Privacy Policy
This Privacy Policy explains how StreamSquire collects, uses, stores, and protects your personal data when you use our desktop application, cloud relay service, and website (collectively, the "Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
Miguel Jose Leal da Silva
Autónomo (self-employed), Spain
VAT: ESZ2417972X
Contact: [email protected]
2. Data We Collect
2.1 Account Data
When you sign in via OAuth (Twitch, Google, Kick, or Discord), we receive and store your display name, email address, and profile avatar. We do not receive or store your password for any of these services.
2.2 Chat Data
StreamSquire connects to live chat on platforms you configure (Twitch, YouTube, Kick, TikTok). Chat messages are ingested in real time and processed locally by the Rust agent to detect clip-worthy moments based on chat velocity and sentiment. Chat data may be temporarily stored in a local SQLite database on your machine and, if you use the cloud relay, transmitted to the relay server for remote dashboard access.
2.3 Clips and Transcriptions
When the clip engine triggers, video clips are captured and AI-powered transcriptions are generated locally using Whisper. These files are stored on your local machine. If you enable the cloud relay, clips and transcription data may be transmitted to and temporarily stored on the relay server to allow remote access.
When you enable cloud transcription, audio segments are transmitted to our relay server and processed by ElevenLabs (a third-party speech-to-text provider). The audio is used solely for transcription and is not retained by ElevenLabs beyond the processing window. See the Third-Party Processors table below for details.
2.4 Usage Data
We collect anonymous usage data including feature usage patterns and error logs. This data helps us diagnose issues and improve the Service. Usage data does not include the content of your chats, clips, or transcriptions.
2.5 Payment Data
All payment processing is handled entirely by Paddle, our Merchant of Record. We never receive, process, or store your credit card numbers, bank account details, or other payment instrument data. Paddle shares your email address and subscription status with us so we can provision your account.
2.6 Social Media Publishing Data
When you connect social media accounts (YouTube, X/Twitter, TikTok, Instagram, Facebook) to publish clips, StreamSquire stores your OAuth tokens locally on your machine, encrypted using AES-256-GCM. We do not store your social media passwords. Tokens are used solely to upload content on your behalf when you explicitly initiate a post. You can disconnect any account at any time from Settings, which immediately deletes the stored tokens.
When you publish a clip, the video file and accompanying text (title, description, hashtags) are sent directly from your machine to the respective platform's API. StreamSquire does not route your video through our servers for free-tier platforms (YouTube, X/Twitter). For platforms requiring relay-mediated OAuth (TikTok, Instagram, Facebook), the OAuth handshake passes through our relay server, but video uploads are still sent directly to the platform from your machine.
2.7 AI-Processed Data
When you use AI-powered features (stream summaries, recommendations, clip analysis, chat-based shoutouts), contextual data — including chat messages, transcription excerpts, and stream metadata — is sent to third-party AI providers for processing. StreamSquire uses Google Gemini as the default managed AI provider. If you configure your own API key, data may also be sent to Anthropic, OpenAI, or other providers you select. AI providers process data according to their own terms and privacy policies. We do not send your raw video or audio files to AI providers.
3. How We Use Your Data
- Provide the Service — authenticate your account, connect to streaming platforms, process chat data for clip detection, generate transcriptions, and deliver the dashboard experience.
- Process subscriptions — manage your subscription status, handle upgrades and cancellations through Paddle, and enforce plan limits.
- Send transactional emails — deliver account-related communications such as welcome emails, subscription confirmations, and important service notifications.
- Improve the Service — analyze aggregated usage patterns and error logs to fix bugs, optimize performance, and develop new features.
- Comply with legal obligations — respond to lawful requests from authorities and fulfill our obligations under applicable law, including tax regulations.
4. Legal Basis for Processing (GDPR Art. 6)
We process your personal data on the following legal bases:
- Contract performance (Art. 6(1)(b)) — processing your account data, chat data, clips, and transcriptions is necessary to provide the Service you have subscribed to.
- Legitimate interest (Art. 6(1)(f)) — collecting usage data and error logs to maintain, secure, and improve the Service. We have balanced our interests against your rights and determined that this processing does not override your data protection rights, particularly as the data is aggregated and anonymized where possible.
- Consent (Art. 6(1)(a)) — where we rely on your consent (for example, for optional marketing communications), you may withdraw consent at any time by contacting us at [email protected].
- Legal obligation (Art. 6(1)(c)) — where processing is required to comply with tax, accounting, or other legal requirements.
5. Third-Party Processors
We share personal data with the following third-party processors, each of whom is contractually obligated to protect your data:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Paddle | Payment processing (Merchant of Record) | Email, subscription data | Netherlands / UK |
| Resend | Transactional email delivery | Email address | USA |
| Twitch | OAuth login, chat ingestion | Profile data | USA |
| OAuth login | Profile data | USA | |
| Kick | OAuth login, chat ingestion | Profile data | Australia |
| Discord | OAuth login, role sync | Profile data, server membership | USA |
| ElevenLabs | Cloud speech-to-text transcription | Audio segments | USA |
| Google (Gemini AI) | Managed AI processing (summaries, recommendations) | Chat data, transcription excerpts, stream metadata | USA |
| Cloudflare (R2) | Cloud clip storage and backups | Clips, backup files | Global (EU/US) |
| YouTube (Google) | Social media publishing | Video files, titles, descriptions, tags (uploaded directly from your machine) | USA |
| X / Twitter | Social media publishing | Video files, tweet text, hashtags (uploaded directly from your machine) | USA |
| TikTok | Social media publishing (Pro+) | Video files, captions (OAuth via relay, upload direct) | USA / Singapore |
| Meta (Instagram, Facebook) | Social media publishing (Pro+) | Video files, captions, hashtags (OAuth via relay, upload direct) | USA |
6. International Data Transfers
Some of our third-party processors are located outside the European Economic Area (EEA). Where personal data is transferred to processors in the United States or other countries without an EU adequacy decision, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) as approved by the European Commission. You may request a copy of the relevant safeguards by contacting us at [email protected].
7. Data Retention
We retain your personal data for as long as your account is active and as needed to provide the Service. Specifically:
- Account data is retained while your account exists.
- Chat data, clips, and transcriptions stored locally on your machine are under your control and are not deleted by us.
- Chat data, clips, and transcriptions on the cloud relay are retained while your account is active and purged upon account deletion.
- Usage data and error logs are retained for up to 12 months in aggregated form.
Upon receiving an account deletion request, we will delete or anonymize all personal data associated with your account within 30 days, except where retention is required by law (for example, tax and invoicing records).
8. Your Rights Under the GDPR
As a data subject, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete personal data.
- Right to erasure — request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
- Right to data portability — receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to restriction — request that we restrict the processing of your personal data in certain circumstances.
- Right to object — object to processing based on legitimate interest, including profiling.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Agencia Española de Protección de Datos (AEPD), C/ Jorge Juan 6, 28001 Madrid, Spain — www.aepd.es .
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.
9. Cookies
StreamSquire uses session cookies solely for authentication purposes. These cookies are essential to keep you signed in and are deleted when you close your browser or your session expires.
We do not use tracking cookies, analytics cookies, advertising cookies, or any third-party cookie-based tracking technologies. Because we only use strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive.
10. Children's Privacy
StreamSquire is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes at least 30 days before they take effect by sending a notice to the email address associated with your account or by displaying a prominent notice within the Service. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.
12. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: