StreamSuites™

Table of contents

Use this index to jump to specific privacy topics.

• Definitions and scope
• Information we collect
• Creator analytics and statistics
• Live chat logging and replay
• How we use information
• OAuth and connected platforms
• Cookies, sessions, and similar technologies
• Legal bases for processing
• Third-party providers and their policies
• Data sharing and disclosures
• End users and audience members
• International transfers
• Retention and deletion
• Security
• Your rights and choices
• Children
• Changes to this policy
• Contact

Definitions and scope

StreamSuites™ is operated by Brainstream Media Group. This policy applies when you interact with our public site, creator/admin dashboards, authentication endpoints, runtime-connected automations, integrations, and support or billing channels.

Defined terms used in this policy

• "StreamSuites" / "we" / "us": StreamSuites products and services operated by Brainstream Media Group.
• "Brainstream Media Group": the operating entity responsible for StreamSuites services covered by this page.
• "Services": public pages, dashboards, APIs, auth systems, runtime tooling, and related operations.
• "Account holder" or "Creator": a registered user who configures and operates StreamSuites features.
• "Visitor": someone who browses public pages without signing in.
• "End user" or "Audience member": someone who interacts with creator experiences powered by StreamSuites, including chat participants who may not have a StreamSuites account.
• "Content": information provided, uploaded, configured, generated, or processed through Service features.
• "Connected Platforms": third-party providers or media/community platforms that creators link to StreamSuites.
• "Service Providers": vendors that process information on our behalf to operate infrastructure, security, payments, email, analytics, and incident communications.

Scope boundaries

This policy does not replace privacy notices published by Connected Platforms themselves. If a specific StreamSuites surface displays a separate notice for a feature or region, that notice governs that surface.

Learn more: Account types, Installation, First run.

Information we collect

The categories below describe the data we may collect directly from you, receive from Connected Platforms, or generate while operating Services. Not every category applies to every person.

Account and profile data

• Email address, username/display name, internal user ID, account role, and account preferences.
• Workspace ownership links, project membership, and account lifecycle state (for example, active, suspended, pending verification).

Authentication and security data

• Sign-in timestamps, IP address, user-agent strings, browser/device signals, session identifiers, and security event metadata.
• If direct password login is enabled, credentials are stored as protected hashes rather than plaintext passwords.

OAuth and connected account data

• Provider identifiers and account linkage metadata from Google, GitHub, Discord, X, Twitch, and other enabled providers.
• Email, username, and profile fields only when the provider returns them and requested scopes permit access.

Tokens and secrets

• Access tokens, refresh tokens, API credentials, and scope metadata required to run authorized integrations.
• Sensitive secrets are treated as restricted data; we apply minimization and access controls and avoid exposing implementation-level security details publicly.

Creator workspace and configuration data

• Automation rules, trigger logic, moderation settings, quotas/tallies, scoring or clips setup, and workflow preferences.
• Runtime behavior settings, API key references, and feature toggles selected by creators/admins.

Runtime operational data

• Operational logs, error events, performance telemetry, job execution records, audit entries, and export/version metadata.
• Events needed to monitor reliability, investigate incidents, and verify system changes.

Audience and chat interaction data

• Usernames/handles, platform user IDs, message IDs, timestamps, moderation actions, and channel/community identifiers processed during creator operations.
• Where enabled by a creator feature (such as unified chat replay), this may include chat message content and related metadata needed for playback, search, moderation history, or audit context.
• This may include data about people who never created a StreamSuites account.

Creator analytics and statistics data

• Historical snapshots of creator channel metrics (for example, follower/subscriber counts, view totals, and similar platform-provided statistics) when available via Connected Platforms and authorized connections.
• Livestream and content event metadata (for example, titles, timestamps, platform URLs, and available engagement/viewer statistics) when available via Connected Platforms.
• StreamSuites-generated operational statistics (for example, triggers invoked, clips created, jobs run, automation success/failure counts, and reliability indicators) tied to creator workspaces and runtime sessions.
• Data-quality markers where a metric is approximate, estimated, partial, delayed, or unavailable for a Connected Platform.

