provide, technical metadata (size, duration, codec), and watch progress. Files are stored on object storage on your behalf. The provider does not open, view, transcribe, scan, or otherwise inspect the content of your files, and does not maintain any catalogue of what users store.
• Usage data: storage used, monthly upload count, job history, locale preference.
• Technical logs: IP address, user agent, request timestamps. Retained for security and abuse prevention.
• Billing (SaaS only): handled by Stripe. We never store full card numbers.

• Providing the service (contract performance).
• Authentication, security, abuse prevention (legitimate interest).
• Billing and tax compliance (legal obligation, SaaS only).
• Service emails such as password reset and verification (contract).

The provider does not access, view, monitor, moderate, screen, or otherwise inspect the content of files uploaded, downloaded, or played by users. The platform acts as a neutral technical media-storage and playback service. The provider has no editorial control over user content, performs no automated content scanning beyond what is strictly necessary for technical delivery (transcoding, integrity checks), and assumes no general monitoring obligation.

The user is the sole party responsible for the legality of their content and for the use they make of the platform. Inspection of specific files may occur only upon a legally binding order from competent authorities, or upon a substantiated abuse report concerning clearly illegal material.

Account and content data are retained for as long as the account exists. On deletion, content is removed within 30 days, except where law requires longer retention (e.g. invoices). Backups roll off within 90 days.

• Backblaze B2: video object storage.
• Resend: transactional email delivery.
• Stripe: payments and subscription management (SaaS only).
• i18nez: UI string translation cache.

Under GDPR and applicable laws, you may request access, rectification, erasure, portability, and restriction of your data. You may also object to processing based on legitimate interest. Contact the data controller to exercise these rights.

Cabin uses only strictly necessary cookies and local storage for authentication, locale, and watch progress. No advertising or third-party tracking cookies are set.

The provider reserves the right to amend this Privacy Policy. The effective date above reflects the latest version.