S
StreamIt
Back to Home

Privacy Policy

Last Updated: March 9, 2026 • Effective Date: March 9, 2026

1. Introduction

StreamIt (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real-time captioning service, including the Chrome extension, web dashboard, and API services (collectively, “the Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Google Account Data: When you sign in via Google OAuth, we collect email address, full name, Google ID (unique identifier), and profile picture (if available)

Video and Content Data:

  • YouTube video URLs and IDs
  • Video titles
  • Transcription text (SRT format)
  • Video metadata (upload status, processing status)

Payment Information:

  • Subscription plan type (Free, Pro, or Unlimited)
  • Payment processing handled by LemonSqueezy (we do not store credit card numbers)

2.2 Information Automatically Collected

Usage Data:

  • Audio seconds processed (for quota tracking)
  • Number of videos uploaded per month
  • YouTube API quota usage
  • Session duration and connection timestamps

Technical Data:

  • Browser type and version (Chrome only)
  • Extension version
  • Error logs and debugging information
  • WebSocket connection metadata

Extension Settings:

  • Server URL configuration
  • Caption display preferences (colors, fonts, position)
  • Translation mode settings
  • Overlay position preferences

3. Real-Time Audio Data

What We Process:

  • Live audio streams from Chrome tabs (Twitch/YouTube)
  • Audio format: 16kHz PCM mono
  • Transmitted in 20ms frames over WebSocket

Important Notes:

  • Audio is streamed in real-time and NOT stored on our servers
  • Audio is immediately forwarded to Soniox API for transcription
  • We do not retain audio recordings after the session ends

4. How We Use Your Information

4.1 Service Delivery

We use your information to:

  • Authenticate your identity via Google OAuth
  • Provide real-time transcription services
  • Manage video uploads and caption generation
  • Process payments and manage subscriptions
  • Enforce quota limits based on your plan
  • Generate and display captions in the extension overlay

4.2 Communication

We may use your email to:

  • Send service-related notifications
  • Respond to support requests
  • Notify you of material changes to the Service
  • Send renewal reminders (if subscribed)

4.3 Improvement and Analytics

We use aggregated, anonymized data to:

  • Monitor Service performance and reliability
  • Debug technical issues
  • Improve transcription accuracy
  • Analyze usage patterns for feature development

5. Data Storage and Security

5.1 Storage Locations

Dashboard Database (SQLite):

  • User profiles (email, name, Google ID, creation date)
  • Video metadata and transcription status
  • YouTube OAuth tokens (encrypted with AES-256)
  • Subscription records and usage statistics
  • Transcription job queue and history

Chrome Extension Storage (Local):

  • Authentication tokens (JWT, 7-day validity)
  • User preferences (colors, fonts, translation mode)
  • Session state and overlay positions
  • Note: This data is stored locally on your device and not transmitted to our servers except for authentication

Server Memory:

  • Active WebSocket sessions (in-memory only)
  • Real-time usage tracking (seconds processed)
  • Session identifiers (UUIDs or user IDs)
  • Note: Audio streams are not persisted to disk

5.2 Encryption and Security

Encryption at Rest:

  • YouTube OAuth tokens encrypted with AES-256 using AUTH_TOKEN_ENCRYPTION_KEY
  • JWT tokens signed with HS256 algorithm
  • Database files stored with restricted access permissions

Encryption in Transit:

  • All API communications over HTTPS (TLS 1.2+)
  • WebSocket connections secured with WSS (TLS)
  • Extension-to-server communication encrypted

Access Controls:

  • JWT-based authentication for all API endpoints
  • Session tokens expire after 7 days
  • YouTube tokens refreshed automatically via OAuth flow

5.3 Data Retention

Data TypeRetention PeriodNotes
User profilesUntil account deletionDeleted 30 days after account closure
Video metadataUntil user deletionUsers can delete videos anytime
Audio streamsReal-time onlyNot stored, immediately discarded
Usage statistics13 monthsFor reporting and quota enforcement
Error logs90 daysAutomatically purged

6. Third-Party Data Sharing

We share your data with the following third-party services:

6.1 Soniox (Speech-to-Text API)

Purpose: Real-time transcription of live stream audio

Data Shared:

  • Raw audio streams (16kHz mono PCM)
  • Session identifiers (UUIDs)
  • No personal identification information

Retention: Soniox processes audio in real-time; we do not control their retention. See Soniox Privacy Policy

6.2 Google (OAuth & YouTube Data API)

Purpose: Authentication and YouTube video management

Data Shared:

  • OAuth tokens (for API access)
  • Video IDs and metadata
  • Caption track content (SRT format)

Retention: Google controls retention of data processed through their APIs. See Google Privacy Policy

6.3 Groq (Whisper Transcription API)

Purpose: Offline transcription of uploaded videos

Data Shared:

  • Audio files (up to 25MB per file)
  • No personal identification information (audio only)

Retention: Groq processes audio and returns transcriptions; we do not control their retention. See Groq Privacy Policy

6.4 LemonSqueezy (Payment Processing)

Purpose: Subscription billing and payment processing

Data Shared:

  • User ID (internal identifier)
  • Subscription plan selection
  • Billing email (if different from Google email)

Note: We do NOT store credit card numbers or financial details. See LemonSqueezy Privacy Policy

No Sale of Data

We do NOT:

  • Sell your personal data to third parties
  • Share your data for advertising purposes
  • Allow third parties to collect data through our Service

7. Your Rights and Choices

7.1 Access and Portability

You can:

  • View your profile data in the dashboard
  • Export your video metadata and transcriptions
  • Download your usage statistics
  • Request a complete copy of your personal data

7.2 Deletion

You can:

  • Delete individual videos and transcriptions
  • Cancel your subscription at any time
  • Request complete account deletion (contact support)
  • Upon deletion, data is retained for 30 days then permanently erased

7.3 Opt-Out

You can:

  • Disable real-time transcription by stopping the extension
  • Revoke YouTube OAuth access via Google Account settings
  • Unsubscribe from email communications
  • Delete the Chrome extension to stop all data collection

8. Cookies and Tracking

8.1 Chrome Extension Storage

The extension uses chrome.storage.local and chrome.storage.sync to store:

  • Authentication tokens (JWT)
  • User preferences (server URL, colors, fonts)
  • Session state (active connections)
  • Overlay positions

Note: This is local browser storage, not HTTP cookies. Data remains on your device unless synced via Chrome Sync.

8.2 Session Cookies

The dashboard uses session cookies for NextAuth.js session management, CSRF protection, and authentication state. Cookies expire after 7 days (matching JWT validity).

8.3 No Third-Party Tracking

We do NOT use:

  • Google Analytics or similar tracking services
  • Advertising cookies or pixels
  • Third-party session recording tools
  • Fingerprinting technologies

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

10. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data based on:

  • Contract: To provide the Service you requested
  • Consent: For optional features like YouTube OAuth
  • Legitimate Interest: To improve our Service, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws

11. GDPR Rights (EEA Users)

If you are in the EEA, you have the following additional rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion (“right to be forgotten”)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

12. CCPA Rights (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request disclosure of what personal data we collect and how it's used
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out of Sale: We do NOT sell personal data
  • Right to Non-Discrimination: You will not be discriminated against for exercising your rights

California residents may contact us at [email protected] to exercise these rights.

13. International Data Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) with EU data subjects
  • Encryption of data in transit and at rest
  • Processing only as described in this Privacy Policy

Third-party processors (Soniox, Google, Groq, LemonSqueezy) maintain their own data protection measures. Please review their privacy policies for details on international transfers.

14. Data Breach Notification

In the event of a data breach that may affect your personal data, we will:

  • Notify affected users within 72 hours of discovery (where required by law)
  • Provide details of the breach and what data was affected
  • Recommend steps you can take to protect yourself
  • Take immediate action to secure our systems and prevent future breaches

Notifications will be sent to your registered email address. Please keep your contact information up to date.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last Updated” date
  • Sending an email notification for material changes

We encourage you to review this Privacy Policy periodically for any changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected]

For data subject requests (access, deletion, portability), please include:

  • Your account email
  • Specific request details
  • Verification of identity (if required)

We will respond to all legitimate requests within 30 days.

Summary of Key Points

  • We collect: Email, name, Google ID, video metadata, usage stats
  • We do NOT collect: Browser history, IP addresses, audio recordings (real-time only)
  • We share with: Soniox (audio), Google (OAuth/YouTube), Groq (transcription), LemonSqueezy (payments)
  • We do NOT sell: Your personal data
  • Encryption: AES-256 at rest, TLS 1.2+ in transit
  • Retention: User data deleted 30 days after account closure; audio NOT stored
  • Your rights: Access, correct, delete, export, opt-out
  • GDPR/CCPA: Full rights for EEA and California residents
  • Breach notification: Within 72 hours via email

By using StreamIt, you acknowledge that you have read and understood this Privacy Policy.