Privacy Policy

Effective: April 26, 2026

This Privacy Policy explains how StreamerHubb ("we", "us", "our") handles personal information when you use streamerhubb.com (the "Service"). We try to keep things short, plain, and honest.

1. Information we collect

a. Information you give us

• Account info: email, password (hashed by Supabase, never stored in plaintext), display name, account type (viewer or streamer).
• Streamer profile (optional): linked platform handle, avatar URL, bio.
• Payment details: handled entirely by Stripe. We never see or store your card number — Stripe sends us a customer ID + subscription status only.
• Advertiser inquiries: if you submit the /advertise form, we keep your company, name, email, budget range, zone interest, and message.
• Communications: any email you send us via support@streamerhubb.com.

b. Information collected automatically

• Server logs: IP address, user-agent, request path, timestamp. Used for security, abuse detection, and rate limiting. Retained ~30 days.
• Auth cookies: a Supabase session cookie (HttpOnly, Secure, SameSite=Lax) keeps you signed in. We don't use third-party tracking cookies.
• Stripe cookies: the Stripe Checkout flow may set its own cookies on stripe.com. Their handling is governed by Stripe's policies.

c. Information from third parties

• Streaming platforms: we read public live-stream data from Twitch, YouTube, and Kick using their official APIs. We never see your account on those platforms.
• Google sign-in (optional): if you sign in with Google, we receive your email and a unique Google account ID — nothing else.

2. How we use it

• To run the Service: sign you in, render your favorites, send live alerts, charge subscriptions.
• To enforce free / paid tier limits (e.g., 3-favorite cap on free).
• To send transactional emails: account confirmation, password resets, "your favorite is live" alerts. You can disable live alerts in /account.
• To detect abuse, fraud, or violations of our Terms.
• To respond to legal requests where required.

We do not sell or rent your personal information. We do not run third-party ad-network trackers — the "ad zones" on StreamerHubb are direct-sold creative we host ourselves.

3. Who we share it with

The only parties that touch your data are vendors we strictly need to run the Service ("sub-processors"):

• Supabase — database, auth, hosting of your profile + favorites + votes. Supabase Privacy.
• Stripe — payment processing. Stripe Privacy.
• Vercel — site hosting + edge serving. Vercel Privacy.
• Resend — transactional email. Resend Privacy.
• Google — only if you choose Google sign-in.

We share data with law enforcement only when legally required (e.g., a valid subpoena).

4. How long we keep it

• Account + profile: until you delete your account.
• Subscriptions: retained for 7 years for tax / accounting (Stripe's requirement).
• Server logs: ~30 days.
• Live-alert send log: 30 days, then auto-purged.
• Advertiser leads: 24 months unless you ask sooner.

5. Your rights

Wherever you live, you can:

• Access a copy of the data we have about you.
• Correct inaccurate data (most things you can edit yourself in /account).
• Delete your account — everything except billing records (kept for tax) is wiped.
• Object to or restrict certain processing.
• Export your data in a machine-readable format.

EEA / UK residents (GDPR): our legal bases are (a) contract for running the Service you signed up for, (b) legitimate interests for security / abuse prevention, and (c) consent for optional things like push notifications.

California residents (CCPA / CPRA): we do not "sell" or "share" personal information as those terms are defined in California law. You can exercise the rights above and won't be discriminated against for it.

To exercise any right: email privacy@streamerhubb.com. We respond within 30 days.

6. Security

Passwords are hashed by Supabase using bcrypt-style algorithms. All traffic is HTTPS (HSTS). Database queries are protected by row-level security policies so users can only read their own data. Payment card data never touches our servers — Stripe handles it on PCI-compliant infrastructure. We send transactional email over authenticated SMTP (SPF + DKIM + DMARC).

No system is bulletproof. If you spot a vulnerability, please write to security@streamerhubb.com — see our Security Policy.

7. Children

StreamerHubb is not directed to children under 13 (16 in the EEA / UK). If we learn we've collected data from a child, we'll delete it. Parents who believe their child created an account: email privacy@streamerhubb.com.

8. International transfers

We're US-based. If you're outside the US, your data will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) with our sub-processors.

9. Changes to this policy

We'll update the "Effective" date above for any material change and notify active users by email at least 7 days before it takes effect.

10. Contact

StreamerHubb
Email: privacy@streamerhubb.com
Postal address: 615 3rd Street, Milford, NE 68405, United States

// This template was prepared by the StreamerHubb team and is not legal advice. Have an attorney review it for your jurisdiction before going live.