How it works

Install once. Then it gets out of the way.

Finderwave is an auth layer that sits beside your Jellyfin server — not in front of your media. Here's the whole flow, and exactly what we store.

1

Install the plugin on your Jellyfin server.

One command, or drop it in from the plugin catalog. It registers your server with Finderwave and nothing else. Open source, auditable.

2

Invite friends by email or share a link.

Type an address or copy an invite link. They create one Finderwave account — not a local Jellyfin account you have to manage.

3

They log in once. Done.

Your server appears in their dashboard, on web, phone, and TV. Revoke access later with one button — no hunting through user lists.

The data path

We handle the handshake. Not the media.

Finderwave authenticates the login. Your Jellyfin server then talks directly to your user's device. On the free tier, your content never enters our network.

User's device
TV · phone · browser
Finderwave
verifies identity only
Your Jellyfin server
holds your media
3 · media streams directly between device and server — never through us (free tier)
Radical transparency

Here's the whole list of what we store.

Not legalese — plain language. If you're a privacy-conscious Jellyfin user, this is the part that should make you comfortable.

What Finderwave knows

Every piece of data tied to your account.
  • Your email address.
  • A hashed version of your password (Argon2id — we cannot recover it).
  • Your registered devices: name, type, last-seen, approximate country.
  • Which Jellyfin servers you've been invited to.
  • Login timestamps and approximate IP country, for security alerts.
  • Your MFA secret, encrypted at rest.

What Finderwave does not know

No access, no copy, no exceptions.
  • What you watch. No access to your library or playback history.
  • Your media files. They never leave your server on the free tier.
  • Your Jellyfin password. We store an access token, not your credentials.
  • Who else is on a server beyond the invite list. No activity feeds.
For relay users · paid tier

We carry your media bytes through our edge servers to make remote access work without port forwarding. We do not inspect, log, or store those bytes beyond what's needed to route the connection. They're encrypted in transit end-to-end.

Who it's for

Built for people already running Jellyfin.

Self-hosters

You run a Jellyfin server and share it with friends or family. You want sharing to stop being a support burden.

Small communities

Anime clubs, friend groups, households on a shared server. One portal, one invite link, one revoke button.

Organisations

Running Jellyfin for internal video — training, comms — and you need SSO, audit logs, and an SLA.

Your Jellyfin server deserves better than shared passwords.

Get started free