Privacy Policy

Streampace LLC, a Pennsylvania limited liability company (“Streampace,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy (the “Policy”) describes how we collect, use, share, and protect information in connection with the Streampace web application, APIs, dashboards, data feeds, alerts, integrations, and related services (collectively, the “Service”), and the choices you have with respect to that information.

This Policy is incorporated into, and forms part of, our Terms of Service. Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms of Service.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree, do not access or use the Service.

In addition to the defined terms in our Terms of Service, the following terms apply:

• “Personal Information” means information that identifies, relates to, or could reasonably be linked, directly or indirectly, with a particular natural person or household. Personal Information does not include de-identified, aggregated, or publicly-available information that has been processed so it cannot reasonably be associated with an individual.
• “Service Provider” means a third party we engage to perform a business function on our behalf and that is contractually restricted from using Personal Information for its own purposes.
• “Sale” and “Share” have the meanings given to those terms under the California Consumer Privacy Act (as amended by the California Privacy Rights Act, collectively, the “CCPA”).

We collect information in the following categories:

3.1 Account and billing information. When you sign up, subscribe, or contact us for a demo, we collect: name, email address, password (hashed), agency or company name (if applicable), TikTok handle (if you’re a solo creator), billing address, and limited transaction history. Payment-card details are collected and processed by our payment processor (Stripe, Inc.) and are not stored on Streampace systems beyond a tokenized reference.

3.2 TikTok Data. The Service ingests publicly-broadcast data from TikTok Live streams, which may include creator handles, gift events, gifter handles and user IDs, gift values, battle outcomes, viewer counts, and creator-published statistics. To the extent that any TikTok Data identifies a natural person (e.g., a gifter’s public handle), it is Personal Information about third parties (TikTok creators and gifters), not about the Customer who is the subscriber of the Service. Section 13 describes how creators may request takedown of Personal Information associated with their handle.

3.3 Customer Data. If you provide additional data through the Service — roster choices, custom labels, notes, tags, alert thresholds, etc. — we receive that data as Customer Data, governed by the Terms of Service.

3.4 Automatic technical information. When you access the Service, we and our Service Providers automatically collect: IP address, browser type and version, operating system, device type, screen size, referring/exit pages, click and scroll behavior, page-view timestamps, request method, and approximate location derived from IP. We do not collect precise geolocation data.

3.5 Cookies and similar technologies. See Section 10. We use first-party and limited third-party cookies for authentication, security, preferences, performance measurement, and product analytics.

3.6 Communications. When you contact us by email, support form, in-app message, or social channel, we receive your message, your contact details, and any metadata your client transmits. We may keep records of these communications for quality, training, security, and dispute-resolution purposes.

3.7 Information we do not knowingly collect. We do not knowingly request, collect, or intentionally process: government-issued ID numbers, financial-account numbers (other than the tokenized payment reference noted in 3.1), health information, racial or ethnic origin, religious beliefs, sexual orientation, biometric data, or geolocation more precise than country/region.

We use the information described in Section 3 for the following purposes:

• Operate and provide the Service. Authenticate users, deliver dashboards, process gift events, generate analytics, send alerts, route webhooks, ingest TikTok Data, and provide customer support.
• Bill and process payments. Process Subscription fees, manage renewals, detect and prevent payment fraud.
• Communicate with you. Send transactional notifications (login, billing, Service alerts, security notices), respond to support requests, and — with your consent or other lawful basis — send marketing communications you can unsubscribe from at any time.
• Improve and develop the Service. Analyze usage patterns, run experiments, debug errors, and develop new features. Aggregated, de-identified usage analytics are also used for these purposes.
• Protect security and integrity. Detect and prevent fraud, abuse, and violations of the Terms of Service; investigate suspected security incidents; enforce our agreements.
• Comply with law. Respond to lawful requests, fulfill legal and tax obligations, defend legal claims, and cooperate with regulators.
• Generate aggregated and de-identified data. Subject to the rights granted in the Terms of Service, we may produce aggregated, anonymized, or de-identified data for benchmarking, research, product development, and marketing, and we may retain that data indefinitely.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar requirements, we rely on the following lawful bases:

• Performance of a contract — to provide the Service you have subscribed to or are evaluating.
• Legitimate interests — to operate, secure, debug, improve, and market the Service; to detect and prevent fraud; to protect our and others’ rights. Where we rely on legitimate interests, we have determined that those interests are not overridden by your fundamental rights and freedoms.
• Consent — for marketing communications (where required by law) and for certain cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Compliance with a legal obligation — to retain financial records, respond to lawful requests, and meet other obligations imposed on us.

