yoinkvideo

Privacy

Last updated: 2026-05-22

yoinkvideo is built to do one job — download a YouTube video to your device — and nothing else. This page tells you exactly what data passes through us, what we keep, and what we don't. We deliberately keep this short and concrete; the architecture is documented in detail on the Transparency page.

What we don't collect

  • — No account, sign-up, or email. There's nothing to log into.
  • — No record of which videos you downloaded. The web server runs with access logs disabled.
  • — No video file ever touches our disk. Video and audio streams are downloaded to an in-memory filesystem (tmpfs), processed, sent to you, and the buffers are released.
  • — No analytics. No Google Analytics, no Cloudflare Web Analytics, no Plausible, no Fathom, no Matomo. The page loads ~13 KB of our own JavaScript and that's it.
  • — No ad scripts. There's no third-party ad network on this site.
  • — No cookies we set. Your browser may see Cloudflare's standard challenge cookies in the rare event of a bot-check; those are Cloudflare's, not ours, and are described in their privacy policy.
  • — No social-network tracking pixels. No Facebook Pixel, no LinkedIn Insight Tag, no TikTok Pixel.

What we transiently see

Some data is unavoidably visible during a request. We use it for the single purpose listed and don't store it.

  • Your IP address at the Cloudflare edge. Used only to apply per-IP rate limits (counters in Cloudflare KV that expire automatically within the hour). Not written to any log we keep, not associated with the videos you request.
  • The video URL or ID you submit. Used to extract format options and stream the file back to you. The video metadata (title, duration, available formats) is cached at the edge for 24 hours per video ID so we don't hit YouTube for the same video twice within that window. The cache is keyed by the video ID alone; we don't know who requested it.
  • Standard HTTP headers (User-Agent, Accept-Language, etc.) at the Cloudflare edge. Used by Cloudflare for security/bot detection. Not retained by us.

Third parties in the path

Your request crosses these services. None of them get your identity (we don't have one to share):

  • Cloudflare — DNS, edge proxy, TLS termination, rate-limit storage, tunnel between the edge and our backend. Cloudflare can technically see request headers and traffic volume; their privacy policy governs that.
  • Oracle Cloud (compute) — runs the backend VM. They see network traffic to/from the VM but no application content (everything in/out is TLS).
  • YouTube / Google — sees a request for the video's manifest and the video file segments. Routed through Cloudflare WARP, so they see a Cloudflare-owned consumer IP, not the user's IP and not Oracle's datacenter IP.

Right to be forgotten

There's nothing to forget. We don't store identifiers tied to you. The only data with any retention is the per-video metadata cache (24-hour TTL, keyed by video ID, no user identifier) and per-IP rate-limit counters (one-hour TTL). Both expire automatically. There is no manual deletion request to file because there's no record to delete.

Changes to this page

If our data practices ever change, this page is updated and the date at the top reflects the change. We won't quietly start collecting things.

Contact

Privacy questions or removal requests: [email protected]. DMCA / takedown: [email protected].