Privacy Policy

LAST UPDATED: MARCH 2026

1. What OpenedMic Is

OpenedMic is a browser-based live audio and video broadcasting service. A broadcaster opens a room; listeners join by room code, QR scan, or direct link. No installation or registration is required to use the service.

The service consists of a public landing page at https://www.openedmic.com/ and a separate operational application at https://www.openedmic.com/app. The application is designed for browser-first use and is installable on supported devices as a home-screen web application, without requiring distribution through a native app store.

2. No Registration Required

OpenedMic does not require you to create an account, provide an email address, or submit any personal information to use the service. You can create and join live rooms without registration.

3. What We Do Not Collect or Store

The following data is not collected, stored, or persisted by OpenedMic itself in its application logic, analytics systems, or telemetry systems:

Names, email addresses, usernames, or avatars
Room codes, room identifiers, or hashed room identifiers
Raw IP addresses or hashed IP addresses
Session identifiers or user identifiers of any kind
Device fingerprints or browser fingerprints
Chat message content
Reaction content
Room passwords
Copied link text
Audio, video, or media content of any kind
Free-text client error messages, raw stack traces, or request bodies
Any identifier, direct or derived, that can be linked to a person, device, browser, or session

4. Session Data

When you use OpenedMic, the following data is processed temporarily in memory to operate the service. None of it is persisted after the session ends:

Room codes — randomly generated 6-character codes, held in server memory only for the duration of the room's lifecycle
Nicknames and avatars — entered voluntarily per session, held in server memory only during the active session, discarded when the room closes
WebRTC signaling data — SDP offers, answers, and ICE candidates processed in real time for audio/video connection; not retained
Chat messages — relayed in real time within the room; not stored server-side
Reactions — relayed in real time; content is not stored or counted in analytics
Ephemeral broadcaster token — a short-lived random string stored in sessionStorage during an active broadcast to support brief reconnection within the same session; discarded when the browser session ends

5. Anonymous Operational Analytics

OpenedMic operates a self-hosted, server-side anonymous analytics system backed by a local SQLite database. This system collects strictly non-identifying operational signals to understand product usage, service health, and feature adoption over time. No personal data, no identifiers, and no free text are stored.

What the analytics system stores:

Timestamps (UTC)
Event type (e.g. room created, broadcast started, listener joined, feature used)
Broadcast mode or category selected
Whether a room was private or public
Listener count and peak listener count
Session duration in seconds
Language/locale setting
Coarse device class derived from the request (mobile / tablet / desktop / unknown)
Coarse browser family derived from the request (chrome / safari / firefox / edge / unknown)
Coarse operating system family derived from the request (ios / android / windows / macos / linux / unknown)
Join source category (QR code / direct link / manual code / unknown)
Feature usage indicators (e.g. screen share used, recording started)
Structured error category codes from a fixed whitelist (e.g. room_not_found, mic_permission_denied)
PWA interaction signals (e.g. install prompt shown, install accepted, standalone launch detected)
Server version at time of event

Raw User-Agent strings are never stored. Browser, OS, and device class are derived from the User-Agent at request time; the raw string is discarded immediately after derivation.

Analytics read and reporting endpoints are access-controlled and not publicly accessible. A basic aggregate summary page (/stats) is available without authentication and contains only anonymous operational totals — no personal data.

6. Structured Privacy-Safe Error Telemetry

The application includes a lightweight client-side error reporting mechanism. When a technical error occurs in the browser, the application may transmit structured, non-identifying telemetry to the server. This telemetry is strictly limited to:

Error type category (from a fixed whitelist, e.g. JS_ERROR, UNHANDLED_REJECTION)
Error family, stage, and surface from fixed whitelists (e.g. "permissions", "browser_api", "app")
Line and column number of the error
Coarse browser, OS, and device class (derived from User-Agent; raw UA discarded)
Language/locale setting

Free-text error messages, raw stack traces, request bodies, source file paths, and any content that could contain user-generated or identifying information are not transmitted and not stored. The client application strips all such fields before sending.

