Legal

Privacy Policy

Last updated: January 2026

This Privacy Policy describes how the All In One Capture browser extension and website handle your information. The short version: we collect as little as possible, your media never leaves your computer unless you choose to share it, and you can use almost everything without an account.

1. What stays on your device

  • Screenshots and recordings. Created locally and saved to your computer via the browser's downloads folder. They are never uploaded to us.
  • Video and audio during a call. Travel directly between peers via WebRTC. Our servers never see media content — only signaling messages required to establish the connection.
  • Extension preferences. Stored in your browser's local storage (e.g. display name, click-highlight toggle).

2. What our signaling server briefly handles

To establish a peer-to-peer call, browsers must exchange small "signaling" messages (SDP offers/answers and ICE candidates). Our signaling server (a Cloudflare Worker) relays these messages between peers in the same room. It does not store them — once a peer leaves, the data is discarded.

Live chat messages also travel through this relay during a call. If you have configured an API server (see below), chat messages may also be persisted there.

3. What the optional API server stores

The API server is opt-in. If you connect to one, the following may be stored:

  • Account data: email, display name, password hash (bcrypt), and provider IDs if you sign in with Google or Facebook. Avatar URL is stored if your provider supplies one.
  • Chat history: messages you send in a room are stored with the room ID, sender name, content and timestamp. Anonymous posts store only the sender name you entered.

If you do not configure an API server, none of this exists for you.

4. Third-party services

  • Google STUN servers (stun.l.google.com) help your browser discover its public IP for WebRTC. Google receives only the connection attempt — no audio, video, or message content.
  • Google OAuth / Facebook Login are used only if you click their respective sign-in buttons. They follow each provider's privacy policy.
  • Cloudflare hosts the signaling relay. They see only WebSocket-frame metadata required to route traffic.

5. Permissions the extension asks for

Each permission has a specific purpose:

  • activeTab, tabs, scripting — capture the current page and inject the region-selection overlay on demand.
  • desktopCapture, tabCapture — invoke the OS screen / window / tab picker for recording.
  • downloads — save screenshots and recordings to your downloads folder.
  • storage — remember your preferences locally.
  • identity — drive the OAuth flow if you click Google / Facebook sign-in.
  • notifications, contextMenus — show status notifications and right-click menu entries.

6. Cookies on this website

This marketing site does not set tracking cookies. If you ever see one, please tell us so we can fix it.

7. Your choices

  • You can use the extension fully without creating an account.
  • If you have an account, email us at jass.app.dev@gmail.com to request deletion of your data.
  • You can disable or uninstall the extension at any time from your browser's extensions page.

8. Children

The service is not directed at children under 13 and we do not knowingly collect personal information from them.

9. Changes to this policy

If we materially change this policy, we'll update the "Last updated" date at the top and, where possible, notify signed-in users by email.

10. Contact

Questions or requests: jass.app.dev@gmail.com