Support and communications data

• Support requests, troubleshooting context, privacy-rights inquiries, and related correspondence.
• Email delivery metadata such as sent time, delivery status, bounces, and operational notification preferences.

Payments and billing metadata

• Plan tier, subscription state, invoice references, transaction timestamps, currency/country metadata, and Stripe customer/subscription IDs.
• Full payment card details are handled by Stripe and are not stored by StreamSuites.

Analytics data

• Non-advertising usage data such as page views, approximate geolocation from IP, referrer/source context, and device/browser attributes.
• Aggregated statistics used for service quality, capacity planning, and product improvement.

Status and incident subscription data

• Email address and/or phone number provided for service incident or maintenance notifications via Statuspage.

Learn more: Creator dashboard, Automation basics, Clips and scoreboards, Runtime overview, Exports and versioning.

Creator analytics and statistics

StreamSuites provides creator dashboards and administrative dashboards that present operational and growth-related statistics. These statistics may include platform-provided metrics (when available) and StreamSuites-generated metrics that reflect automation activity, reliability, and outcomes.

What the dashboards may display

• Channel growth: follower/subscriber counts and change over time (for example day-to-day, week-to-week, month-to-month, year-to-year) where available from Connected Platforms.
• Livestream history: latest livestream details and a list of recent events (for example title, timestamps, platform URLs, and available view/engagement metrics).
• Automation ROI: StreamSuites activity counts such as triggers invoked, clips created, jobs run, runtime session length, success/failure counts, and other operational outcomes.
• Totals and per-platform breakdowns: where multiple platforms are connected, dashboards may show per-platform figures and a combined total.

Data quality and availability

Connected Platforms differ in what they expose through APIs and authorized connections. StreamSuites may show a metric as unavailable (for example “—”) or indicate that a value is approximate (for example by using symbols such as ≈, +, or *). Where a metric is delayed or later revised by the Connected Platform, historical points may change.

How creator analytics are sourced

• From Connected Platforms: platform-provided statistics we can access using creator-authorized scopes, tokens, or permitted API methods.
• From StreamSuites operations: events produced by StreamSuites runtime services while executing creator-configured automations.
• From creator configuration: workspace settings that determine what features are enabled and what statistics are recorded.

Administrative visibility

StreamSuites administrators may view creator analytics for support, reliability investigation, abuse prevention, billing integrity, and platform operations. We do not display global creator analytics to the public, and creator dashboards are scoped to the creator workspace/account.

Live chat logging and replay

Some StreamSuites features may capture and store live chat content and chat metadata from Connected Platforms in order to provide unified chat replay, moderation history, auditing of automation outcomes, and creator-requested exports. This may be particularly relevant for platforms where chat replay is limited or unavailable after a livestream ends.

When chat content may be stored

• When a creator enables a feature that requires chat storage (for example unified live chat replay, moderation history, searchable chat archives, or verification of automation triggers).
• When chat capture is needed to execute creator-configured automations (for example trigger matching, moderation actions, or command handling), and the selected feature requires retention beyond transient processing.

What may be stored

• Chat message content, message IDs, timestamps, channel/community identifiers, platform usernames/handles, and platform user IDs (where provided).
• Moderation actions and outcomes (for example deleted/held messages, timeouts, bans) when available via the Connected Platform and enabled features.
• Derived and aggregated chat statistics (for example message counts, unique chatters, trigger hits) for reporting and creator dashboards.

Audience-member notice and creator responsibility

Audience members typically provide their chat messages to Connected Platforms under those platforms’ terms. When creators enable StreamSuites chat replay or logging, StreamSuites may also process and store that chat content on behalf of the creator to provide the enabled feature. Creators are responsible for ensuring they have appropriate disclosures to their communities where required by law or platform rules.

