Privacy Policy

1. Introduction

StreamExp (hereinafter "we", "our", "the Platform") is committed to protecting the privacy of its users. This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data Controller

The data controller is: [TO BE COMPLETED - Name/Company], [Address], Email: contact@StreamExp.gg

3. Data Collected

3.1 Data provided by Twitch (OAuth login)

• Twitch ID (unique identifier)
• Username and display name
• Email address associated with the Twitch account
• Profile picture
• Broadcast status (live or not)
• Follower and subscription information (if authorized)

3.2 Data generated through usage

• Quest progress (watch time, messages sent)
• Credit, ore, and token balances
• Transaction history (purchases, exchanges)
• Completed quest history
• Referral data
• Global chat messages
• Support tickets and feedback
• Time slot booking data

3.3 Technical data

• IP address (for security and anti-cheat purposes)
• Browser type and operating system
• Pages visited and session duration
• Cookies (see our Cookie Policy)

4. Purpose of Processing

• Authentication via Twitch and account management
• Operation of the quest and reward system
• Anti-cheat verification and abuse prevention
• Payment management (via Stripe) for token purchases and subscriptions
• Service-related communications (notifications, support)
• Service improvement and anonymized statistics
• Report management and moderation

5. Legal Basis

• Contract performance: for the operation of the service
• Consent: for non-essential cookies and communications
• Legitimate interest: for security and fraud prevention
• Legal obligation: for the retention of transaction data

6. Data Retention

• Account data: retained as long as the account is active, deleted within 30 days after account deletion
• Transaction data: retained for 5 years (legal obligation)
• Security logs: retained for 1 year
• Cookies: see our Cookie Policy

7. Data Sharing

We never sell your data.

• Twitch: OAuth authentication (minimal data)
• Stripe: payment processing (financial data only)
• OVH: application hosting
• Sentry: error monitoring (anonymized technical data)

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Right of access: obtain a copy of your data
• Right to rectification: correct inaccurate data
• Right to erasure: delete your account and data
• Right to data portability: receive your data in a structured format
• Right to object: object to the processing of your data
• Right to restriction: restrict the processing of your data

To exercise these rights: contact@StreamExp.gg

9. Security

• HTTPS encryption for all communications
• Secure authentication tokens with expiration
• Hashing of sensitive data
• Continuous monitoring for unauthorized access attempts
• Regular encrypted backups

10. Minors

StreamExp is intended for individuals aged 13 and over (in accordance with Twitch's Terms of Service). Minors under 16 must obtain consent from their parents or legal guardians.

11. International Transfers

Your data may be processed by sub-processors located outside the EU (Stripe). These transfers are governed by standard contractual clauses approved by the European Commission.

12. Changes

We reserve the right to modify this policy. In the event of a substantial change, you will be notified by email or notification on the platform.

13. Contact

For any questions regarding your data: Email: contact@StreamExp.gg. You may also file a complaint with your local data protection authority.