Your privacy matters. This policy describes how we collect, use and protect your data when you use TriBathon.
We comply with applicable data protection regulations, including GDPR for EU users.
2. Data we collect
2.1 Account data
Email address
Username and encrypted password
Account creation date
2.2 Streaming platforms (OAuth)
Twitch: user ID, username, channel info, subscriptions/bits/follows events
Kick: user ID, username, channel info, subscriptions/follows events
OAuth access tokens (stored encrypted)
Authorization and last update timestamps
2.3 Events and stats
Event type (subscription, bits, follows)
Date and time of the event
Subscription tier (1, 2, 3, Prime)
Bits amount
Donor username (public per platform)
2.4 Technical data
IP address
Browser and device type
Operating system
Visited pages and session duration
Error logs for diagnostics
3. How we use your data
Service operation: manage accounts, process platform events and keep the timer running
OAuth authentication: connect securely to Twitch/Kick
Stats and dashboard: show performance metrics
Service improvement: fix errors and enhance features
Communications: account and support notifications
Security: detect abuse and fraud
3.1 Legal basis (GDPR)
Contract performance: provide the service and manage your account
Consent: non-essential cookies (GA4, Hotjar, AdSense) and marketing when applicable
Legitimate interest: security, fraud prevention and technical improvements
Legal obligation: compliance when required
Transactional emails are sent via Resend. Marketing emails may be sent via Sender and open/click tracking is only used when you consent.
4. Storage and security
4.1 Data protection
SSL/TLS encryption for all communications
Passwords stored with secure hashing (bcrypt)
OAuth tokens encrypted in the database
Restricted access to personal data
Encrypted backups
4.2 Data location
Data is stored in secure servers where TriBathon operates. We comply with international transfer rules when applicable.
4.3 Data retention
We keep data while your account is active or as needed to provide the service. Some security data is retained for reasonable audit periods. You can request deletion at any time.
5. Sharing with third parties
5.1 Streaming platforms
OAuth authentication with your permission
Real-time event ingestion
Connection status validation
5.2 Service providers
Hosting and cloud storage providers
Analytics/experience services (GA4, Hotjar) with consent
Advertising (AdSense) with consent
Transactional email (Resend) and marketing (Sender)
Security and fraud prevention services
These providers are contractually required to protect your data and may not use it for other purposes.
5.3 Legal obligations
We may disclose data when required by law or to protect our legal rights and user safety.
5.4 We do not sell your data
TriBathon does not sell, rent or share personal data for third-party marketing.
6. Cookies and tracking
Authentication cookies: keep you signed in
Functionality cookies: remember preferences
Analytics cookies: understand usage (anonymized)
Non-essential cookies only run with your consent. You can change this anytime.