Legal · Pre-Closed Beta

Privacy Policy

Effective date: 1 June 2026 · Last updated: 1 June 2026

Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Third-Party Services
  5. Data Storage & Security
  6. Data Retention
  7. Your Rights (GDPR)
  8. Cookies
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact & DPA
01

Who We Are

Strömbot is operated by ForcePalm, based in Denmark. We provide a Twitch bot and content management platform for streamers. This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it in accordance with the EU General Data Protection Regulation (GDPR) and Danish data protection law.

We are the data controller for personal data you provide when creating an account and using the Service.

02

Data We Collect

We collect only the data necessary to operate the Service.

Category Data collected Source
Account Username, email address, hashed password, display name, profile image URL You, on registration
Twitch credentials Bot username, encrypted OAuth token, Twitch channel name, Client ID/Secret You, in dashboard settings
Discord credentials Encrypted bot token, server/guild IDs, configured channel IDs You, in dashboard settings
YouTube OAuth Access token, refresh token, linked channel ID and name Google OAuth2 flow (only if you connect YouTube)
TikTok OAuth Access token, refresh token, open_id, display name, avatar URL TikTok OAuth2 flow (only if you connect TikTok)
Stream analytics Follower counts, viewer counts, subscriber counts, chat statistics, game/title history Twitch API, collected periodically while bot is active
Content scheduler Post titles, captions, scheduled times, video file paths You, in the content scheduler
Bot configuration Commands, timers, variables, moderation rules, channel point actions, notes You, in dashboard settings
License / plan Subscription plan slug, license key (hashed), expiry date You, when activating a license key
Session data Session cookie (signed, HTTP-only), IP address (in server logs for up to 14 days) Automatically on login

We do not collect payment card data, sell data to third parties, or run advertising on the Service.

03

How We Use Your Data

We use your data exclusively to operate and improve the Service:

Our legal basis for processing is contract performance (Art. 6(1)(b) GDPR) — we need to process your data to provide the Service you signed up for. For analytics and security logs we rely on our legitimate interests (Art. 6(1)(f) GDPR).

04

Third-Party Services

Operating the Service requires us to interact with the following third-party platforms on your behalf. We do not share your personal data with these platforms beyond what is strictly necessary to execute the action you have requested.

Platform Purpose Their privacy policy
Twitch Chat bot connection, event subscriptions, analytics data twitch.tv
Discord Bot messaging, server stats, announcement channels discord.com
Google / YouTube OAuth authentication, video uploads (only if connected) google.com
TikTok OAuth authentication, video uploads (only if connected) tiktok.com
Google Fonts Dashboard typography (IP address exposed to Google on page load) google.com
OAuth tokens for YouTube and TikTok are stored encrypted in our database and are used solely to perform actions you explicitly schedule. You can revoke access at any time from the respective integration settings in the dashboard.
05

Data Storage & Security

All data is stored on servers located in the European Union. We implement appropriate technical and organisational measures to protect your data, including:

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

06

Data Retention

We retain your data for as long as your account is active. Specific retention periods:

After account deletion, all personal data is permanently removed within 30 days, except where retention is required by law.

07

Your Rights (GDPR)

If you are located in the EEA or the UK, you have the following rights regarding your personal data:

To exercise any of these rights, email privacy@forcepalm.dk. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Agency (datatilsynet.dk).
08

Cookies

We use a single, strictly necessary session cookie (connect.sid) to keep you logged in. This cookie is:

We do not use advertising cookies, tracking pixels, or analytics cookies. We do not use third-party cookie consent solutions because we have no non-essential cookies to consent to.

09

Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately at privacy@forcepalm.dk and we will delete it promptly.

10

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will notify you via email or a notice in the dashboard at least 14 days in advance.

Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

11

Contact & Data Protection

For privacy-related questions, data subject requests, or to reach our data protection contact:

For complaints unresolved by us, you may contact the Danish Data Protection Agency: