Legal
Privacy Policy
Plain English, no dark patterns. Here's exactly what we hold and why.
Last updated 9 July 2026
The short version
We collect the least we can get away with: enough to give you an account, keep you signed in across our apps, take a payment if you ever choose to make one, and email you if you asked us to. There are no analytics, no advertising and no third-party trackers anywhere on this site. We have never sold your data and we're not going to.
Who we are
StrmrX is a two-person studio building apps for streamers. If you want anything on this page actioned — a copy of your data, a correction, or a deletion — email support@strmrx.com and a person will read it.
What we collect
Your account
Your email address, a display name if you set one, and — if you signed up with a password — a hashed version of it. We never store your password itself and we cannot read it.
When you sign in with Twitch
Twitch tells us your platform user id, your handle, your display name, your avatar, the email address associated with your Twitch account, and which permissions you granted. Where an app needs to keep talking to Twitch for you — reading your chat, for example — we also store the access and refresh tokens that let it do so. You can disconnect Twitch from your dashboard at any time.
Staying signed in
When you sign in we create a session and record the IP address and browser user-agent of that sign-in, so we can show you your active sessions and spot abuse. Sessions expire after 30 days.
Payments
If and when you buy a paid tier, Stripe handles the card details. They never touch our servers and we could not see them if we wanted to. We keep the customer reference Stripe gives us and whether your subscription is active, so we know what to unlock.
Newsletter and the beta list
If you subscribe to the newsletter we keep your email address and which page you subscribed from. If you claim a beta pass we keep your email address and the alias you chose, if any. These are two separate lists, on purpose: claiming a beta pass gets you exactly one email — the one telling you your wave is open.
Admin actions
Changes made in our own admin panel are written to an audit log, so we can see who changed what. This records us, not you.
Cookies and local storage
We set one cookie. It is called sx_sess, it holds a random session token and
nothing else, and it is marked HttpOnly and Secure so scripts cannot read it and it
only travels over HTTPS. It is scoped to .strmrx.com so that a single sign-in works across every
StrmrX app. It lasts 30 days. Sign out and we delete it.
Your browser also keeps two small values locally, which are never sent to us:
sx_beta_pass— your beta pass, so we can show it back to you instead of asking twice.sx_beta_bar— whether you dismissed the beta announcement bar.
There is no analytics cookie, no advertising pixel, and no third-party script that could set one.
Who else sees your data
- Twitch — only if you choose to sign in or connect with it.
- Stripe — only if you make a payment. They are the payment processor.
- SiteGround — our hosting and email provider, who necessarily store the database and any mail we send you.
- Ko-fi — only if you follow our donate link. That happens on their site, under their policy, and we learn nothing beyond what Ko-fi chooses to show us.
That's the complete list. We do not sell, rent or trade your personal data, and there is no advertising business here to sell it to.
How long we keep it
- Sessions — 30 days, then they expire on their own.
- Account data — until you ask us to delete the account.
- Newsletter — until you unsubscribe or ask to be removed.
- Beta list — until your wave opens, or until you ask to be removed.
Your choices
Wherever you live, you can ask us for a copy of what we hold about you, ask us to correct it, or ask us to delete it. Email support@strmrx.com. We'll do it, and we won't make you jump through hoops. Deleting your account removes your account record and its sessions; where we're required to keep a payment record for accounting, we'll say so.
You can disconnect Twitch yourself from your dashboard, and unsubscribe from any email we send.
Security
Passwords are hashed, not stored. Credentials we hold for our own integrations are encrypted at rest. The site and the API are HTTPS-only, and session cookies are HttpOnly. No system is perfect; if we ever discover a breach affecting your data, we'll tell you rather than hope you don't notice.
Children
StrmrX is not for children under 13, matching Twitch's own minimum age. If you believe a child has given us personal data, email us and we'll remove it.
Changes to this policy
If we change what we collect or who we share it with, we'll update this page and the date at the top. If the change is significant and you have an account, we'll email you.