Privacy Policy

Effective date: 19 April 2025

RaidRoot ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, who we share it with, and your rights under applicable privacy law including the UK GDPR and EU GDPR.

1. Data We Collect

Account Data

When you sign in via Twitch OAuth we receive your Twitch username, Twitch user ID, and the email address associated with your Twitch account. We also store OAuth access and refresh tokens to act on your behalf (reading chat, creating clips, sending raids).

Connected Platform Accounts

If you connect YouTube or TikTok, we store OAuth tokens for those platforms solely to upload clips on your behalf. We do not store any YouTube or TikTok account data beyond what is necessary for uploads.

Stream Analytics

During and after each stream we record follower count snapshots, subscriber counts, viewer engagement events (subscriptions, cheers, gift subs), and raid logs. This data powers the Analytics tab in your dashboard.

Chat Data

RaidRoot reads your Twitch chat to run the Seeds economy, detect excitement spikes for auto-clips, answer chat commands, and apply moderation rules. We store per-viewer seed balances, badge tiers, and moderation log entries (username, message, reason, action taken). Individual chat messages are not stored long-term — they are processed in memory and only the resulting record (seed balance change, moderation event) is persisted.

Clips and Video

Clips created by RaidRoot (from Twitch's clip API) are stored temporarily on our servers for processing (vertical crop, thumbnail generation) before being uploaded to YouTube or TikTok at your request. Clip metadata (title, thumbnail URL, YouTube/TikTok video ID) is stored in your account.

Billing Data

Payments are processed by Stripe. We store your Stripe Customer ID and Subscription ID to manage your plan. We do not see or store your card number, CVV, or full payment details — these are handled entirely by Stripe.

Email Address (Waitlist)

If you sign up on our early access waitlist at /early-access, we store your email address solely to notify you when RaidRoot launches and to send you a one-time discount code. You can request removal at any time by emailing us.

Usage Data

We may collect basic server logs including IP addresses and request timestamps for security and debugging purposes. We do not use third-party analytics trackers or advertising SDKs.

2. How We Use Your Data

PurposeLegal basis
Providing the RaidRoot service (clips, chat bot, overlays, raids)Contract
Processing payments and managing your subscriptionContract
Sending post-stream summary emails and service notificationsContract
Sending the waitlist launch email and discount codeConsent
Generating AI go-live recommendations from your VOD historyContract
Detecting violations and enforcing our Terms of ServiceLegitimate interest
Improving the service and fixing bugsLegitimate interest

3. Third-Party Data Processors

We share your data with the following sub-processors, strictly for the purposes listed:

Twitch

Authentication, chat, clips, follower data, raids

YouTube (Google)

Uploading Shorts on your behalf

TikTok

Uploading vertical clips on your behalf

Stripe

Payment processing and subscription management

Resend

Sending transactional and notification emails

Anthropic

AI-powered go-live time recommendations

Neon / Supabase (Postgres)

Secure database hosting for all account data

We do not sell your data to third parties. We do not share your data with advertisers.

4. Data Retention

  • Account data: Retained for the lifetime of your account. Deleted within 30 days of account deletion.
  • Clip files: Temporary processing files are deleted within 7 days of upload. Clip metadata (title, URLs) is retained until you delete the clip or your account.
  • Analytics data: Follower snapshots and stream events are retained for up to 24 months to power historical charts.
  • Chat data: Seed balances and badge records are retained for the lifetime of your account. Moderation logs are retained for 90 days.
  • Waitlist emails: Retained until we send the launch email or you request removal, whichever is sooner.
  • Server logs: Retained for up to 30 days for security purposes.

5. Your Rights

Under UK GDPR and EU GDPR you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Ask us to restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent (e.g. waitlist emails), you may withdraw at any time.

To exercise any of these rights, email legal@raidroot.gg. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

6. Cookies

RaidRoot uses a minimal set of cookies:

  • Session cookie: Required for authentication. Expires when you close your browser or after 30 days.
  • CSRF token: Required for security. Session-scoped.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

7. Data Security

We use industry-standard security measures including HTTPS/TLS for data in transit, encrypted database connections, and hashed/encrypted OAuth tokens at rest. Access to production data is restricted to authorised personnel only.

In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority as required by applicable law.

8. International Transfers

Our servers and sub-processors may be located outside the UK or EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or an adequacy decision).

9. Children's Privacy

RaidRoot is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before they take effect. The "Effective date" at the top of this page always reflects the latest version.

11. Contact Us

For any privacy-related questions or to exercise your rights, contact us at: legal@raidroot.gg