Privacy Policy

1. Introduction

Welcome to Streamlinx. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Discord bot and web portal ("Service").

By using Streamlinx, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Discord Account Information

When you authenticate with Discord, we collect the following information from your Discord account:

• Discord user ID (unique identifier)
• Username and discriminator
• Avatar hash (for profile image display)
• Email address (if provided)
• Server (guild) memberships where you have the bot installed
• Server ownership and administrator permissions

2.2 Guild (Server) Information

For Discord servers where Streamlinx is installed, we collect:

• Guild ID, name, and icon
• Channel IDs and names (for notification delivery)
• Bot join and leave timestamps
• Server configuration settings (notification channels, custom messages, etc.)
• Webhook customization preferences (avatar, username)
• Custom Discord webhook URLs (if you provide them for Premium features)

2.3 Streamer and Notification Data

To provide stream monitoring services, we collect:

• Streamer platform (Twitch or YouTube)
• Streamer username and platform user ID
• Public streaming information from Twitch and YouTube (stream titles, game/category, viewer counts, thumbnails, live status)
• Notification channel assignments (which channels receive which notifications)
• Custom message templates (if configured)
• Notification filter rules including custom regex patterns (Premium feature)
• Notification delivery history (timestamps and event types, auto-deleted after 30 days)
• Discord message IDs (for updating or deleting notifications)

2.4 Premium Analytics Data (Premium Feature)

Premium subscribers receive advanced analytics that involve collecting:

• Streaming session start and end times
• Session duration (total hours streamed)
• Viewer count sampling (periodic snapshots during live streams)
• Peak and average viewer statistics
• Platform-specific metrics (Twitch vs YouTube performance)

Note: All analytics data is automatically deleted after 30 days. You can opt out by downgrading to the Free tier.

2.5 Subscription Information

For Premium subscriptions managed through Discord, we collect:

• Discord entitlement ID and subscription ID
• Subscription tier (Free or Premium)
• Subscription status (active, cancelled, expired, etc.)
• Subscription lifecycle timestamps (start, end, cancellation dates)
• SKU ID (product identifier)

Important: We do not collect or store payment information. All payment processing is handled by Discord. We only receive subscription status updates through Discord's API.

2.6 Technical and Usage Information

When you use our Service, we automatically collect:

• IP address (for API request logging and debugging)
• HTTP request method and path
• Response status codes and request duration
• Error details and stack traces (for debugging)
• Discord bot commands executed
• Features accessed through the web portal
• Browser type and device information (from HTTP headers)

Health check endpoints are excluded from logging to reduce noise.

3. Cookies and Session Management

We use cookies and similar tracking technologies to maintain your authentication session and provide core functionality. All cookies we use are essential for the Service to function properly.

3.1 Cookies We Use

3.2 Cookie Security

All cookies we use implement the following security measures:

• HTTP-only: Cookies are not accessible via JavaScript, preventing XSS attacks
• Secure flag: Cookies are only transmitted over HTTPS in production
• SameSite=Lax: Provides CSRF protection while maintaining functionality
• Short-lived: Tokens expire automatically to limit exposure

3.3 Managing Cookies

You can clear cookies through your browser settings, but doing so will log you out of the Service. To permanently revoke Streamlinx's access to your Discord account, visit Discord User Settings → Authorized Apps and remove Streamlinx.

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Core Service Delivery

• Authenticate users through Discord OAuth2
• Monitor streamer live status on Twitch and YouTube
• Send notifications to Discord channels when streams go live or offline
• Manage notification preferences and custom messages
• Apply notification filter rules (Premium feature)
• Create and manage Discord webhooks (Premium feature)

4.2 Analytics and Insights

• Generate streaming analytics and leaderboards (Premium feature)
• Track viewer count trends and peak performance
• Calculate total streaming hours and session statistics
• Provide performance comparisons across platforms

4.3 Account and Subscription Management

• Process Discord subscription entitlements
• Manage tier upgrades and downgrades
• Enforce feature limits based on subscription tier
• Handle subscription expiration and renewal

4.4 Service Improvement

• Debug errors and technical issues
• Monitor service performance and uptime
• Analyze usage patterns to improve features
• Respond to customer support inquiries

4.5 Legal Compliance

• Comply with applicable laws and regulations
• Enforce our Terms of Service
• Protect against fraud and abuse
• Respond to legal requests from authorities

5. Data Sharing and Third-Party Services

We integrate with several third-party services to provide our functionality. Your data may be shared with:

5.1 Discord

• OAuth2 authentication and user identification
• Subscription and entitlement management
• Bot API access for sending notifications
• Webhook creation and management (Premium feature)

Discord's Privacy Policy: https://discord.com/privacy

5.2 Twitch

• Stream status monitoring via Twitch API
• EventSub webhook subscriptions for real-time updates
• Public streaming data (titles, games, viewer counts, thumbnails)

We only access public Twitch data and do not store Twitch access tokens.

Twitch Privacy Policy: https://www.twitch.tv/p/legal/privacy-notice

5.3 YouTube

• Stream status monitoring via YouTube Data API v3
• PubSubHubbub webhook subscriptions for live stream notifications
• Public streaming data (titles, viewer counts, thumbnails)

By using Streamlinx's YouTube integration, you also agree to be bound by the YouTube Terms of Service and Google Privacy Policy.

