StreamOrbit

Legal

Privacy Policy

Last updated: May 24, 2026

1. Who we are

StreamOrbit (“StreamOrbit”, “we”, “us”) operates the website streamorbit.io and the cloud-based 24/7 live streaming service available from it. This Privacy Policy explains what personal data we collect when you use our service, how we use it, who we share it with, and the rights you have over it.

If you have questions about this policy or how we handle your data, contact us at hi@streamorbit.io.

2. Data we collect

2.1 Account data

When you create an account we collect your name, email address and a hashed password. If you sign in with Google we receive your name, email address and Google account ID from Google.

2.2 Billing data

Payments are processed by our payment provider (Polar). We do not store your full card details on our servers. We keep records of top-up amounts, transaction IDs, wallet balance and per-stream usage for invoicing, fraud prevention and accounting purposes.

2.3 Content you upload

Videos, thumbnails, playlist names and stream titles you upload are stored on Cloudflare R2 and are accessed by our streaming engine in order to broadcast them to the destinations you configure.

2.4 Streaming credentials

Stream keys you enter (for example YouTube RTMP keys) are stored encrypted at rest and are only decrypted in memory by the streaming engine at the moment a broadcast starts.

2.5 Technical & usage data

  • IP address, user agent and approximate location for active sessions
  • Authentication events (sign-in, sign-out, password reset, email verification)
  • Stream lifecycle events (start, stop, errors, second-by-second usage)
  • Basic web analytics (pages visited, referrer, device type)

2.6 Communications

If you contact us via the contact form or by email, we keep the message and your reply address so we can respond and follow up.

3. How we use your data

  • Provide and operate the streaming service you signed up for
  • Authenticate you and keep your account secure
  • Charge your wallet for streaming usage and process top-ups
  • Send transactional emails (verification, password reset, billing receipts, important service notices)
  • Prevent abuse, fraud and violations of our terms
  • Comply with legal obligations (e.g. tax records)
  • Improve reliability, performance and product quality

We do not sell your personal data. We do not use your uploaded content to train machine-learning models.

4. Legal basis (GDPR)

Where the GDPR applies, we rely on the following legal bases:

  • Contract — to deliver the service you registered for.
  • Legitimate interests — to keep the service secure, prevent fraud and improve the product.
  • Legal obligation — to keep accounting records and respond to lawful requests.
  • Consent — where we ask for it explicitly (e.g. optional marketing email). You can withdraw consent at any time.

5. Third-party processors

We rely on the following sub-processors to run the service. They only process data on our instructions and under their own agreements:

  • Cloudflare R2 — object storage for uploaded videos and thumbnails.
  • MongoDB Atlas — application database (accounts, playlists, streams, transactions).
  • Google — optional sign-in (OAuth) and YouTube Live RTMP delivery.
  • Polar — payment processing for wallet top-ups.
  • Email delivery provider — transactional emails (verification, password reset, receipts).
  • Hosting providers — application and streaming-engine compute.

6. International transfers

Our providers may process data outside your country, including in the European Union and the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.

7. Data retention

  • Account data — kept while your account is active.
  • Uploaded videos — kept until you delete them or close your account.
  • Stream & usage logs — kept for up to 12 months for support and abuse investigations.
  • Billing records — kept for the period required by applicable tax law (typically 5–10 years).
  • Support messages — kept for up to 24 months.

When you delete your account, we delete or anonymise data that we are not legally required to keep.

8. Security

We protect your data with encryption in transit (HTTPS) and at rest, hashed passwords, encrypted stream keys, scoped access tokens, isolated production environments and audit logging. No online service is 100% secure — if you discover a vulnerability please report it to hi@streamorbit.io.

9. Cookies

We use strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. We do not use third-party advertising cookies.

10. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data-protection authority

To exercise any of these rights, email hi@streamorbit.io from the address associated with your account. We respond within 30 days.

11. Children

StreamOrbit is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or via a notice in the dashboard. The “Last updated” date above always reflects the latest version.

13. Contact

Questions or requests regarding this policy or your personal data:

Email: hi@streamorbit.io
Website: streamorbit.io/contact