Use limitations

• StreamSuites does not sell chat content or use chat logs for third-party advertising targeting.
• Chat logs are used to deliver the enabled features, support reliability and abuse prevention, and respond to lawful requests where required.

How we use information

We process information to provide requested functionality, secure the platform, support creators, and comply with applicable obligations.

Provide and operate the service

• Create and manage accounts, workspaces, dashboards, and runtime-linked features.
• Apply creator settings, execute automations, and provide exports and operational views.

Creator analytics, statistics, and reporting

• Generate and display creator dashboards that show historical trends, per-platform breakdowns, and StreamSuites operational outcomes.
• Record StreamSuites automation activity (for example triggers, jobs, clips, and reliability indicators) to support creator reporting and troubleshooting.
• Retrieve and store platform-provided statistics where available via authorized connections to populate dashboards and comparisons over time.

Live chat processing, logging, and replay (when enabled)

• Process chat events to execute creator-configured automation and moderation workflows.
• Where a creator enables unified replay/logging features, store chat content and metadata to provide replay, search, moderation history, and related creator tools.

Authenticate and secure accounts

• Operate login/session controls, detect suspicious behavior, and investigate abuse or unauthorized access.
• Maintain audit trails for administrative and sensitive actions.

Enable integrations you authorize

• Use approved scopes/tokens to connect with platforms and execute features selected by the creator.
• Process operational platform events, including chat or moderation signals, when those features are enabled.

Billing and fraud prevention

• Manage subscriptions, invoices, payment confirmations, refunds, and disputes.
• Use transaction and account signals to reduce fraud and abuse risk.

Support and communications

• Send service-critical notices, account/security alerts, and support replies.
• Maintain communication records to resolve tickets and improve support quality.

Reliability, debugging, and performance measurement

• Monitor uptime and incidents, diagnose errors, improve latency/stability, and evaluate feature reliability.
• Generate aggregate analytics and reporting for operations and planning.

Compliance and legal obligations

• Comply with financial, tax, and legal requirements and respond to lawful requests.
• Enforce product terms, licensing terms, and acceptable use requirements.

Learn more: Runtime reference, EULA, License, Commercial license.

OAuth, APIs, and connected platform authorization

StreamSuites supports OAuth sign-in and account connection workflows. When you connect a provider, the provider sends data according to the permissions you approve. We request scopes needed to deliver the selected feature set and avoid unnecessary access.

What we receive and store

• Provider user IDs and linkage metadata required to maintain account connections.
• Profile/account fields and email only when returned by provider policy and approved scopes.
• Access/refresh tokens and scope records when needed for ongoing connected operations.

Authorization for statistics and replay features

• Where a creator enables analytics dashboards or comparisons over time, StreamSuites may periodically retrieve platform-provided statistics using the creator’s authorized connection.
• Where a creator enables unified chat replay/logging, StreamSuites may retrieve and store chat events/content available via the platform connection to provide replay and related tools.
• Disabling a feature or revoking permissions may prevent future collection and may limit dashboards or replay functionality.

Connection controls

• Creators can revoke or rotate credentials from provider dashboards and/or StreamSuites controls where available.
• Revoking permissions may disable related runtime automation and connected features.

Learn more: API authentication, API keys, Twitch integration, YouTube integration, Discord integration, Rumble integration, Kick integration, Pilled integration.

Cookies, sessions, and similar technologies

We use cookies and related technologies for authentication, security, and product analytics. StreamSuites does not use third-party advertising cookies for ad-targeting through StreamSuites services.

Essential cookies

• Session/authentication cookies and anti-forgery controls (including CSRF protections) needed for secure sign-in and account use.

Security and abuse-prevention signals

• Cloudflare and similar security controls may set security cookies or process request metadata to detect bots and malicious traffic.

Analytics cookies

• Google Analytics cookies may be used for non-advertising measurement and service improvement, subject to user choice and law.

Your controls

• You can manage cookies through browser settings and privacy tools.
• Disabling essential cookies may break sign-in and other critical features.

