DualStream
Sign Up

Privacy Policy

Effective Date: April 2, 2026 · Last Updated: April 2, 2026

This Privacy Policy describes how Dual Stream Studio Inc (“DualStream”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data when you use the DualStream website at dualstream.gg, the DualStream desktop application, the DualStream chat relay service, and all related services (collectively, the “Service”).

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

A. Information You Provide Directly

  • Account details (email address, password — hashed only)
  • Profile information (name, display name, preferred language)
  • Beta registration details
  • Payment information (processed via Stripe; we do not store your full card number)
  • Support inquiries, emails, chat messages
  • User-generated content, including streaming layouts, scenes, metadata

B. Information We Collect Automatically

  • IP address, device identifiers, hardware specs
  • GPU details, encoder information, drivers
  • Operating system, version, locale, time zone
  • Stream session metadata (frame rate, resolution, encoder type, dropped frames, CPU/GPU usage, bitrate)
  • Stream analytics data (stream duration, peak viewers, average viewers, total viewers, stream title, stream category)
  • Crash logs and performance metrics
  • Cookies, local storage, analytic identifiers
  • Session activity and event logs

C. Information from Third-Party Platform Integrations

When you connect platforms via OAuth, we collect platform-specific data as described in Section 4 below.

D. Information from the Chat Relay Service

  • Chat messages received from connected platforms (relayed in real-time exclusively to DualStream application sessions where you are logged in with your account — no other DualStream users or third parties receive your chat data; messages are not persistently stored by DualStream)
  • Chat message metadata including sender usernames, display names, profile pictures, badges, emotes, and chat colors
  • Moderation events (bans, timeouts, message deletions)
  • Platform event notifications (follows, subscriptions, raids, gifted subscriptions, channel point redemptions)

E. Information from Cookies & Tracking Tools

See our Cookie Policy for full details.

2. How We Use Your Information

A. To Provide and Operate the Service

  • Account setup, authentication, security
  • Enabling streaming to one or multiple destinations simultaneously (Twitch, YouTube, Kick, Custom RTMP, and others)
  • Managing linked third-party platform accounts and OAuth tokens
  • Relaying chat messages from your connected platforms exclusively to your own authenticated DualStream application sessions in real-time
  • Rendering dual-format output scenes (16:9 and 9:16)
  • Tracking stream session analytics (duration, viewer counts, performance metrics)

B. To Improve and Optimize the Service

  • Performance analysis
  • Crash and bug diagnostics (via Sentry)
  • Feature usage analytics (via Google Analytics)
  • Beta testing and user experience research

C. To Communicate With You

  • Administrative emails (via Resend)
  • Feature updates and security alerts
  • Marketing communications (with your opt-in consent when required)

D. For Security, Fraud Prevention & Compliance

  • Detecting unauthorized access
  • Monitoring for abuse or misuse
  • Enforcing Terms of Service
  • Compliance with legal obligations

3. Legal Bases for Processing (GDPR/UK GDPR)

  • Contract: To provide and maintain the Service.
  • Consent: For marketing, cookies, and optional features.
  • Legitimate Interest: Improving performance, preventing fraud, analytics.
  • Legal Obligation: Responding to law enforcement or regulatory requirements.

4. Platform-Specific Data Collection and Use

When you connect third-party streaming platforms to DualStream via OAuth, we access, collect, and process platform-specific data as described below. In all cases, OAuth tokens are encrypted at rest using AES-256-GCM and stored in our database. Tokens are decrypted only when needed to make API calls on your behalf.

A. YouTube / Google User Data

DualStream's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

OAuth Scopes Requested:

  • youtube.readonly — Read access to your YouTube channel data, videos, playlists, and live broadcasts
  • youtube.force-ssl — Manage your YouTube account, including live chat messaging and broadcast management
  • userinfo.profile — Access your basic Google profile information (name, profile picture)
  • openid — Verify your identity

Data We Collect from YouTube:

  • YouTube channel information (channel ID, channel title, custom URL, description, profile picture, subscriber count, video count, view count, country)
  • Live broadcast data (broadcast ID, title, description, scheduled start time, lifecycle status, privacy status, stream health)
  • Live stream ingestion information (stream key, RTMP ingestion URL — encrypted at rest)
  • Live chat messages (relayed exclusively to DualStream application sessions where you are logged in — not sent to any other users or third parties; not persistently stored)
  • Super Chat and Super Sticker transaction details (amount, currency, tier — relayed exclusively to your own authenticated DualStream sessions in real-time; not persistently stored)
  • Live chat author information (channel ID, display name, profile image, moderator/sponsor/owner status)
  • Video metadata (titles, descriptions, view counts, durations, publish dates)
  • Playlist and subscription data
  • Comment threads on your videos
  • Stream session data derived from YouTube (stream title, category, duration, peak viewers, average viewers, total viewers)

How We Use YouTube Data:

  • To enable you to go live on YouTube from the DualStream application
  • To relay YouTube live chat messages exclusively to DualStream application sessions where you are logged in with your account, in real-time
  • To display your YouTube channel information and stream health in the DualStream dashboard
  • To track stream session analytics for your review
  • To automatically refresh your OAuth tokens before they expire

Who We Share YouTube Data With:

  • DualStream relay service: Processes YouTube live chat messages and relays them exclusively to DualStream application sessions where you are logged in with your account, via encrypted WebSocket connections. Messages are never sent to other DualStream users or any third party.
  • Supabase (database hosting): Stores your encrypted OAuth tokens, YouTube channel metadata, and stream session analytics
  • Sentry (error reporting): May receive anonymized error context if an error occurs during YouTube API interactions — no YouTube user content is sent to Sentry
  • Your own authenticated DualStream sessions: Chat messages, platform events, and stream data are delivered only to DualStream application instances where you are actively logged in with your account. No other users can access your data through the relay.

