GDPR Statement
Plain-language summary. If you live in the European Union, you have specific rights under the General Data Protection Regulation. Because StreamX is local-first, the data we hold about you is unusually limited — but you can still access, correct, delete, port, or restrict what we do have.
1. Data Controller
StreamX (legal entity name to be filled in)
(registered address to be filled in)
Email: privacy@example.com
Our EU representative (if applicable) and Data Protection Officer:
Data Protection Officer
Email: dpo@example.com
2. Categories of Personal Data We Process
- Account data: email, hashed password, display name.
- Billing data: subscription tier, transaction references (no card numbers).
- License data: hashed machine ID, account ID, product version.
- Aggregate quota counts: daily API call totals per platform.
- Support correspondence: emails and form submissions.
- Website analytics: aggregate usage data (only after consent).
We do not process your social media content, audience data, or AI inference results — those remain on your device.
3. Legal Bases for Processing (Art. 6 GDPR)
| Purpose | Legal Basis |
|---|---|
| Provide the service (account, license) | Contract (Art. 6(1)(b)) |
| Subscription billing | Contract (Art. 6(1)(b)) |
| Customer support | Contract / Legitimate Interest (Art. 6(1)(b) & (f)) |
| Tax record retention | Legal Obligation (Art. 6(1)(c)) |
| Website analytics | Consent (Art. 6(1)(a)) |
| Security & abuse prevention | Legitimate Interest (Art. 6(1)(f)) |
4. Your Rights as a Data Subject
Under Articles 15-22 GDPR, you have the right to:
- Access — request a copy of the data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion ("right to be forgotten"), subject to legal retention requirements.
- Restriction — request that we limit processing while a dispute is resolved.
- Portability — receive your data in a structured, machine-readable format (JSON or CSV).
- Object — object to processing based on legitimate interest, including direct marketing.
- Withdraw consent — for any processing based on consent, withdraw at any time without affecting prior lawful processing.
- Not be subject to automated decisions — including profiling that produces legal effects. We currently do not engage in such processing.
5. How to Exercise Your Rights
Send a request to privacy@example.com describing which right you wish to exercise. We will:
- Confirm receipt within 5 business days
- Verify your identity (typically by sending a confirmation email to the address on file)
- Respond substantively within 30 days (extendable by 2 months for complex requests with notice)
Exercising your rights is free of charge. We may charge a reasonable fee or refuse a request only if it is manifestly unfounded or excessive.
6. International Data Transfers
Where personal data is transferred outside the European Economic Area, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where they exist
- Other safeguards as required under Articles 44-49 GDPR
7. Right to Lodge a Complaint
If you believe we have violated your GDPR rights, you may lodge a complaint with the data protection authority of your country of residence. A list is available at edpb.europa.eu.
8. Retention
Refer to Section 6 of our Privacy Policy for retention periods by data category.