5.4 Infrastructure Services

• PostgreSQL: Primary database for all persistent data
• Valkey/Redis: Temporary caching and event messaging (no persistent personal data)

5.5 Other Disclosures

We may disclose your information in the following circumstances:

• Legal Requirements: When required by law, subpoena, or court order
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect the rights, property, or safety of Streamlinx, our users, or others
• With Your Consent: When you explicitly authorize us to share your information

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Specific retention periods include:

6.1 Automatic Deletion

• Notification logs: 30 days (automatically deleted)
• Streaming session analytics: 30 days (automatically deleted)
• OAuth state tokens: 10 minutes
• Access tokens: 24 hours to 30 days (depending on token type)
• Rate limiting data: Ephemeral, TTL-based (minutes to hours)

6.2 Retained Until Deletion

• Account data: Retained while the bot is installed on your Discord server
• Guild configuration: Retained while the bot has access to the server
• Streamer data: Retained while configured in your server
• Subscription history: Retained for the duration of active subscription plus 90 days

6.3 Data Deletion

Your data is automatically deleted when:

• You remove the Streamlinx bot from your Discord server
• You revoke Streamlinx's authorization in Discord settings
• You request manual deletion (see Section 8)

Backups may retain data for up to an additional 30 days before permanent deletion.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

• Encryption in Transit: All data transmitted between you and our servers uses TLS/SSL encryption (HTTPS)
• Encryption at Rest: Database connections use SSL/TLS encryption
• Access Controls: Strict database access controls and connection pooling
• Authentication Security: JWT tokens with expiration, HTTP-only cookies, CSRF protection
• OAuth2 Security: State parameter validation, short-lived tokens, secure redirect URIs
• Webhook Verification: HMAC signature verification for Twitch EventSub webhooks
• Rate Limiting: Protection against abuse and DDoS attacks
• Regular Updates: Security patches and dependency updates

7.2 Limitations

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You use the Service at your own risk.

7.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Describe the nature of the breach and data affected
• Provide guidance on protective measures you can take
• Report to relevant supervisory authorities as required by law

8. Your Rights and Choices

You have certain rights regarding your personal data. Depending on your location, these may include:

8.1 Access and Portability

• Right to Access: Request a copy of the personal data we hold about you
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (JSON)

To request your data, contact us at support@streamlinx.io with the subject line "Data Access Request".

8.2 Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)

To delete your data:

1. Remove the Streamlinx bot from all your Discord servers
2. Revoke authorization in Discord Settings → Authorized Apps → Streamlinx → Deauthorize
3. For immediate deletion, contact support@streamlinx.io with the subject line "Data Deletion Request"

8.3 Objection and Restriction

• Right to Object: Object to processing of your personal data for direct marketing or legitimate interests
• Right to Restriction: Request restriction of processing in certain circumstances

8.4 Withdraw Consent

• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To withdraw consent, revoke Streamlinx's authorization in your Discord settings or remove the bot from your servers.

8.5 Response Time

We will respond to all requests within 30 days. If we need more time, we will notify you of the reason for the delay.

9. GDPR Rights (European Economic Area and United Kingdom)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

9.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: You provide consent when authorizing Streamlinx via Discord OAuth2
• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Service improvement, security, and fraud prevention
• Legal Obligations: Compliance with applicable laws and regulations

9.2 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

9.3 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place where you believe a violation occurred.

9.4 International Data Transfers

Streamlinx is based in the United States. By using our Service, you acknowledge that your personal data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers in accordance with GDPR requirements.

10. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If you believe we have collected information from a child under 13, please contact us immediately at support@streamlinx.io, and we will promptly delete such information.

Discord's minimum age requirement is also 13. By using Discord, you represent that you meet this age requirement.

11. Platform Compliance

Streamlinx complies with the following platform policies and terms:

11.1 Discord

• Discord Developer Terms of Service
• Discord Developer Policy

11.2 Twitch

• Twitch Developer Agreement

11.3 YouTube

• YouTube API Services Terms of Service

12. Data Location

Streamlinx is based in the United States. Your personal data is stored and processed on servers located in the United States.

By using our Service, you consent to your information being transferred to, stored, and processed in the United States. We implement appropriate safeguards to protect your data in accordance with this Privacy Policy, regardless of where it is processed.

13. Do Not Track

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked.

Our Service does not currently respond to DNT signals because there is no industry standard on how to interpret or respond to these signals. We only use cookies essential for authentication and do not track users across third-party websites.

14. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

14.1 Right to Know

You have the right to request:

• Categories of personal information we collect about you
• Specific pieces of personal information we hold
• Categories of sources from which we collect personal information
• Business or commercial purposes for collecting or selling personal information
• Categories of third parties with whom we share personal information

14.2 Right to Delete

You have the right to request deletion of personal information we collected from you, subject to certain exceptions.

14.3 Right to Opt-Out of Sale

We do not sell your personal information to third parties as defined by the CCPA.

14.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights, including by denying services, charging different prices, or providing different quality of services.

14.5 Exercising Your Rights

To exercise these rights, contact us at support@streamlinx.io with the subject line "CCPA Request". We may need to verify your identity before processing your request.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.1 Notification of Changes

When we make material changes to this Privacy Policy, we will notify you by:

• Posting the updated Privacy Policy on our website at streamlinx.io/privacy
• Updating the "Last Updated" date at the top of this policy
• Sending a notification through the Discord bot or web portal for significant changes
• Email notification (if we have your email address)

15.2 Your Continued Use

Your continued use of the Service after we post changes constitutes your acceptance of those changes. If you do not agree to the modified Privacy Policy, you must stop using the Service and revoke Streamlinx's authorization.

15.3 Review Regularly

We recommend that you review this Privacy Policy periodically to stay informed about how we are protecting your information. Material changes will be effective 30 days after posting unless otherwise required by law.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days. For urgent matters, please indicate "URGENT" in the subject line.