Who runs Cairn
Cairn is an independent side project. It is not affiliated with YouTube, Google, Stanford, MIT, or any other organization.
For privacy or other questions: [email protected]
Without an account (guest mode)
Cairn works without signing in. In this mode:
- Your course list, watch progress, and personal notes are stored only in your browser, using Chrome's built-in extension storage. They are not sent to Cairn's servers.
- The extension reads YouTube pages you are already viewing in order to detect which video is playing and track your progress against courses you have added. It does not read pages outside YouTube.
Some operations require contacting Cairn's servers even in guest mode:
- Adding a course: when you paste a YouTube playlist URL, Cairn's server fetches the playlist's public metadata (title, video count, lecture titles, durations) so it can be tracked.
- Browsing the public course catalog: the catalog is shared across all users, so loading it is a server request.
- Loading lecture-level public data: ratings and public comments on a lecture are loaded from the server when you view that lecture.
For these requests, our hosting provider (Cloudflare) handles standard server logging for security and abuse prevention. See Cloudflare's privacy policy for details on what they log. Cairn itself does not associate these requests with any identity, since you don't have one. No cookies are set, no fingerprinting is performed, no tracking IDs are assigned by Cairn.
You can clear all guest data at any time by uninstalling the extension or clearing extension data in Chrome's settings.
With an account (signed in)
If you sign in to access community features (posting public comments, rating lectures or courses, liking comments, contributing to the catalog), Cairn creates an account on its servers. The account is created using Google sign-in.
What Cairn requests from Google
Cairn requests only the openid scope from Google. This
means Cairn receives:
-
A unique opaque identifier for your Google account (called a
sub), which Cairn uses to recognize you on subsequent sign-ins.
That's it. Cairn does not request or receive:
- Your email address
- Your name
- Your profile picture
- Any access to your YouTube account, watch history, subscriptions, comments, or any other Google service
- Any access to other Google APIs
What Cairn stores about your account
When you first sign in, Cairn creates a record with:
- An internal account ID (a random UUID, not visible to other users)
-
The Google
subidentifier, used to recognize you on future sign-ins - An auto-generated nickname (e.g., "Forest Walker"), which you can change in settings
- The timestamp of account creation and most recent sign-in
Cairn does not store your email address, name, or profile picture. Cairn cannot send you email, because Cairn does not know your email address.
What Cairn syncs across your devices
When you are signed in, the following data is stored on Cairn's servers and synced to any browser where you sign in:
- Your enrolled courses
- Your watch progress on lectures within those courses
- Your personal comments (notes you marked as Personal)
- Your public comments (notes you marked as Public)
- Your lecture and course ratings
- Your nickname
This data is associated with your account and is visible only to you, except for the public-by-design data described next.
What is shared publicly when you opt in
The following data is publicly visible to other Cairn users when you choose to share it:
- Public comments. When you post a comment with the Public toggle, it becomes visible to other users on the same lecture, attributed to your nickname.
- Likes on public comments. When you like a public comment, it adds to that comment's like count. Your individual like is associated with your account internally (to prevent double-liking) but is not publicly attributed to you.
- Catalog contributions. When you add a new course to the catalog, the catalog entry is attributed to your nickname.
- Lecture and course ratings. Your ratings (usefulness and difficulty) contribute to public aggregate scores. Your individual rating is not displayed to others alongside your nickname.
You can switch a comment from Public back to Personal at any time, which removes it from public view.
What Cairn never asks for
- Real name
- Phone number
- Address
- Profile photo
- Payment information
- Date of birth
- Access to your YouTube account or any other Google service
Data we do not collect
Cairn does not collect, store, or transmit:
- Your YouTube watch history (Cairn only knows about videos in courses you've enrolled in)
- Your activity on YouTube outside of tracked courses
- Your activity on websites other than YouTube (the extension only reads YouTube pages)
- Telemetry, analytics, or usage metrics of any kind
- Crash reports
- Any information about your device beyond what is required for HTTPS requests
Cairn does not use Google Analytics, Mixpanel, Segment, or any other analytics service. Cairn does not embed any third-party trackers, advertising networks, or marketing pixels.
Cookies and similar technologies
Cairn does not use cookies in the extension UI.
When you sign in, Cairn issues a session token stored in Chrome's extension local storage (not as a browser cookie). This token is sent with API requests to identify your session. It expires after 30 days.
Cairn's landing page (cairnstudy.com) is a static HTML
page served by Cloudflare Pages. It does not set any cookies and
contains no JavaScript trackers.
Third parties
Cairn uses the following third-party services to operate. Each has its own privacy policy:
- Cloudflare hosts the API, database, and landing page. Cloudflare handles standard server logging for security and abuse prevention. See Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/ for details on what they log.
-
Google (Sign-In) is used for authentication.
Google's handling of sign-in flows is governed by Google's privacy
policy at
https://policies.google.com/privacy. As described above, Cairn requests only the
openidscope. - YouTube. Cairn reads YouTube pages in your browser to detect playback progress. Cairn does not interact with YouTube's API. Your interactions with YouTube itself (watching videos, viewing comments, etc.) are governed by YouTube's privacy policy.
Cairn does not share your account data with any third party for marketing, advertising, or analytics purposes.
How to delete your data
You can delete your data at any time:
- Delete your account. In the extension settings, choose "Delete account." This permanently removes your account record, all synced personal data (progress, personal comments, enrollments), all your public comments, all your ratings, and all your likes. Catalog entries you contributed remain in the catalog (so other users who rely on them are not affected) but are reassigned to an anonymous proxy account, with no link to your former identity.
- Delete local data only. Uninstall the extension or clear its data in Chrome's settings.
- Make specific public comments private. Switch them to Personal in the comment menu. They are removed from public view.
Deletion is immediate and irreversible.
Data security
Cairn uses HTTPS for all API requests. Account session tokens are stored in Chrome's extension local storage, accessible only to the Cairn extension. Server-side data is stored in Cloudflare D1 (a managed database service) and Cloudflare KV (managed key-value storage), with access restricted to the Cairn API.
This is a small project, not a security-hardened enterprise product. We follow reasonable practices but cannot guarantee against all forms of compromise. Do not rely on Cairn to protect highly sensitive information — your study notes are not the same threat model as your bank.
Children
Cairn is not directed at children under 13. Cairn does not knowingly collect data from children under 13.
Cairn does not request a date of birth and has no way to actively verify a user's age. If you are a parent or guardian who believes a child under 13 has signed in to Cairn, contact [email protected]. We will guide you through deleting the account.
International users
Cairn's API and database are hosted in the Asia Pacific region. By using Cairn, you consent to your data being processed in this region, regardless of where you are located.
If you are in the EU, UK, or California and wish to exercise data-protection rights (access, correction, deletion, portability), email [email protected]. We will respond within 30 days.
Changes to this policy
If this policy changes in a way that materially affects how your data is used, we will update the "Last updated" date at the top of this page. For significant changes affecting signed-in users, we will also display a notice in the extension on next sign-in.
This is a small project; updates are likely to be infrequent.