Video Downloader Plus is built around a simple principle: process as much as possible in your browser, and be transparent about the rest. This page explains exactly what data Video Downloader Plus touches, where it goes, and why.Documentation Index
Fetch the complete documentation index at: https://vidow.io/docs/llms.txt
Use this file to discover all available pages before exploring further.
Processing happens in your browser
The following operations run entirely on your device. No video data, no media files, and no page content are uploaded to Video Downloader Plus’s servers for these tasks.| Operation | Where it runs |
|---|---|
| Stream detection | Your browser (network interception + DOM scanning) |
| Video downloading | Your browser (direct fetch from the source CDN) |
| Format conversion | Your browser (WebAssembly workers) |
| Audio extraction | Your browser (WebAssembly workers) |
| Cloud sync uploads | Direct from your browser to your chosen provider (Google Drive, Dropbox, S3, R2) |
What Video Downloader Plus stores in your browser
Video Downloader Plus persists state in two Chrome storage areas —sync for preferences that follow you across devices, and local for tab-level data and auth state.
Extension preferences (sync storage): theme, badge display mode, blocked sites list, format filters, default download path, minimum file size threshold.
Detected video metadata per tab (local storage): the page URL where a video was found, detected video stream URLs, video title, thumbnail URL, available quality options, and stream type (HLS, DASH, or direct MP4). This data is cleared automatically when the tab closes and is also purged after 24 hours regardless of tab state.
Authentication state (local storage): a flag indicating whether you are signed in, your subscription status, and a unique device identifier used to associate the extension with your account.
HD download limit cache: the current state of your download allowance, cached locally to avoid redundant server round-trips.
Saved video hashes: a set of content hashes used to keep your extension library in sync with your Video Downloader Plus account, so the UI can accurately reflect which videos you have already saved.
What Video Downloader Plus sends to our servers
Video Downloader Plus does contact our servers in specific, bounded situations. Here is every case, stated plainly:- Last-resort video detection: when network interception alone cannot find any video streams on a page, the page URL is sent to a Video Downloader Plus API endpoint that attempts server-side detection. No page content is transmitted — only the URL.
- Save to library: when you explicitly click to save a video, the video title, the originating page link, and the thumbnail URL are sent to our servers to create the library entry.
- Bug reports: the page URL, your browser name, and error details are transmitted only when you actively submit a bug report through the extension UI. No automatic crash reporting occurs.
- Device association: a unique identifier is sent on first sign-in to link anonymous usage activity to your account.
- Limit checks: your device identifier is sent to verify remaining downloads and cast sessions under your plan.
- Authentication state: session cookies set by the vidow.io web app are included with API requests to verify your login status. The extension itself never handles credentials — authentication happens entirely through the vidow.io web interface.
- Outbound link parameters: links that open vidow.io from the extension include campaign parameters (source, medium, and context), your browser name, and the extension version. These help us understand how the extension drives visits to the website.
What Video Downloader Plus does not collect
- Passwords or login credentials: authentication is handled via session cookies set on the vidow.io web app. The extension never intercepts, stores, or transmits login credentials.
- General browsing history: Video Downloader Plus only processes pages where you take an explicit action or where a video stream is detected. Unrelated browsing is never observed.
- Keystrokes, form data, or mouse activity: no input monitoring of any kind.
- Payment information: all billing is processed by Stripe server-side. The extension has no access to payment data.
- Video content or downloaded files: media files are downloaded directly to your device and never pass through Video Downloader Plus’s infrastructure.
- Location data: no geolocation is requested or inferred.
- Personal communications: no access to email, messages, or any communication channels.
Extension permissions
The following table covers every permission in Video Downloader Plus’s manifest and explains its exact purpose.| Permission | Purpose |
|---|---|
tabs | Associate detected video streams with their originating tab; update the badge icon and stream count per tab; detect tab navigation and closure to clear stale data; open install, uninstall, and download pages |
| Network monitoring | Watch for video media streams (HLS, DASH, MP4) as pages load and capture the headers needed to replay protected streams accurately |
| Download rules | Manage reliable file saving and the streaming player’s network routing |
storage | Persist extension state: preferences in sync storage; detected video data, authentication state, and limit cache in local storage |
downloads (optional) | Requested at runtime only when you initiate a download. Triggers the browser’s native download dialog with proper file naming. Never requested upfront |
all_urls (host permission) | Monitor network requests for video stream detection across all domains; run content scripts for DOM scanning and thumbnail extraction; fetch HLS/DASH manifests from arbitrary CDN origins |
Cloud storage security
OAuth providers (Google Drive, Dropbox)
Video Downloader Plus connects using industry-standard OAuth 2.0. Your Google or Dropbox password is never shared with Video Downloader Plus at any point. The authorization grant is scoped to the minimum permissions needed — upload access to a dedicated folder — and can be revoked at any time from your provider’s account settings. Refresh tokens are stored encrypted on Video Downloader Plus’s servers and rotated automatically before expiry.API key providers (AWS S3, Cloudflare R2)
Your access keys are transmitted over HTTPS and stored encrypted on Video Downloader Plus’s servers. We recommend creating a dedicated IAM user with write-only permissions scoped to a single bucket, rather than using root credentials. You can rotate your keys at any time and update them in Video Downloader Plus’s settings.Payment security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. Video Downloader Plus never receives, stores, or processes your card number. Payment details are entered directly into Stripe’s hosted payment forms, and payment processing communicates the outcome back to Video Downloader Plus without card data ever leaving Stripe’s infrastructure.Extension verification
Video Downloader Plus is published on the Chrome Web Store and passes Google’s review process before each release. The extension enforces a strict Content Security Policy:script-src 'self'; object-src 'self'. This means only code shipped with the extension can execute — no inline scripts, no external script sources, and no runtime code injection.
Account deletion
You can permanently delete your account at any time from vidow.io/settings/security. Deletion immediately and irreversibly:- Removes all personal data from Video Downloader Plus’s servers
- Erases your saved video library
- Cancels any active subscription