Stream24 | Go Live Everywhere at once
Privacy Policy | Stream24
Privacy Policy

Privacy Policy

Effective: 2 April 2026 Last updated: 2 April 2026 Applies to: stream24.io & app.stream24.io
Plain English summary: We collect only what we need to run your account and deliver the service. We do not sell your data. We do not run ads. Your stream keys are encrypted with AES-256 and never shared. Local files you upload are automatically deleted when your stream ends. We use Paystack for payments and never see your card details.
Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Data Storage and Security
  4. Third-Party Services
  5. Cookies and Sessions
  6. Your Rights
  7. Data Retention
  8. Children's Privacy
  9. Changes to This Policy
  10. Contact Us

1. Information We Collect

Account Information

When you create a Stream24 account, we collect your username, email address, and password. Passwords are stored as bcrypt hashes. We never store plain-text passwords.

Streaming Configuration

To deliver the service, we store your destination platform stream keys (YouTube, Facebook, Twitch, etc.), destination toggle states and preferences, and the RTMP stream key assigned to your account. All platform stream keys are encrypted at rest using AES-256-GCM.

Uploaded Files (Pro Plan)

If you use Local File Streaming, uploaded files are stored temporarily in /uploads/local-files/ for the duration of your stream session only. Files are automatically and permanently deleted when the stream ends. We do not process, analyse, or retain uploaded file content beyond what is necessary to relay the stream.

Cloud Pull Thumbnails (Pro Plan)

Thumbnail images uploaded for Cloud Pull streaming are stored in /uploads/cloud-pull-media/ and persist until you remove them from your dashboard or delete your account.

Usage and Technical Data

We collect limited technical data including IP address (used for rate limiting and abuse prevention only), session identifiers, stream activity logs (start/stop times, active platforms, duration), and anonymised in-app event data (screen views, feature interactions) used to improve the product.

Payment Information

Payments are processed by Paystack. We do not store card details or banking information. We store only your subscription status, plan type, billing interval, and transaction reference for account management purposes.

2. How We Use Your Information

We use your information solely to: create and manage your account, deliver the multistreaming service, send transactional emails (verification, password resets, subscription confirmations, expiry warnings, and renewal reminders), enforce subscription plan limits, prevent abuse and unauthorised access, and improve service reliability and performance.

We do not use your data for advertising, behavioural profiling, or selling to third parties. Stream24 products are ad-free.

3. Data Storage and Security

Your data is stored on a secured VPS (Hostinger KVM2, Ubuntu 22.04, located in the EU). Security protections include:

  • Passwords hashed with bcrypt (salted, industry standard)
  • Platform stream keys encrypted with AES-256-GCM at rest
  • Live streams transmitted over RTMPS (TLS-secured RTMP)
  • All web connections over HTTPS/TLS with valid certificates
  • Session tokens stored server-side with HTTP-only, Secure cookies
  • JWT refresh tokens with token family revocation (prevents token reuse after logout)
  • Rate limiting on all API and authentication endpoints
  • CORS whitelist restricting API access to authorised origins only
  • Paystack webhook verification via HMAC-SHA512
  • Automated PostgreSQL database backups scheduled daily
  • No secrets stored in source code — all credentials via environment variables

While we take security seriously, no system is 100% secure. We recommend using a strong, unique password for your Stream24 account.

4. Third-Party Services

ServicePurposeData Shared
YouTube, Facebook, Twitch, TikTok, X, Instagram, LinkedInDestination streaming platformsStream keys sent to their RTMP endpoints
PaystackPayment processingEmail, payment amount, plan reference
HostingerVPS hosting infrastructureServer infrastructure only
Google FontsFont delivery (web app UI)IP address via Google's font CDN
ipapi.coCurrency geo-detection (marketing site only)IP address, anonymous one-time lookup

5. Cookies and Sessions

Stream24 uses a single session cookie to maintain your login state. This cookie is HTTP-only (not accessible by JavaScript), expires after 7 days of inactivity, is deleted on sign-out, and does not track you across other websites. We do not use advertising cookies, tracking pixels, or third-party analytics services.

6. Your Rights

You have the right to access a copy of your data, correct inaccurate information, request deletion of your account and all associated data, request your data in a portable format, and object to how we process your data. To exercise any right, email privacy@stream24.io. We will respond within 30 days.

7. Data Retention

We retain account data for as long as your account is active. On account deletion: your username, email, and password hash are permanently deleted; stream keys and platform configurations are deleted; local file uploads are deleted; cloud pull thumbnails are deleted; payment transaction references may be retained for up to 7 years for legal and accounting compliance.

8. Children's Privacy

Stream24 is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with information, contact us immediately and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the effective date and notify active subscribers by email if changes are significant. Continued use of Stream24 constitutes acceptance of the updated policy.

10. Contact Us

Privacy questions?

We respond within 2 business days.

privacy@stream24.io