Stream Facility logo
The Stream
LobbyAuthorsSearchBeta ReadingPricingDev LogAboutHelpSign InJoin
← Legal

Privacy Policy

Effective Date: July 12, 2026

This Privacy Policy explains how The Stream Facility ("we," "us," "our") collects, uses, and protects your personal data. We are committed to compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

Data Controller: Stream Facility — [CONTACT EMAIL]

1. Data We Collect

Account data: Name, email address, and a hashed password when you register.
Profile data: Biography, social links, profile image, and other information you choose to provide.
Content data: Written works, codex entries, chapter notes, planning documents, AI conversation history, and other creative content you create.
Subscription data: Subscription tier, billing cycle, and payment status. Payment card details are processed directly by Stripe and are never stored on our servers.
Usage data: Features used, sync activity, log-in times, and interaction history.
Communication data: Support inquiries, beta reader messages, and in-platform communications.
Technical data: IP address, browser type, operating system, and device identifiers collected automatically when you access the Platform.

2. How We Use Your Data

Providing the Service — To operate, maintain, and improve the Platform and its features. GDPR legal basis: Contract performance (Art. 6(1)(b)).
Account management — To manage your subscription and communicate account-related information. GDPR legal basis: Contract performance.
Security and fraud prevention — To detect and prevent unauthorized access and abuse. GDPR legal basis: Legitimate interests (Art. 6(1)(f)).
Customer support — To respond to your inquiries and resolve issues. GDPR legal basis: Legitimate interests.
Legal compliance — To comply with applicable laws and regulations. GDPR legal basis: Legal obligation (Art. 6(1)(c)).
Transactional communications — To send receipts, security alerts, and service notices. GDPR legal basis: Contract performance.
Marketing — We will only send promotional communications with your explicit consent.

3. Data Sharing and Processors

We share your data only with service providers ("processors") that help us deliver the Platform. All processors are bound by data processing agreements:

  • Vercel — Cloud hosting and content delivery
  • MongoDB Atlas — Database hosting
  • Stripe — Payment processing and subscription management
  • Anthropic / OpenAI — AI writing assistance (only specific text queries are sent; your full works are not transmitted)
  • Resend — Transactional email delivery

We do not sell your personal data to third parties. We do not use your content for advertising.

4. International Data Transfers

Some of our service providers operate in the United States. If you are located in the European Economic Area (EEA), we transfer your data to the US under Standard Contractual Clauses approved by the European Commission, providing appropriate safeguards for your personal data.

5. Data Retention

We retain your account and content data for as long as your account remains active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it for longer (e.g., financial records for tax purposes, up to 7 years).

6. Your Privacy Rights

EU / EEA users (GDPR):
- Access (Art. 15): Request a copy of the personal data we hold about you
- Rectification (Art. 16): Request correction of inaccurate data
- Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Restriction (Art. 18): Request that we limit how we use your data
- Portability (Art. 20): Receive your data in a machine-readable format
- Objection (Art. 21): Object to processing based on legitimate interests
- Complaint: Lodge a complaint with your national data protection supervisory authority

California residents (CCPA / CPRA):
- Right to know what personal information is collected and how it is used
- Right to delete your personal information
- Right to correct inaccurate personal information
- Right to opt-out of the sale or sharing of personal information (we do not sell or share personal information for advertising)
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising these rights

To exercise any of these rights, contact us at: [CONTACT EMAIL]. We will respond within 30 days (GDPR) or 45 days (CCPA).

7. Security

We implement technical and organizational security measures appropriate to the sensitivity of the data we process, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by law.

8. Cookies

We use cookies and similar technologies. Please see our Cookie Policy for details.

9. Children's Privacy

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a child under 18 has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect.

11. Contact

Privacy questions and rights requests: [CONTACT EMAIL]

← Back to Legal

© 2026 The Stream Facility. All rights reserved.

About·Terms of Service·Privacy Policy·Cookie Policy·Content Policy·DMCA·Refund Policy·Help