We do NOT:

  • Sell, rent, or trade your YouTube/Google user data to any third party
  • Share your YouTube/Google user data with advertising platforms, data brokers, or information resellers
  • Use your YouTube/Google user data for retargeting, personalized advertising, or interest-based advertising
  • Use your YouTube/Google user data to determine creditworthiness or for lending purposes
  • Allow humans to read your YouTube messages or data unless (a) you provide affirmative consent, (b) it is necessary for security purposes such as investigating abuse, or (c) it is required to comply with applicable law
  • Transfer your YouTube/Google user data except: (a) to provide or improve user-facing features that are prominent in the DualStream application with your consent; (b) for security purposes; (c) to comply with applicable law; or (d) as part of a merger, acquisition, or sale of assets, only with your explicit prior consent

YouTube Data Retention and Deletion:

  • OAuth tokens: Retained in encrypted form while your YouTube account is connected. Deleted immediately when you disconnect YouTube or delete your DualStream account.
  • YouTube channel metadata: Retained while connected. Deleted within 30 days of disconnecting YouTube or deleting your account.
  • Stream session data: Retained for up to 12 months to provide streaming analytics. Anonymized or deleted after 12 months.
  • Live chat messages and Super Chat/Sticker data: Relayed in real-time only. Not persistently stored.
  • Live stream keys: Deleted immediately when you disconnect YouTube or delete your account.

To delete your YouTube/Google data: Disconnect YouTube in your DualStream account settings (which immediately deletes encrypted tokens and schedules deletion of associated metadata), email privacy@dualstream.gg, or revoke access at myaccount.google.com/permissions.

B. Twitch User Data

DualStream requests Twitch OAuth scopes necessary to enable streaming, chat, channel management, moderation, and analytics features. The specific scopes are displayed to you during the Twitch authorization process.

Data We Collect from Twitch:

  • Twitch account information (user ID, login, display name, profile picture, broadcaster type)
  • Channel information (title, category/game, language, tags, content classification labels)
  • Stream data (viewer count, stream start time, stream status) and stream key (encrypted at rest)
  • Chat messages (relayed in real-time via Twitch EventSub exclusively to your own authenticated DualStream sessions; not persistently stored)
  • Chat message metadata (badges, emotes, cheermotes/bits, channel point redemptions, reply context, message type)
  • Moderation data, follower/subscriber counts, channel point rewards, polls, predictions, goals, hype train events
  • Clips, VODs, video metadata, schedule, teams, and charity campaign data
  • Stream session analytics (duration, peak/average/total viewers)

Who We Share Twitch Data With:

  • DualStream relay service: Processes Twitch EventSub events and relays them exclusively to DualStream application sessions where you are logged in with your account. Messages are never sent to other DualStream users or any third party.
  • Supabase: Stores encrypted OAuth tokens, Twitch account metadata, and stream session analytics
  • Sentry: Anonymized error context only
  • Your own authenticated DualStream sessions: Chat messages, events, and stream data are delivered only to DualStream application instances where you are actively logged in with your account.

Twitch Data Retention:

  • OAuth tokens and stream keys: Deleted immediately upon disconnecting Twitch or deleting your account
  • Account metadata: Deleted within 30 days of disconnect or account deletion
  • Stream session data: Retained up to 12 months, then anonymized or deleted
  • Chat messages: Relayed in real-time only; not persistently stored

C. Kick User Data

DualStream requests Kick OAuth scopes for user profile access, channel management, chat messaging, moderation, and stream key access. The specific scopes are displayed during the Kick authorization process.

Data We Collect from Kick:

  • Kick account information (user ID, username, bio, profile picture, verification status, social links)
  • Channel information (channel ID, slug, subscriber/follower count, live status, stream title, category)
  • Stream key (encrypted at rest)
  • Chat messages (received via Kick webhooks; relayed exclusively to your own authenticated DualStream sessions in real-time; not persistently stored)
  • Chat message metadata (sender ID, username, badges, emotes, chat color, anonymous status, reply context)
  • Platform events (follows, subscriptions, gifted subs, kicks/tips, reward redemptions, bans)
  • Stream session analytics (duration, peak/average/total viewers)

Who We Share Kick Data With:

  • DualStream relay service: Receives Kick webhooks and relays transformed events exclusively to DualStream application sessions where you are logged in with your account. Messages are never sent to other DualStream users or any third party.
  • Supabase: Stores encrypted OAuth tokens, Kick account metadata, and stream session analytics
  • Sentry: Anonymized error context only
  • Your own authenticated DualStream sessions: Chat messages, events, and stream data are delivered only to DualStream application instances where you are actively logged in with your account.

