Built for secure playback
in real-world environments.

Max Security desktop flow, forensic watermarking, and signed delivery from one platform.

OS-level protection. Not browser tricks.

  • Embed can switch to a Watch in Secure Player gate in Max Security mode
  • Gate opens videncrypt:// deep link and launches the native secure player
  • Desktop validates a single-use token before playback starts
  • Capture-protected window blocks common recording pipelines on Windows and macOS
1
Viewer opens embedded video
2
Embed shows Watch in Secure Player
3
Click launches videncrypt:// deep link
4
Desktop app validates single-use token
5
Protected native player starts playback

Dynamic watermarking for traceability

  • Per-session watermark text supports user, session, IP, and timestamp context
  • Generic project watermark fallback is applied when no dynamic value is provided
  • Shared controls for opacity, font size, rotation, position, and spacing
  • Works in embed playback and desktop secure playback for layered deterrence
{{user.email}} · {{timestamp}}
{{user.id}} · {{session.id}}
IP: 203.0.113.44 · 2026-04-11
fallback: generic project watermark

Project-level domain allowlist

  • Whitelist exact domains per project
  • Wildcard subdomain support is enforced server-side
  • Referrer validation on every token request
  • Unauthorized domains are blocked before playback token issuance
✓ app.mysite.com
✓ *.mysite.com
✗ evil-site.com
✗ hotlinker.io

Signed embed tokens and secure handoff

  • Embed playback requests server-minted tokens instead of exposing raw media URLs
  • Signed URL flow uses short-lived HMAC token verification
  • Max Security mode returns desktopToken and withholds browser HLS URL
  • Desktop token validation endpoint enforces expiry and one-time consumption
POST/player/getEmbedToken
videoId: "vid_abc123"
embedDomain: "app.mysite.com"
securityMode: "max"
200OK
securityMode: "max"
desktopToken: "dtk_..."
hlsUrl: ""

Runtime recorder detection in desktop app

  • Native process monitor checks for known screen recorders
  • When risky software is detected, playback can pause and block interaction
  • Detection and resume events are emitted into the player runtime
  • Adds operational defense on top of content-protected window mode

OBS Studio

detected

ShareX

detected

Bandicam

detected

Playback

paused

Adaptive HLS with secure request propagation

  • Streams are encoded to 360p / 720p / 1080p renditions
  • Player injects token + expiry params into segment requests
  • Signed key retrieval is validated and rate-limited by token
  • Captions are supported in embed and desktop iframe playback

1080p

5000k

720p

2500k

360p

800k

token refresh

active

On the roadmap →

Public browser allowlist controlsNative iOS secure playerPlan-based security entitlements