Privacy Policy

StreamQuota ("we," "us," "our") operates the StreamQuota platform at streamquota.com. We are the data controller for personal information collected through the Platform. For privacy questions, contact us at privacy@streamquota.com.

2.1 Information You Provide

• Account information: Email address, display name, password (hashed — never stored in plain text)
• Profile information: Bio, avatar, company name (for Brands), website URL
• Payment information: Billing details processed by Stripe (we never store raw card numbers)
• Task content: Task descriptions, proof submissions, messages

2.2 Information from Third Parties

• Twitch OAuth: When you sign in with Twitch, we receive your Twitch user ID, username, profile image, email, follower count, average viewers, and channel statistics. We only request the minimum permissions needed.
• Stripe: Payment processor that provides transaction IDs and payment status. Stripe's privacy policy governs their data handling.

2.3 Information Collected Automatically

• Usage data: Pages visited, features used, time spent on the Platform
• Device information: Browser type, operating system, IP address
• Cookies: Session cookies required for authentication (see Section 7)

We use your information to:

• Create and manage your account
• Facilitate task matching between Streamers and Brands
• Process payments and payouts
• Verify Twitch statistics to prevent fraud
• Send in-app notifications about task status
• Provide customer support
• Comply with legal obligations (e.g., tax reporting)
• Detect and prevent fraud, abuse, and security incidents
• Improve the Platform through aggregated, anonymized analytics

We do not use your data for targeted advertising, and we do not sell your personal data to third parties.

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

• Contract performance: Processing necessary to provide the Platform services you've signed up for
• Legitimate interests: Fraud prevention, security, and Platform improvement
• Legal obligation: Tax reporting, regulatory compliance
• Consent: Where you have explicitly consented (e.g., marketing emails)

We share your data only in the following circumstances:

• With other users: Your public profile (username, Twitch stats, completed tasks) is visible to Brands when you apply for tasks. Brands' company names and task details are visible to Streamers.
• Service providers: Supabase (database hosting), Stripe (payments), Vercel (hosting). These providers process data on our behalf under data processing agreements.
• Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of our users.
• Business transfers: In the event of a merger or acquisition, your data may be transferred as part of that transaction.

We do not share your data with advertisers or data brokers.

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until you delete your account
• Transaction records: Retained for 7 years for tax and legal compliance
• Notification data: Retained for 90 days, then automatically deleted
• Deleted accounts: Most data is deleted within 30 days; some data may be retained longer for legal compliance

We use the following types of cookies:

• Essential cookies: Required for authentication and session management. Cannot be disabled without breaking the Platform.
• Analytics cookies: Help us understand how the Platform is used (aggregated, anonymized). You can opt out.

We do not use advertising or tracking cookies. You can manage cookies through your browser settings.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@streamquota.com. We will respond within 30 days.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS/HTTPS
• Passwords are hashed using bcrypt (never stored in plain text)
• Database access is protected by Row-Level Security (RLS) policies
• Payment data is handled exclusively by Stripe (PCI-DSS compliant)
• Access to production systems is restricted to authorized personnel

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it to security@streamquota.com.

The Platform is not directed to children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will terminate their account and delete their data. If you believe a child has provided us with personal information, contact us at privacy@streamquota.com.

Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required by GDPR.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used
• The right to delete your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@streamquota.com.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send an in-app notification.

For privacy-related questions or to exercise your rights: