Privacy Policy

This Privacy Policy explains how StreamBuddy ("we," "us," or "our"), accessible at trystreambuddy.com, collects, uses, shares, and protects information when you access or use our viewer CRM and community memory platform (the "Service"). StreamBuddy helps streamers capture real-time chat, build viewer profiles with AI-powered summaries, and manage their community across supported streaming platforms.

By creating an account or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, you should not access or use the Service. This policy applies to all users of the Service, including streamers who connect their platform accounts and any individuals whose publicly available chat activity is processed through the Service.

StreamBuddy is currently offered in beta. Our features, integrations, and data practices may evolve as the product matures. We will update this policy to reflect material changes and will revise the effective date accordingly.

Account and Identity Information. When you sign up or log in, we collect information provided through your chosen authentication provider. For Twitch, this includes your Twitch user ID, display name, profile image, and email address. For YouTube and Google, this includes your Google user ID, channel information, display name, profile image, and email address. We store OAuth access tokens and refresh tokens necessary to maintain your Connected Accounts.

Platform-Connected Data. When you connect a streaming channel, we collect and process data related to that channel, including channel identifiers, channel login names, and platform-specific metadata. We ingest publicly available chat messages from your connected channels, including message text, timestamps, message IDs, and associated user metadata such as badges, subscriber status, and display names.

Viewer and Community Data. For each viewer who participates in chat on your connected channels, we create and maintain Viewer Profiles that may include username, platform user ID, first and last seen dates, message count, loyalty score, and active status. We also store stream events such as follows, subscriptions, raids, gift subscriptions, and bits or Super Chat contributions as reported by the connected platform.

User-Generated Content. We store content you create within the Service, including viewer notes, custom tags, dashboard layouts, saved views, and streamer-level settings and preferences.

Billing and Subscription Data. If you subscribe to a paid plan, payment processing is handled by Stripe. We do not receive or store your full payment card number. We do store your Stripe customer ID, subscription ID, subscription status, and current billing period end date to manage access to paid features.

AI-Processed Data. When AI Features are enabled, we send certain Viewer Profile data to third-party AI providers for processing. The specific data sent includes a viewer's recent chat messages, message frequency and activity patterns, badge and subscriber status, custom tags and notes you have created, and prior AI-generated summaries when refreshing a profile. The AI-generated outputs we store include topic summaries, behavioral labels, community role classifications, memory hooks, and sentiment analysis results. These outputs are stored as part of Viewer Profiles within the Service.

Technical and Usage Data. We automatically collect technical information when you use the Service, including IP address, browser type and version, device information, referring URLs, pages visited, and timestamps. We also collect session data, authentication cookies, and diagnostic logs necessary to operate, secure, and improve the Service.

We process your information under the following legal bases as recognized by the GDPR, UK GDPR, and similar frameworks:

Contract Performance. Processing your Account and Identity Information, Platform-Connected Data, and Viewer and Community Data is necessary to perform our contract with you — specifically, to provide the CRM, chat ingestion, dashboard, and community management features you signed up to use.

Legitimate Interest. We process Technical and Usage Data, diagnostic logs, and security-related information on the basis of our legitimate interest in operating a secure, reliable, and improving Service. We also rely on legitimate interest for basic analytics and product improvement using aggregated or de-identified data. We have conducted balancing assessments and concluded that these interests are not overridden by your rights, given the limited nature and low sensitivity of the data involved.

Consent. AI-powered viewer summaries, sentiment analysis, and tag suggestions are processed only when you affirmatively enable AI Features in your Streamer Settings. Enabling these features constitutes your consent. You may withdraw consent at any time by disabling AI Features, which will stop new AI processing going forward.

Legal Obligation. We may process and retain certain information as required by applicable law, regulation, or valid legal process, including tax and financial recordkeeping obligations related to billing.

We use the information we collect for the following purposes: to authenticate your identity and manage your account; to connect and maintain integrations with supported streaming platforms; to ingest, process, and display chat messages and stream events in real time; to create and maintain Viewer Profiles, loyalty scores, and Community Data; to power CRM features including notes, tags, search, and filtering; to generate AI-powered viewer summaries, sentiment analysis, and tag suggestions when AI Features are enabled; to process billing transactions, manage subscriptions, and enforce access to paid features; to send real-time updates to your dashboard via our real-time infrastructure; and to operate, maintain, troubleshoot, and improve the Service.

We may also use aggregated or de-identified data for internal analytics, product development, and performance monitoring. Such data cannot reasonably be used to identify any individual user.

StreamBuddy uses artificial intelligence to generate viewer insights. When AI Features are enabled in your Streamer Settings, Viewer Profile data — including recent chat messages, activity patterns, engagement history, badges, tags, and notes — is sent to third-party AI providers for processing.

Our current AI providers are Google Gemini and OpenAI. Data is transmitted to these providers via their APIs solely to generate the requested analysis. We have configured our integrations to disable model training on customer data where the provider offers that option. You should review each provider's current data handling policies for the most up-to-date terms (see Section 7 for links).

We do not have direct control over whether AI providers retain prompts or responses in transient processing logs. Based on current provider policies, API inputs and outputs are generally not used to train models and are retained only for short-term abuse monitoring and then deleted. However, provider policies may change, and we encourage you to review them directly.

AI-generated outputs may include a topic summary describing what a viewer typically talks about, behavioral labels characterizing interaction patterns, a community role classification, a memory hook summarizing notable details, and sentiment analysis of chat activity. These outputs are stored in your Viewer Profiles and are visible only to you as the streamer.

AI-generated outputs are purely informational tools provided to help you understand and manage your community. They do not drive any automated decisions within the Service — no viewer is blocked, flagged, restricted, or treated differently by the system based on AI outputs. All actions taken on the basis of AI-generated information are at your sole discretion as the streamer.

You can enable or disable AI-powered viewer summaries and AI-powered tag suggestions independently through your Streamer Settings at any time. Disabling AI Features will stop new AI processing going forward but will not automatically delete previously generated AI outputs. To request deletion of existing AI-generated data, see Section 10.

AI-generated outputs are stored for as long as the associated Viewer Profile exists, unless you request earlier deletion. When a Viewer Profile is deleted (whether manually or through your configured retention policy), all associated AI outputs are deleted with it.

StreamBuddy uses cookies and similar session mechanisms for the following purposes: authentication cookies to keep you signed in and maintain your session across page loads; session cookies to preserve account context and support secure authentication flows; and functional cookies to remember your preferences and dashboard configuration.

These cookies are essential to the operation of the Service. Disabling them may prevent you from signing in or using core features. We do not currently use advertising, behavioral tracking, or third-party analytics cookies.

For more details about the specific cookies we use and your choices, please see our Cookie Policy at trystreambuddy.com/cookies.

We do not sell, rent, trade, or otherwise make your personal information available to third parties for their own marketing purposes.

We share information with third parties only in the following circumstances:

Streaming Platforms. We share data with Twitch and YouTube/Google as necessary to authenticate your account, connect channels, and ingest chat and event data. Your use of these platforms is governed by their respective terms and privacy policies. See: Twitch Privacy Notice at privacy.twitch.tv; Google Privacy Policy at policies.google.com/privacy.

Payment Processing. We share billing-related data with Stripe to process payments, manage subscriptions, and handle billing lifecycle events. See: Stripe Privacy Policy at stripe.com/privacy.

AI Providers. When AI Features are enabled, we transmit Viewer Profile data to Google Gemini and OpenAI to generate viewer summaries and analysis. Data sent to AI providers is used solely for processing your request. See: Google AI Privacy at ai.google/privacy; OpenAI Data Usage Policy at openai.com/enterprise-privacy.

Infrastructure and Hosting. We use infrastructure and hosting providers who process data on our behalf to operate the Service. These providers act as subprocessors under our instructions and are contractually bound to handle data in accordance with this policy.

Legal Requirements. We may disclose information as required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of StreamBuddy, our users, or others.

Business Transfers. If StreamBuddy undergoes a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change by updating this policy.

We retain your information for as long as your account is active or as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Chat messages and Viewer Profile data are retained according to the retention policy you configure in your Streamer Settings. The default retention period is indefinite (no automatic deletion) unless you set a specific timeframe. When data exceeds your configured retention period, it is automatically purged, including all associated messages, viewer metadata, and AI-generated outputs for affected Viewer Profiles.

Billing records (Stripe customer ID, subscription ID, subscription status, and billing period data) are retained for as long as your account exists and for a reasonable period afterward as required for financial recordkeeping and legal compliance, typically up to seven years from the date of the last transaction.

Technical logs and diagnostic data are retained for a rolling period of up to 90 days, after which they are automatically deleted.

If you delete your account, we will initiate deletion of your personal data within 30 days. Core account data, Viewer Profiles, messages, AI outputs, user-generated content, and Connected Account credentials will be permanently deleted. Residual copies in encrypted backups may persist for up to an additional 90 days before being overwritten through normal backup rotation cycles. During this period, backup data is not actively processed and is not accessible for operational use.

Deleted Viewer Profiles, AI-generated summaries, and associated data are not recoverable once permanent deletion has been executed. If you have data you wish to preserve, you should export it before requesting deletion.

Because the Service is in beta, default retention periods and practices may evolve. We will communicate material changes through updates to this policy.

We implement reasonable administrative, technical, and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS), secure token storage for OAuth credentials, environment-level access controls on production systems, and input validation to prevent injection and other common attack vectors.

No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

If we become aware of a security breach that affects your personal data, we will notify affected users and relevant supervisory authorities in accordance with applicable law, including within 72 hours where required by the GDPR.

Depending on your jurisdiction, you may have certain rights regarding your personal information. We honor these rights regardless of where you are located, to the extent technically and legally feasible.

Rights Under GDPR and UK GDPR. If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to: access your personal data and receive a portable copy; rectify inaccurate or incomplete data; request erasure of your data ("right to be forgotten"); restrict processing in certain circumstances; object to processing based on legitimate interest; withdraw consent for AI processing at any time by disabling AI Features; and lodge a complaint with your local data protection authority. We will respond to verified requests within 30 days, extendable by up to 60 additional days for complex requests, with notice to you.

Rights Under CCPA and CPRA. If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell or share personal information as defined by the CCPA/CPRA); and not be discriminated against for exercising your privacy rights. California residents may submit requests using the contact methods in Section 14. We will verify your identity before processing your request and will respond within 45 days, extendable by an additional 45 days with notice.

In-App Controls. You may also exercise the following choices directly within the Service: disconnect a Connected Account from any supported streaming platform at any time; enable or disable AI-powered viewer summaries and AI-powered tag suggestions independently through Streamer Settings; configure data retention periods for your channel data; and delete individual viewer notes, tags, Viewer Profiles, or other User-Generated Content.

To request access, correction, deletion, or portability of your data, or to exercise any other applicable right, please contact us using the methods described in Section 14. We will verify your identity by confirming your account email address and, where necessary, requesting additional identifying information before processing your request.

The Service is not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction, such as 16 in certain EEA member states). We do not knowingly collect personal information from children below the applicable age threshold.

If we become aware that we have inadvertently collected personal information from a child under the applicable age, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us using the methods in Section 14 so that we can take appropriate action.

StreamBuddy is operated from the United States. If you access the Service from outside the United States, you understand and consent to the transfer, processing, and storage of your information in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), as applicable. Where we engage subprocessors that transfer data internationally, we ensure equivalent protections are in place.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make changes, we will revise the "Last updated" date at the top of this page.

If we make material changes that significantly affect how we handle your personal information — such as introducing new categories of data collection, new third-party data sharing, or changes to your rights — we will provide prominent notice through a banner or notification within the Service at least 15 days before the changes take effect, in addition to updating this page.

Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy. If you do not agree with the revised policy, you should discontinue use of the Service and may request deletion of your account and data.

We encourage you to review this policy periodically to stay informed about how we protect your information.

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, you may contact the StreamBuddy privacy team at: privacy@trystreambuddy.com.

You may also reach us through the contact page at trystreambuddy.com/contact.

When submitting a privacy request, please include: your account email address; the specific right you wish to exercise (access, deletion, correction, portability, or other); any details that will help us locate and process your request efficiently. We will acknowledge receipt of your request within 5 business days and will provide a substantive response within the timeframes specified in Section 10 for your applicable jurisdiction.

If you are not satisfied with our response, you may escalate your concern to the relevant data protection authority in your jurisdiction.