Skip to content
StreamSnip
Legal

Privacy Policy

Last updated: April 21, 2026

1. Who we are

StreamSnip is operated as a US sole proprietorship by Romie Dalal, California, United States (LLC formation pending — we will update this page when the operating entity changes). Contact: privacy@streamsnip.io.

2. What we collect (product users)

  • Account: email, display name, hashed password
  • Payment: handled by Stripe — we never store card numbers
  • Content: VOD URLs submitted, generated clips
  • Usage: anonymized analytics events
  • Device: IP, user agent, browser locale — retained 90 days

3. Why we collect it

To provide the service, process payments, prevent fraud, improve the product, and contact you about your account.

4. Third parties (sub-processors)

Stripe (payments), Resend (email), Sentry (errors), PostHog (analytics), Vercel (hosting), Cloudflare R2 (storage), Cloudflare Turnstile (bot detection), Anthropic (AI).

5. Your rights

  • Access: /data-request
  • Delete your account: /data-request
  • Export your data: JSON download
  • Opt out of analytics: cookie banner
  • Unsubscribe from marketing: every marketing email footer

6. Retention

Active account: indefinite. Deleted account: purged within 30 days. Device data: 90 days.

Outbound outreach addendum

Applies only to creators we contact via cold outbound before any sign-up.

7. What we hold about you

If you haven't signed up for StreamSnip but we've emailed you, we hold only:

  • Your publicly listed business-inquiry email (sourced from your Twitch, YouTube, or Kick channel "About" page, or a public Linktree / linked biz page).
  • Your public creator handle + platform.
  • Metadata about outreach attempts (send timestamp, open/click events from our email provider, reply content if you reply).
  • A suppression flag if you opt out.

We do not enrich this with any third-party data broker data, purchased lists, or scraped social profiles beyond the public channel About page.

8. Legal basis (jurisdictional)

  • United States (CAN-SPAM): commercial electronic mail with valid physical postal address, functioning opt-out, accurate headers.
  • Canada (CASL): we do not intentionally target .ca addresses in Phase 1–2. Canadian creators who receive this message can reply "unsubscribe" for permanent suppression; we do not rely on implied consent beyond publicly published business contact information.
  • EU / UK (GDPR / UK-GDPR): Art. 6(1)(f) legitimate interest, documented in a Legitimate Interests Assessment. You may object at any time under Art. 21.
  • Cross-border transfers: EU/UK data is stored on US-based infrastructure. Transfers rely on Standard Contractual Clauses (SCCs) where required.

9. Your rights as a creator we've contacted

  • Access: email privacy@streamsnip.io with "access request". We respond within 30 days.
  • Rectification: same email. We'll correct or delete inaccurate data.
  • Erasure: same email with "delete". We purge your prospect record and add your email to the suppression list within 30 days.
  • Object to processing: email privacy@streamsnip.io. We cease processing immediately, suppress permanently, and delete your prospect record within 30 days.
  • Lodge a complaint: with your local supervisory authority (EU/UK) or the FTC (US).

10. Outreach data retention

Outbound prospect records are retained for 180 days after the last outreach attempt. After that the record is purged. Suppression flags are retained indefinitely (append-only) so we never re-contact anyone who opted out.

11. Security

  • Prospect records stored in our primary Postgres (Railway), encrypted at rest.
  • Email provider (Resend) and Gmail API tokens stored as secrets, not in source.
  • Access limited to the StreamSnip team + automated jobs; no third-party sharing.
  • Breach notification: within 72 hours to supervisory authority where GDPR requires; to affected individuals where risk is high.
Questions? privacy@streamsnip.io