7. Contact Form

When you submit the contact form at openedmic.com/contact.html, your submission is sent to the OpenedMic server for validation. The server validates the format of your submission, records only a minimal anonymous operational signal (a count of successful submissions, with no content), and returns a response to your browser.

The submission content — including your name, email address, subject, and message — is received by the server but is not retained in any database, log file, or analytics system. Contact submissions are not currently forwarded to an external delivery service. If you need to reach the service operator directly, this limitation may affect message delivery.

8. Google Analytics 4

Both the public landing page at https://www.openedmic.com/ and the application at https://www.openedmic.com/app use Google Analytics 4 with the following privacy configuration:

IP addresses are anonymized before processing (anonymize_ip: true)
No analytics cookies or client-side storage are written to your device (storage: 'none', client_storage: 'none')
Data is used only to understand aggregate page usage
It is not used for advertising or individual user profiling

9. Installable Web Application

OpenedMic supports installation as a home-screen web application on supported devices and browsers. When you install the application:

The application shell is served from the same origin — no app store is involved
A service worker is registered in your browser to enable reliable loading of static assets (fonts and scripts) and to provide a basic offline message page if connectivity is unavailable
The service worker does not cache HTML pages or dynamic content. Live session functionality — room creation, joining, audio/video streaming, signaling — requires an active internet connection and is not available offline
If you dismiss the install prompt, a flag is stored in localStorage on your device to avoid showing the prompt again
If you launch the application in standalone mode (after installation), an anonymous install engagement signal may be recorded in the operational analytics system

10. Cookies and Browser Storage

OpenedMic does not use advertising cookies or tracking cookies. Browser-side storage is used only for the following functional purposes on your own device:

Language preference — app (localStorage key: openedmic-app-lang) — remembers your selected UI language in the application across visits
Language preference — landing page (localStorage key: openedmic-lang) — remembers your selected UI language on the landing page
Accessibility settings — landing page (localStorage key: openedmic-a11y) — remembers contrast, motion, and font preferences if you change them on the landing page
Install prompt dismiss flag (localStorage key: pwa-dismissed) — set if you dismiss the application install prompt, to prevent it from appearing again
iOS install hint dismiss flag (localStorage key: pwa-ios-dismissed) — set if you dismiss the iOS add-to-home-screen guidance, to prevent it from appearing again
Ephemeral broadcaster token (sessionStorage key: om_btoken_[room]) — stored during an active broadcast only to support brief reconnection within the same browser session; cleared automatically when the browser session ends

These browser-side storage values are used only for local application functionality, preference restoration, install-prompt suppression, or active-session continuity. They are not used for advertising, profiling, or personal identification. Where the application sends anonymous operational analytics or structured technical telemetry, the current locale may also be included as a non-identifying field.

11. Local Recording

If you use the local recording feature during a broadcast, audio and/or video is captured directly in your browser using the MediaRecorder API and saved to your own device as a WebM file. Nothing is uploaded to any server. OpenedMic has no access to your recordings. You retain full control of any recording you create.

12. Infrastructure and Third-Party Services

Render.com — origin hosting for the Node.js server. Standard access logs may be generated by the hosting platform per their policies.
Cloudflare — DNS and DDoS protection. All connections are HTTPS/TLS encrypted. Cloudflare may process connection metadata per their privacy policy. Note: the primary application domain currently operates in DNS-only mode; Cloudflare proxy protection applies to redirect domains.
Metered.live — TURN relay servers used to facilitate WebRTC peer-to-peer connections when a direct path is unavailable. TURN servers relay encrypted media streams and do not store media content.

13. No Advertising

OpenedMic does not display advertisements and does not share data with advertising networks.

14. Children

OpenedMic is not directed at children under the age of 13. We do not knowingly collect any data from children.

15. Changes to This Policy

This policy may be updated when the service changes. The date at the top of this page reflects the most recent revision. Continued use of the service after updates constitutes acceptance of the revised policy.

16. Contact

If you have questions about this privacy policy, please use the contact page.