We share Personal Information only as described below. We do not sell Personal Information for monetary consideration, and we do not “Share” Personal Information within the meaning of the CCPA (cross-context behavioral advertising). If our practices change, we will update this Policy and provide any notice or opt-out required by law.

6.1 Service Providers. We engage Service Providers to perform business functions on our behalf, subject to written agreements that restrict their use of Personal Information to providing the agreed services. Categories include:

• Hosting and infrastructure — Vercel, Inc. (frontend); Railway Corp. (backend, database, worker, realtime service); DigitalOcean, LLC (additional compute infrastructure); Cloudflare, Inc. (CDN/edge, where applicable).
• Payments — Stripe, Inc. (subscription billing, card processing).
• Email delivery — Postmark (ActiveCampaign LLC) and/or Resend, Inc., for transactional and digest emails.
• Error monitoring and observability — Sentry (Functional Software, Inc.) and Axiom and/or Better Stack for application logs and metrics.
• Analytics — Vercel Web Analytics and PostHog Inc. for product-usage measurement.
• Third-party signing services — used to obtain the technical request authentication required to connect to publicly-broadcast TikTok Live streams. These providers receive only Service-side identifiers necessary for signing requests; they do not receive Customer account information, Personal Information, or any data that identifies our users. We will name specific providers in a written response to a verified data-subject-access request.
• Customer support tooling — limited use of email and ticketing tools that receive your support communications.

6.2 Affiliates. We may share information with our corporate affiliates for the purposes described in this Policy, subject to obligations consistent with this Policy.

6.3 Business transfers. If Streampace is involved in a merger, acquisition, financing, sale of assets, reorganization, bankruptcy, or similar transaction, we may transfer or assign Personal Information as part of that transaction. We will provide notice as required by law.

6.4 Legal compliance and protection. We may disclose Personal Information when we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation, court order, subpoena, or other lawful request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of Streampace, our customers, or others; or (d) prevent or investigate suspected fraud, security issues, or unlawful activity.

6.5 With your direction. We may share information with third parties at your direction or with your consent, including via webhooks or integrations you configure.

6.6 Aggregated and de-identified data. We may share aggregated, anonymized, or de-identified data — which is no longer Personal Information — for any lawful purpose, including benchmarking, research, marketing, and product development.

Streampace is based in the United States, and our Service Providers are located in the United States and other jurisdictions. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and elsewhere, where data-protection laws may differ from the laws of your country.

Where required by applicable law, we rely on appropriate safeguards for international transfers — including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement / Addendum, and equivalent mechanisms — and we take reasonable steps to ensure that transferred data continues to receive an equivalent level of protection.

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, including the periods required for our legitimate business interests, legal obligations, dispute resolution, and enforcement of our agreements. Specifically:

• Account and billing records — for the duration of your Subscription and for up to seven (7) years after termination, to satisfy tax, accounting, and audit obligations.
• TikTok Data and Output Data — for as long as necessary to provide the Service, and for so long as we lawfully retain Customer Data under the Terms of Service.
• Customer support records — for up to three (3) years after the last interaction.
• Security and audit logs — typically up to two (2) years, longer if required by law or an active investigation.
• Aggregated and de-identified data — indefinitely, as it is no longer Personal Information.

When we no longer need to retain Personal Information, we will delete or de-identify it in a commercially reasonable manner. Deletion from backups occurs on the normal backup-rotation schedule, which may take up to thirty (30) additional days.

We implement administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, use, alteration, and destruction. Practices include encryption in transit (TLS 1.2+), encryption at rest for primary data stores, access controls and least-privilege provisioning, audit logging, and regular review of security configurations.

No system can be 100% secure. We do not warrant or guarantee that Personal Information will not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, technical, or physical safeguards. If we determine that a security incident affecting your Personal Information has occurred, we will notify you and applicable regulators as required by law.

We and our Service Providers use cookies, local storage, pixels, and similar technologies to operate the Service, remember your preferences, authenticate your session, measure performance, and analyze product usage.

• Strictly necessary — required for authentication, session management, CSRF protection, and other core Service functions. These cannot be disabled without breaking the Service.
• Performance and analytics — measure how the Service is used so we can improve it. Provided by Vercel Web Analytics and PostHog.
• Functional — remember preferences (e.g., theme, language).

We do not currently use cookies for cross-site advertising, and we do not respond to browser “Do Not Track” signals because there is no industry consensus on how to do so consistently.

You may control cookies through your browser settings. Blocking strictly necessary cookies will prevent the Service from functioning. We will provide a cookie preference manager when one is required by applicable law.

Depending on your jurisdiction, you may have rights with respect to your Personal Information, including the rights to access, correct, delete, restrict, port, and object to certain processing, and to withdraw consent.