Legal bases for processing

Depending on your jurisdiction, we rely on one or more legal bases to process personal data.

• Contract: to deliver the Services you request, including account access, runtime features, support, analytics dashboards you enable, and replay features you enable.
• Legitimate interests: to secure Services, prevent abuse, maintain reliability, and improve operations in a balanced manner.
• Consent: where required, such as specific analytics practices or optional communications.
• Legal obligation: to meet tax, accounting, compliance, and lawful disclosure requirements.

Third-party providers and their policies

We work with third-party providers to operate StreamSuites. These providers may process personal data on our behalf as Service Providers, and may process network/usage data needed to deliver their services. Their independent privacy notices also apply to processing they perform.

OAuth and identity providers

• Google: authentication and connected identity flows; may process account identifiers and usage/network metadata. Policy: https://policies.google.com/privacy?hl=en-US
• GitHub: sign-in/identity linkage; may process user and request metadata. Policy: https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
• Discord: identity and platform authorization signals. Policy: https://discord.com/privacy
• X: identity and platform authorization signals. Policy: https://privacy.x.com/en
• Twitch: identity and platform authorization signals. Policy: https://legal.twitch.com/en/legal/privacy-notice/

Email and messaging delivery

• Resend: transactional/service email delivery and metadata processing. Policy: https://resend.com/legal/privacy-policy
• Resend legal resources: legal hub and related materials, including subprocessor context. Reference: https://resend.com/legal

Payments

• Stripe: payment processing, subscription billing, and anti-fraud checks. Privacy policy: https://stripe.com/privacy
• Stripe DPA: contractual data processing terms where applicable. Reference: https://stripe.com/legal/dpa

CDN, DNS, and security

• Cloudflare: CDN, DNS, request filtering, and network security operations. Policy: https://www.cloudflare.com/privacypolicy/
• Cloudflare Turnstile: bot mitigation and abuse reduction controls. Policy: https://www.cloudflare.com/turnstile-privacy-policy/

Hosting and infrastructure

• Hetzner: infrastructure hosting and related operational processing. Policy: https://www.hetzner.com/legal/privacy-policy/

Analytics (non-advertising measurement)

• Google Analytics privacy disclosures: requirements and disclosure framework. Reference: https://support.google.com/analytics/answer/7318509?hl=en
• Google Analytics Terms (US): product terms governing analytics use. Reference: https://marketingplatform.google.com/about/analytics/terms/us/

Status monitoring and incident communications

• Atlassian (Statuspage): service status publishing and incident subscriber messaging. Policy: https://www.atlassian.com/legal/privacy-policy

Learn more: Stripe integration docs, Support model, Troubleshooting, FAQ.

Data sharing and disclosures

We do not sell personal information. We disclose data only where needed for service delivery, legal compliance, and platform integrity.

Service providers and processors

• We share relevant data with hosting, security, analytics, payment, email, and status providers under applicable contractual safeguards.

Connected platform exchanges

• When creators authorize integrations, data may be exchanged with Connected Platforms to execute selected features.

Legal and safety disclosures

• We may disclose information when required by law, legal process, or to protect users, rights, and service security.

Corporate transactions

• If StreamSuites is involved in a merger, acquisition, financing, reorganization, or asset sale, information may be transferred with continuity safeguards and legal protections.

End users and audience members without StreamSuites accounts

StreamSuites features may process data about audience members who interact with creator communities even when those individuals do not have StreamSuites accounts.

What may be processed

• Handles/usernames, platform IDs, chat messages, message IDs, timestamps, moderation actions, and related event context.
• Where a creator enables unified chat replay/logging, StreamSuites may store chat messages and metadata to provide replay, moderation history, searchable archives, and related creator tools.

Where the data comes from

• Data is generally sourced from Connected Platforms chosen by the creator and processed to run creator-configured automations and moderation workflows.

Creator role and StreamSuites role

• Creators decide which integrations and features (including replay/logging) are enabled in their workspace.
• StreamSuites provides platform infrastructure and processing needed to execute those configurations.