Kick Data Retention:

  • OAuth tokens and stream keys: Deleted immediately upon disconnecting Kick or deleting your account
  • Account metadata: Deleted within 30 days of disconnect or account deletion
  • Stream session data: Retained up to 12 months, then anonymized or deleted
  • Chat messages: Relayed in real-time only; not persistently stored

D. Custom RTMP Destinations

DualStream allows you to stream to custom RTMP endpoints (e.g., self-hosted servers, other platforms not directly integrated).

  • RTMP server URL and stream key (encrypted at rest)
  • Stream session metadata (title, category, duration, quality settings)
  • Stream performance data (bitrate, dropped frames, total frames)

Custom RTMP URLs and stream keys are deleted immediately upon removal of the destination or account deletion. Stream session data is retained up to 12 months.

5. How We Share Information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

We may share limited information with:

A. Service Providers (Processors)

  • Hosting & infrastructure: Supabase, Cloudflare, Vercel
  • Analytics: Google Analytics (GA4)
  • Payment processor: Stripe
  • Error reporting: Sentry
  • Email services: Resend

All service providers are bound by confidentiality obligations and data processing agreements.

B. Streaming Platforms

When using OAuth connections, we transmit only the data necessary to operate the features you use to: YouTube (Google), Twitch, Kick, and any custom RTMP endpoint you configure. We do not send your data from one connected platform to another.

C. Chat Relay Recipients

Chat messages received from connected platforms are relayed exclusively to DualStream application sessions where you are logged in with your account. Each user's chat data is completely isolated — our relay service routes messages only to the specific account that owns the connected platform. We never relay your chat messages to other DualStream users, and no other user can access your chat stream through our service.

D. Business Transfers

If Dual Stream Studio Inc undergoes a merger, acquisition, or asset transfer, your data may transfer as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.

E. Legal Compliance

We may disclose personal information when required to comply with law, protect rights or safety, enforce our Terms of Service, or respond to lawful requests by public authorities.

6. International Data Transfers

Your data may be transferred to: United States, European Union, UK, Canada, Asia-Pacific, and other jurisdictions where our service providers operate.

We use appropriate safeguards, including EU Standard Contractual Clauses (SCCs), UK International Data Transfer Addendum, Data Processing Agreements, and encryption in transit and at rest.

7. Data Retention

We retain data only as long as necessary to provide the Service or comply with legal obligations.

  • Account data: Retained until you delete your account or after 24 months of inactivity
  • Crash logs and diagnostics: 12–24 months
  • Stream session analytics: Up to 12 months, then anonymized or deleted
  • Support communications: Up to 24 months
  • OAuth tokens (all platforms): Deleted immediately when you disconnect a platform or delete your account
  • Chat messages (all platforms): Relayed in real-time only; not persistently stored

For platform-specific retention details, see Section 4 above.

8. Your Rights

Under GDPR / UK GDPR

Access, rectify, delete, restrict processing, object to processing, portability, withdraw consent, file a complaint with supervisory authorities.

Under CCPA/CPRA

California residents may: know what personal data is collected, request deletion, opt-out of “sharing”, correct inaccuracies, and limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of minors under 16.

Under PIPEDA, Australia Privacy Act, Brazil LGPD

Correct inaccuracies, access copies, withdraw consent, request deletion where applicable.

To exercise your rights: Email privacy@dualstream.gg. You may also disconnect any connected platform at any time through your DualStream account settings, which triggers immediate deletion of that platform's OAuth tokens. We may require identity verification before processing your request.

9. Security Measures

  • Encryption in transit (TLS 1.2+) and at rest (AES-256-GCM for OAuth tokens and stream keys)
  • Strict access controls and role-based permissions
  • Multi-factor authentication internally
  • Webhook signature verification (RSA for Kick, EventSub for Twitch)
  • Origin validation for WebSocket connections in production
  • Authorization headers and tokens redacted in application logs
  • PKCE (Proof Key for Code Exchange) for YouTube and Kick OAuth flows
  • CSRF state parameter validation for all OAuth flows
  • Regular audits and vulnerability scanning

No system is perfectly secure. You understand and accept this risk.

10. Children's Privacy

DualStream is not intended for children under 13 (or the minimum digital age in your region). We do not knowingly collect personal information from minors. If discovered, we will delete it promptly.

11. Third-Party Links

Our Service may link to external sites, including streaming platform websites. We are not responsible for their privacy practices or content.

12. Changes to This Policy

We may update this Policy. Material changes will be communicated via email, in-app notice, or banner on dualstream.gg. Your continued use of the Service after the effective date of any modification constitutes acceptance. If you do not agree, you must stop using the Service.

13. Contact Us

For privacy questions, rights requests, or concerns:
Email: privacy@dualstream.gg
Company: Dual Stream Studio Inc
Website: dualstream.gg