StreamIntel Privacy Policy — DRAFT
DRAFT — NOT YET IN EFFECT. Prepared as a working draft for review by qualified legal counsel before publication (GDPR/CCPA applicability, retention schedule, and lawful bases need counsel sign-off). Bracketed items
[...]are operator/counsel decisions. This draft is not legal advice.
Last updated: [DATE]
1. Who we are
StreamIntel is operated by [LEGAL ENTITY NAME], [ADDRESS] (the "Platform", "we"). This policy explains what we collect from Creators and Clippers, why, and who we share it with. Contact: [PRIVACY EMAIL].
2. What we collect
Account data — email address, name/display name, password (stored only as a salted hash), account role, country.
Discord data — your Discord user ID and username when you register or interact through our Discord bot, and which Creator servers you've joined.
Social account data — the handles you verify (TikTok/Instagram/X/YouTube) and public profile information we fetch during bio-code verification (bio text, follower count, public profile ID).
Clip and viewership data — URLs of clips you submit and their public view metrics, which we fetch on a schedule to calculate earnings.
Payment data — cryptocurrency wallet addresses you provide for payouts, deposit/withdrawal records, balances, and transaction references from our payment processor. We do not hold your private keys.
Location and network data — when you complete payout setup via the link our bot sends, we collect your IP address and derive your country and approximate location, and we assess whether the connection appears to use a VPN, proxy, or anonymization service. We collect this for fraud prevention, sanctions compliance, and tax-residency purposes. Both the derived country and the VPN assessment are stored with your account and visible to the Creators whose campaigns you participate in (as a country flag and, where relevant, a risk indicator).
Usage data — standard server logs (timestamps, endpoints, IP) kept for security and debugging.
3. Why we process it (lawful bases)
| Purpose | Data | Basis [counsel to confirm] |
|---|---|---|
| Operating accounts, campaigns, payouts | account, payment, clip data | contract |
| Verifying social-account ownership | social data | contract |
| Calculating earnings from views | viewership data | contract |
| Fraud prevention, duplicate/ban enforcement | account, Discord, location/VPN data | legitimate interest |
| Sanctions and legal compliance | account, location, payment data | legal obligation |
| Transactional email (e.g. password reset) | contract |
We do not sell personal data and do not run third-party advertising.
4. Who we share it with
Service providers acting on our instructions:
- NOWPayments — payment processing (deposits/payouts) — receives wallet addresses and transaction amounts.
- vpnapi.io — receives your IP address to derive location and VPN status.
- Apify — fetches public social profiles/clips on our behalf (receives handles/URLs, not your account data).
- Resend — email delivery (receives your email address and message).
- Discord — the bot operates within Discord's platform under Discord's own privacy policy.
- Google/YouTube — we use the YouTube API Services to read public video statistics; use is subject to the Google Privacy Policy and YouTube Terms of Service.
- Hosting/infrastructure providers [NAME once deployed].
Creators you work with see: your display/Discord name, verified handles, follower counts, clips, view counts, earnings from their campaigns, country, and ban/freeze status relating to their campaigns.
We disclose data where required by law, and in a merger/acquisition with notice.
5. International transfers
Our infrastructure is hosted in [REGION]; providers above may process data in other jurisdictions. [Counsel: transfer mechanism (SCCs etc.) if EU/UK users.]
6. Retention
- Account and ledger records: retained while your account exists and thereafter as required for financial/tax/AML recordkeeping ([X years — counsel]).
- Location/VPN checks: [retention period — operator decision; currently stored indefinitely with the account].
- Server logs: [30–90 days].
7. Your rights
Depending on your jurisdiction you may have rights to access, correct, delete, or export your data, and to object to certain processing. Contact [PRIVACY EMAIL]. Note that ledger/transaction records may be exempt from deletion where retention is legally required.
8. Security
Passwords are hashed (argon2); money movements are recorded in a double-entry ledger with integrity checks; access to production systems is restricted. No system is perfectly secure — report vulnerabilities to [SECURITY EMAIL].
9. Children
The Platform is not directed to anyone under 18, and we do not knowingly collect their data.
10. Changes
Material changes will be announced via the Platform or email. Continued use after the effective date constitutes acceptance.