Privacy Policy

Last Updated: March 17, 2026

1. Introduction

StreamToolz ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect
A. Twitch OAuth Information

When you authorize StreamToolz via Twitch OAuth, we collect and store:

  • Your Twitch username and user ID
  • Your email address (if publicly accessible on your Twitch profile)
  • Your access tokens and refresh tokens for API authentication
  • Your broadcaster information (channel name, display name, profile data)

Purpose: To authenticate your account, manage your channel settings, send and receive chat messages, create overlays, and provide bot functionality.

B. Discord Integration

If you connect your Discord server, we collect:

  • Your Discord user ID and username
  • Discord server IDs where StreamToolz is installed
  • Discord bot tokens and webhook URLs (for alert delivery)

Purpose: To send Discord alerts for stream events (raids, subs, donations, stream notifications).

C. Channel & Streaming Data

We collect and store:

  • Your custom commands, timers, and overlay configurations
  • Song request history and playlist data
  • Loyalty points and user statistics
  • Chat moderation settings and filtered keywords
  • Giveaway and poll data
  • EventSub webhook data (follow events, subscription events, raids, etc.)

Purpose: To deliver the features you've configured and provide personalized streaming experiences.

D. Bot Protection & Anti-Spam Data

We collect:

  • Detected spam bot usernames and messages
  • Auto-ban logs and cross-channel ban history
  • Spam domain detections and TIER classifications
  • Moderation action timestamps

Purpose: To protect your channel from viewerbots and spam, and to improve our spam detection algorithms.

E. Usage & Analytics

We may collect:

  • Feature usage statistics (which overlays you use, which commands are popular)
  • Bot connection logs and uptime data
  • Error reports and debugging information

Purpose: To improve our service, identify bugs, and understand feature usage patterns.

3. Token Storage & Security

All Twitch OAuth tokens are encrypted at-rest using industry-standard AES-256 encryption before storage in our database. We:

  • Never log or display tokens in plaintext
  • Automatically refresh tokens every 12 hours to maintain security
  • Revoke tokens immediately upon account deletion or authorization disconnect
  • Use HTTPS for all communication with Twitch APIs
  • Limit token access to authorized backend processes only
4. Third-Party Services

StreamToolz integrates with:

  • Twitch: For authentication, chat, streaming data, and API integration
  • YouTube: For song requests and video playback (no personal data stored)
  • Spotify: For song requests and playlist access (no personal data stored)
  • Discord: For alerts and webhook delivery (if configured by you)
  • Stripe: For payment processing (governed by Stripe's privacy policy)

These services have their own privacy policies. We recommend reviewing them.

5. How We Use Your Information
  • Authenticate your account and manage access to StreamToolz
  • Deliver bot commands, overlays, and streaming features
  • Send alerts and notifications to your Discord or Twitch
  • Detect and prevent spam, fraud, and abuse
  • Improve our services and fix bugs
  • Comply with legal obligations
6. Data Retention
  • Account Data: Retained while your account is active. Deleted upon account termination.
  • OAuth Tokens: Deleted immediately if you disconnect or revoke authorization.
  • Chat & Event Data: Retained for 90 days then deleted.
  • Bot Detection Logs: Retained for 12 months for historical analysis.
  • Backups: May retain data for up to 6 months for disaster recovery.
7. Your Rights & Choices

GDPR (EU Users):

  • Right to access your personal data
  • Right to correction or deletion ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

CCPA (California Users):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of data sales (we do not sell data)

To exercise any of these rights, contact admin@streamtoolz.xyz

8. Data Sharing

We do NOT sell, rent, or share your personal information with third parties for marketing purposes. We may share data only:

  • With service providers (hosting, database, security) under confidentiality agreements
  • When required by law or legal process
  • To protect our rights, privacy, safety, or property
  • With your explicit written consent
9. Cross-Channel Ban Data

When you enable cross-channel auto-banning, we store spam bot usernames across your connected channels for synchronization purposes. This data is:

  • Only visible to you and your moderators
  • Never shared with other streamer accounts
  • Used only for chat moderation purposes
10. Security Measures

We implement reasonable security measures including:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted data storage (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Automated backup and disaster recovery

Note: No security system is 100% secure. We cannot guarantee absolute protection of all data.

11. Children's Privacy

StreamToolz is not intended for users under 13. We do not knowingly collect personal information from children. If we learn that we've collected information from a child under 13, we will delete it immediately.

12. Policy Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of StreamToolz after changes constitutes acceptance of the new policy.

13. Contact Us

Questions about this Privacy Policy? Contact us:

This Privacy Policy is provided for informational purposes. By using StreamToolz, you agree to this policy.