Privacy Policy

AdCast (adcast.stream) is a sponsorship delivery platform connecting streamers with brands. This policy explains what data we collect, how we use it, and the rights you have over it.

• Account info: email, display name, role (streamer or brand), password (stored hashed).
• Profile info: bio, category, platform links, follower counts (fetched from public APIs of YouTube, Twitch, Kick, SoundCloud, Spotify with your permission).
• Stream data: stream session timestamps, display time, viewer counts you provide, VOD URLs you submit, and where in your broadcast each ad ran.
• Payment info: handled by Stripe — we never store card numbers. Streamer payouts go through Stripe Connect; we hold a Stripe account ID only.
• Two-factor secrets: if you enable two-factor authentication, we hold a TOTP secret and bcrypt-hashed recovery codes.
• Server logs: standard request logs (IP, user agent, path, timestamp) retained ~30 days for security and debugging.
• Site analytics: we use Umami self-hosted analytics on adcast.stream. It does not use cookies and does not share data with third parties.
• Conversion tracking: when an advertiser embeds our pixel on their site, the pixel sets a random visitor ID in their visitors' localStorage to attribute conversions back to the campaign and streamer that drove them. The pixel does not collect names, addresses, or any data the advertiser does not choose to send.

• To operate the platform — matching streamers with brands, running campaigns, fulfilling bookings.
• To generate post-stream reports for brands.
• To process payments via Stripe and to issue payouts to streamers.
• To send transactional and account email (booking confirmations, creative reviews, dispute updates, notifications).
• To prevent abuse, detect fraud, and enforce these terms.
• We do not sell your data to third parties.
• We do not serve behavioural advertising and do not feed your data into ad networks.

• With brands: your public profile (display name, category, bio, follower counts), and stream reports for bookings you complete with that brand.
• With streamers: brand name, company info, and the sponsorships you have agreed to deliver.
• With Stripe: payment processing and payout information only.
• With our email provider (Amazon SES) for delivery of account email.
• With our hosting and storage providers (Neon Postgres, Cloudflare R2) — they process data on our behalf under data-processing agreements.
• With law enforcement when legally required.

• Active accounts: data is retained while your account is active.
• Closed accounts: when you delete your account, identifying fields (email, display name, username, company, bio, profile media) are scrubbed immediately.
• Financial records: we retain bookings, payouts, refunds, impressions, conversions, and other accounting data — without your personal identifiers — for up to 7 years to meet accounting and tax obligations.
• Audit logs: retained for 1 year.
• Server logs: retained ~30 days.

• Authentication: a single token in localStorage on adcast.stream — strictly necessary for sign-in.
• Overlay event queue: localStorage on the OBS overlay page used to retry events if the connection drops — strictly necessary.
• Umami analytics: cookieless, no cross-site tracking.
• Advertiser conversion pixel: when you visit a brand's site that uses our pixel, a random visitor ID is set in localStorage on that brand's domain to enable conversion attribution. You can clear it from your browser at any time.
• No third-party advertising cookies. No remarketing tags.

• You can opt out of non-essential email at any time using the unsubscribe link in the footer of every message. Account-critical mail (password resets, security alerts) will still be sent.
• List-Unsubscribe headers are set on every message so your mail client can offer one-click unsubscribe.

• Passwords are stored hashed with bcrypt — we never see your plaintext password.
• Two-factor authentication is available for all accounts. We strongly recommend enabling it on advertiser and admin accounts that handle Stripe payments.
• All traffic is served over HTTPS.
• Admin actions are recorded in an internal audit log.

• Access — view all data we hold about you via Settings → Download my data (JSON export).
• Rectification — edit your profile fields directly in your dashboard.
• Erasure — close your account from Settings; we anonymise your records as described in §5.
• Portability — the JSON export is the same data we hold internally.
• Restriction & objection — opt out of email, disable analytics in your browser.
• For anything else, contact [email protected].

Our servers and processors operate in multiple regions. By using AdCast, you accept that your data may be transferred to and processed in countries other than your own, including the United States and the European Union. We rely on standard contractual clauses with our subprocessors where required.

AdCast is not intended for and is not knowingly offered to anyone under the age of 16. If you believe a minor has provided us data, contact [email protected] and we will delete the account.

We may update this policy. The “last updated” date at the top will reflect any change. Material changes that affect your rights will be sent by email.

AdCast — [email protected]