Privacy Policy

1. Information We Collect

From Streamers, we collect and process:

• Account information: email, password hash (or OAuth identifier for Google Sign-In), display name.
• Billing and payout information handled through Stripe (including Stripe Connect onboarding data).
• Integration tokens and metadata from Twitch (encrypted at rest) and any other connected platforms.
• Usage events, template settings, render metadata, and files you generate through the service.
• Overlay and page configuration (slug, title, pricing, alert length, and similar settings).

From Viewers (no AlertForge account), we collect and process:

• Email address you enter at checkout (required to deliver your alert access link).
• Display name you choose to appear on-stream when the alert fires.
• Prompt text you submit to describe the alert.
• Payment metadata from Stripe (last 4 digits, country, Stripe IDs — we do not store full card numbers).
• Technical data: IP address, user-agent, timestamps, rate-limit identifiers. IPs may be hashed for abuse prevention.
• A long-lived, per-email access token that functions as a magic-link login to the viewer portal (/my-alerts). The token can be rotated on request.

2. How We Use Information

• Provide, secure, and improve the service.
• Authenticate streamers and viewers, and deliver access links.
• Process payments, platform fees, payouts, and refunds through Stripe.
• Generate, render, and broadcast alert media through our AI and storage providers.
• Send transactional emails: delivery confirmation, go-live notifications, and access-link resends.
• Detect and prevent fraud, abuse, chargebacks, and prohibited content.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell personal data. We do not use your data for advertising profiling, and we do not use your prompts or generated alerts to train third-party general-purpose AI models.

3. Legal Bases (EEA/UK)

Where applicable, we rely on the following legal bases: (i) performance of a contract (to provide the service you requested); (ii) legitimate interests (to secure the service and prevent abuse); (iii) consent (for optional features where consent is requested); and (iv) compliance with legal obligations.

4. Sharing — Viewer Alerts

When a viewer pays to generate an alert, certain information is necessarily shared with the streamer so they can operate their stream: the viewer's chosen on-stream display name, the prompt, the amount paid, and the rendered alert. The viewer's email address is not displayed to the streamer. Streamers see aggregate and per-tip records of their viewer alerts, and Stripe provides the streamer with payout-level statements.

5. Third-Party Processors

We rely on third-party processors to operate AlertForge. Each is bound by its own terms and privacy policy and processes only the data needed for its role:

• Supabase — authentication, database, storage.
• Stripe — payments, Stripe Connect payouts, fraud prevention.
• Twitch — OAuth, live-status via EventSub, platform data.
• AI video providers (e.g. Google Gemini, Fal.ai) — generation of alert media.
• Cloudflare R2 — storage of generated media.
• Resend — transactional email delivery.
• OpenAI — content moderation of submitted prompts.
• Hosting & CDN (e.g. Vercel) — serving the website and API.

6. Google Sign-In Data

If you sign in with Google, we only use Google account data for authentication and account management. We do not sell Google user data. We do not use Google user data for advertising profiling.

7. Cookies and Local Storage

We use cookies and local storage that are strictly necessary to run the service (session cookies, CSRF tokens) and, where applicable, analytics or pixel cookies to measure acquisition. You can control cookies through your browser settings; disabling strictly necessary cookies may break sign-in.

8. Data Retention

We retain account and billing records for as long as needed to operate the service and meet legal, tax, and fraud-prevention obligations. Viewer records (tips, prompts, rendered alerts, portal tokens) are retained while a given viewer may still fire an alert and for a reasonable period afterward for audit and refund handling. You may request deletion — see Your Rights.

9. Security

We use industry-standard technical and organizational safeguards, including TLS in transit, encryption at rest for sensitive tokens, scoped service credentials, and role-based access. No internet service is guaranteed 100% secure.

10. International Transfers

Our processors may transfer and process data in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms published by our processors.

11. Your Rights

Depending on your jurisdiction (including the EEA, UK, UK's UK GDPR, California's CCPA/CPRA, and other local laws), you may have rights to access, correct, delete, port, object to, or restrict our processing of your personal data. Viewers can request deletion or token rotation by emailing [email protected]. Streamers can manage most of their data from the dashboard.

We may need to retain certain records to comply with legal obligations (for example, tax, fraud prevention, or dispute resolution).

12. Transactional Email

Viewer-alert emails are transactional and directly relate to your purchase (delivery, go-live, resend-access-link). We do not send marketing emails to viewers. Streamers receive service emails related to their account and payouts; we may also email streamers about AlertForge features, and those emails include an opt-out.

13. Children

AlertForge is not intended for children under 13, and payments for Viewer Alerts are not intended for anyone under the age of majority in their jurisdiction. If you believe a child has provided us personal data, please contact us and we will delete it.

14. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top of this page indicates when the most recent changes took effect.

15. Contact

For privacy requests or questions: [email protected]