Rights and requests for audience data

• Audience members may contact the creator and/or originating platform for data they control.
• For data controlled directly by StreamSuites, requests can be sent to our privacy contact section below.

International transfers

StreamSuites and Service Providers may process information in multiple regions, including the United States, Europe, and other jurisdictions where infrastructure or support operations occur. When cross-border transfers apply, we use appropriate policy-level safeguards, such as contractual protections and vendor compliance commitments.

Retention and deletion

We retain data for the time needed to deliver Services, maintain security and records, and satisfy legal obligations. Retention periods vary by data category and operational context.

Category-based retention approach

• Account and workspace records: retained while accounts are active and for a limited period after closure to support recovery, disputes, and compliance.
• Security and audit logs: retained for defined windows to support abuse prevention, incident review, and access investigations.
• Billing and transaction records: retained as required for accounting, tax, chargebacks, and legal compliance.
• Support communications: retained as needed to resolve issues, maintain service continuity, and document request handling.
• Creator analytics and statistics: retained to provide historical reporting and comparisons over time while the account is active, subject to deletion requests and applicable legal/operational requirements.
• Chat logs for unified replay/logging (when enabled): retained to provide replay, moderation history, and creator-requested exports while the feature is enabled and/or while the creator account remains active, subject to creator controls, deletion requests, and applicable legal/operational requirements.
• Analytics data: retained under configured analytics settings and applicable legal requirements.
• Status subscriptions: retained while subscription notifications remain active, then removed or anonymized when no longer needed.

Deletion workflow and backups

• Deletion generally starts with disabling access and removing data from active systems, followed by normal backup-cycle expiration.
• Residual copies in encrypted backups may persist temporarily until overwritten according to backup lifecycle controls.

Security

We apply technical and organizational safeguards designed to protect information from unauthorized access, misuse, alteration, or loss. No system can be guaranteed to be 100% secure.

Core safeguards

• TLS encryption for data in transit.
• Role-based access controls and least-privilege administration for sensitive systems.
• Audit logging and monitoring for privileged and security-relevant actions.
• Secure handling of tokens, secrets, and credentials used for integrations and APIs.
• Layered network protections and abuse defenses, including vendor-backed security controls.
• Ongoing operational review of service-provider security commitments relevant to StreamSuites operations.

Your rights and choices

Depending on where you live and how you interact with StreamSuites, you may have rights related to your personal data.

Access, correction, and deletion

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of eligible data, subject to legal or operational retention requirements.

Creator analytics and chat replay controls

• Creators may disable connected features (where available) to limit future collection of platform statistics or chat replay/logging.
• Creators may request export or deletion of creator analytics and/or chat logs associated with their workspace, subject to applicable law and operational requirements.

Portability, objection, and restriction (where applicable)

• Request data portability for certain information in a structured format where rights apply.
• Object to or request restriction of processing in circumstances recognized by law.

Consent withdrawal and cookie controls

• Withdraw consent for processing based on consent, including certain analytics activities where applicable.
• Manage cookies through browser controls; disabling essential cookies can affect service functionality.

OAuth and integration revocation

• Revoke connected app permissions from third-party provider settings and/or StreamSuites controls where available.
• Revocation may interrupt connected features until reauthorized.

Regional disclosures

Privacy rights and appeal mechanisms vary by region, including EEA/UK, U.S. state privacy frameworks, and Australia. We evaluate requests in line with applicable law and may ask for identity verification before acting.

Children

StreamSuites is not directed to children under 13, or the minimum age required by local law. We do not knowingly collect personal information from children in circumstances requiring parental consent.

Changes to this policy

We may update this Privacy Policy to reflect technical, operational, contractual, or legal changes. When updates are published, we revise the "Last updated" date shown near the top of this page.

Contact

For privacy requests, data access/deletion requests, or policy questions, contact:

• Privacy: privacy@streamsuites.app
• Support: support@streamsuites.app

Identity verification may be required before we fulfill certain requests.