To exercise any of these rights, contact us at [email protected]. We may ask for information to verify your identity before responding. We will respond within the timeframe required by applicable law. Where permitted by law, we may deny a request that is unsupported, repetitive, manifestly unfounded, excessive, or prohibited by another legal obligation.

We will not discriminate against you for exercising any of these rights. You also have the right to lodge a complaint with a supervisory authority — for example, your local data-protection authority in the EU/UK or the California Privacy Protection Agency. We encourage you to contact us first so we can attempt to resolve your concern.

If you are a California resident, the CCPA provides additional rights and requires us to disclose the following:

12.1 Categories of Personal Information collected. In the preceding 12 months, we have collected the following categories of Personal Information described in CCPA §1798.140:

• Identifiers (e.g., name, email, IP address, device identifiers, account ID).
• Customer Records information (e.g., billing address, telephone if provided).
• Commercial information (e.g., subscription tier, transaction history).
• Internet or other electronic network activity (e.g., page-view data, click behavior, browser/device technical information).
• Geolocation data (general, IP-derived only — no precise geolocation).
• Professional or employment-related information (where you provide it, e.g., agency name, role).
• Inferences drawn from the above (e.g., usage segments, retention bucket).

12.2 Sources, purposes, and recipients. The categories above are collected directly from you, automatically as you use the Service, and from our Service Providers. They are used for the purposes in Section 4 and shared with the categories of recipients in Section 6.

12.3 Sale and Share. We do not sell Personal Information for monetary consideration, and we do not Share Personal Information for cross-context behavioral advertising as those terms are defined under the CCPA. We have not done so in the preceding 12 months.

12.4 Sensitive Personal Information. We do not collect Sensitive Personal Information as defined by the CCPA, except to the extent that account-credential information is treated as such. We do not use that category of information beyond the disclosed purposes and do not infer characteristics about you from it.

12.5 California rights. California residents have the right to: know what Personal Information we collect, use, disclose, and sell or share; request deletion; request correction of inaccurate Personal Information; opt out of any future sale or sharing; limit the use of Sensitive Personal Information; and not be discriminated against for exercising these rights. To exercise any of these rights, contact [email protected].

12.6 Authorized agents. You may designate an authorized agent to make a request on your behalf. We will require written authorization signed by you and verification of the agent’s identity.

12.7 Shine the Light. California Civil Code § 1798.83 permits California residents to request information regarding our disclosure of Personal Information to third parties for those parties’ direct marketing purposes. We do not disclose Personal Information to third parties for their direct marketing purposes.

The Service ingests publicly-broadcast data from TikTok Live streams. To the extent that TikTok Data identifies a natural person (a TikTok creator or gifter), we process that data based on our legitimate interest in operating an analytics product, and on the public availability of the data on the TikTok platform. We are not affiliated with TikTok or ByteDance Ltd., and TikTok Data is not provided to us by TikTok.

13.1 Public broadcast scope. The Service uses the same WebSocket interfaces TikTok exposes to its public clients. We do not access private accounts, scrape gated pages, or bypass any platform authentication. The data we ingest is the data TikTok broadcasts to anyone watching the live stream.

13.2 Takedown procedure for creators. If you are a TikTok creator and want Streampace to cease processing data associated with your handle, send a request to [email protected] with the subject line “Creator Takedown” and include: your TikTok handle, a statement that you are the creator (or a duly-authorized agent), and the basis for your request. We will evaluate each request in good faith. We make no guarantee of compliance, except as required by applicable law. The Service does not currently offer self-service opt-out.

13.3 Gifters and viewers. If you appear in TikTok Data as a gifter, viewer, or otherwise, you may exercise rights described in Sections 11–12 by contacting [email protected]. We may need additional information to verify your identity and your association with the relevant TikTok handle.

The Service is not directed to children under 18, and we do not knowingly collect Personal Information from anyone under 18. If you believe a child has provided us with Personal Information, contact [email protected] and we will take steps to delete it.

We do not knowingly collect Personal Information from children under 13 within the meaning of the Children’s Online Privacy Protection Act (COPPA). If we learn we have done so, we will delete the information promptly.

The Service may contain links to third-party websites and services, including TikTok, Stripe, and others. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third party you interact with.

We may update this Policy from time to time. We will post the updated version at this URL and update the “Last Updated” date. Material changes will be communicated by email to the address on file or by in-app notice. Non-material changes (including clarifications, formatting, and consistency edits) take effect immediately upon posting. Your continued use of the Service after a change becomes effective constitutes acceptance of the updated Policy.

For questions or requests regarding this Policy or your privacy rights, contact us at [email protected]. For general support questions, use [email protected].

Streampace LLC — Pennsylvania, U.S.A.