Data sent to the SideWatch backend
- Authentication key: a random 64-character key generated locally and sent in the X-Sidewatch-Key header.
- Profile data: username, display name, and optional avatar image file (including filename and image bytes).
- Social data: friend usernames/ids, friend request ids, group names, group ids, and group member usernames.
- Comment data: comment text, comment timestamp, and the selected audience scope (all friends/friend/group and id).
- Video identifier (videoKey): derived from the current page URL (excluding the hash) and the video source URL. If too long, it is hashed. This identifier is sent when fetching or posting comments.

When data is sent
- Popup/options pages: profile and social data are fetched/updated when you open the UI or perform actions.
- Content script on pages with eligible videos: profile may be fetched for display; comments are fetched and posted when the overlay is active.
- Avatar upload: the chosen image file is uploaded to update your profile avatar.

Local storage
- The extension stores your profile, friends, groups, selected audience scope, overlay toggle state, and the authentication key in browser extension storage.

Sharing
- The extension only sends data to the SideWatch backend.
- Comments and profile information are intended to be visible to other users within your chosen audience (all friends/friend/group).

Security
- All API calls use HTTPS.