SStreamwit
LoginGet started
Back to home

Legal

Privacy Policy

Last updated May 26, 2026

Streamwit is designed to need very little about you. This policy lists every piece of data we collect, every third party that touches it, and what you can do about it.

Section 01

Overview

Streamwit is built to need as little personal data as possible. We don’t profile you, we don’t sell data, and we don’t share it with advertisers. This policy describes exactly what we collect, why, and who else touches it.

Section 02

Information we collect

When you sign up and use Streamwit, we collect:

  • Account. Email address, password hash (handled by Supabase Auth), optional display name, an internal user ID.
  • Discord identity (if you link Discord). When you sign in with Discord — used for the free trial and community features — we receive your Discord user ID, username, and global name via OAuth. We do not request your email-on-Discord beyond what Supabase needs to create your account, and we never read your Discord messages or guild list.
  • Wallet activity. Top-up amounts, payment provider, transaction IDs, anti-replay nonces.
  • Orders. Channel name, platform (Twitch / Kick), service type, quantity, duration, edit history, status and pricing.
  • Technical. Standard request logs (IP, user agent, timestamps), kept for security and abuse detection.

Section 03

Information we do not collect

  • Card numbers. Card processing is handled by OVGC through our FPSWare gift-card bridge — we never see your card number, CVV, or full PAN.
  • Twitch / Kick credentials. We never ask for them and the service does not require them. We deliver to the channel name you type, nothing more.
  • Crypto wallet seeds or private keys. Crypto deposits go through OxaPay — we only see the deposit invoice ID and the final credited amount.
  • Marketing identifiers. We do not embed third-party ad pixels or behavioral trackers in the application.

Section 04

How we use it

  • To operate your account and deliver the orders you place.
  • To compute pricing, refunds, and dead-letter reconciliation.
  • To respond to support requests.
  • To detect fraud, abuse and chargebacks.
  • To comply with legal obligations and respond to lawful requests.

We do not use your data to train models, sell to third parties, or target you with advertising.

Section 05

Cookies and local storage

We use a minimal set of cookies and local-storage keys, all first-party:

  • Auth session (Supabase) — keeps you signed in.
  • Theme preference — light, dark or system, persisted locally so the dashboard doesn’t flash on reload.
  • Accent preference — your chosen brand accent (Lavender, Ink, Coral, Slate), stored locally.
  • Idempotency keys — short-lived UUIDs to prevent duplicate orders on accidental double-clicks.

No analytics cookies, no ad cookies, no cross-site trackers.

Section 06

Third-party processors

The following companies process portions of your data on our behalf:

  • Supabase — authentication and database (PostgreSQL, US-East-1).
  • Hostinger — application hosting (Node.js).
  • Upstream fulfillment providers — receive the channel name and order parameters required to deliver the service.
  • OxaPay — crypto invoice creation and confirmation callback.
  • OVGC Payments via the FPSWare gift-card bridge — card processing; sees card and email, returns a one-time gift code.
  • Resend (if enabled) — transactional email delivery.

Each provider has their own privacy policy that applies to the data they handle.

Section 07

Storage and security

Account and order data live in Supabase Postgres (US-East-1) with row-level security: a user can only read their own rows. Privileged operations (wallet mutations, dead-letter writes) execute through SECURITY DEFINER stored procedures invoked only by our server with a service-role key.

Transport is encrypted with TLS. Passwords are hashed by Supabase Auth using industry-standard algorithms — we never store them in clear text and the application cannot read them.

Section 08

Retention

  • Active accounts. Data is retained while the account is active.
  • Closed accounts. Personal data is deleted within 30 days of account closure, except where retention is required (e.g. tax, accounting, fraud-prevention records) — in those cases data is retained for the legally required period and then deleted.
  • Order history. Order metadata is retained for 18 months for reconciliation, then anonymized.
  • Request logs. Retained for 30 days, used only for security and abuse detection.

Section 09

Your rights

You can:

  • Access — see your account, orders, and wallet history at any time inside the dashboard.
  • Export — request a JSON export of all data tied to your account by emailing support.
  • Correct — update your display name from the Profile page.
  • Delete — close your account from the Profile page or by emailing support.
  • Object — to any processing you consider unjustified; we will respond within 30 days.

Depending on where you live, additional rights apply (GDPR, CCPA, LGPD). We honor those rights regardless of jurisdiction.

Section 10

Children

Streamwit is not for anyone under 18. We do not knowingly collect data from minors. If we learn that a minor has signed up, we delete the account.

Section 11

International users

Streamwit is operated from a single jurisdiction and your data may be transferred to and processed in countries other than your own (notably the United States, where our hosting providers operate). Where required, transfers are protected by standard contractual clauses.

Section 12

Changes to this policy

We may update this policy when we change providers, add features, or to reflect new legal requirements. Material changes will be announced in-app or by email.

Section 13

Contact

Privacy questions, data-access requests, or complaints: write to privacy@streamwit.com.