Privacy Policy
Last updated: May 4, 2026
Collab Planner is built for Twitch streamers who want to plan and coordinate collaborations with friends. This policy explains what data we collect, why we collect it, how it's stored, and how you can control it.
Collab Planner is operated globally for Twitch creators. Application infrastructure is hosted by Vercel and the database by Supabase, both in US regions. By using the service you consent to the cross-border processing described below, where applicable to your jurisdiction.
1. Data We Collect
We collect only what is needed to operate the service.
From Twitch OAuth (required to sign in)
Sign-in goes through Supabase Auth using Twitch as the identity provider. The following scopes are requested:
| user:read:email | Read your Twitch email so we can identify your account uniquely. |
| user:read:follows | Read who you follow on Twitch — used to suggest friends and detect co-stream signals. |
| moderator:read:followers | Read your follower list when you import friends from your audience. |
We never request scopes that allow posting to chat, modifying your channel, or managing your account beyond reading the data above.
From the Twitch Helix API (refreshed via your token)
- Display name, login (handle), profile image URL, channel ID, broadcaster type
- Your stream history — VOD titles, dates, durations, game IDs — used to estimate your typical streaming windows and infer co-streams from VOD metadata
- Your scheduled stream segments where Twitch publishes them, used to anchor calendar predictions
- Your channel color (hex), used in calendar UI
From Discord OAuth (optional)
Discord is optional. If you connect it, the following scopes are requested:
| identify | Read your Discord user ID and username so we know which account is connected. |
| guilds | List the servers you belong to so you can pick one to send notifications to. |
| webhook.incoming | Create and use an incoming webhook in the channel you authorize, to post collab event notifications. |
Discord access and refresh tokens are stored encrypted at rest in the database and are never exposed in client responses or server logs.
Data you create in the app
- Collab events — title, date, time, participants, game, notes
- Friend list — Twitch handles you choose to track, plus optional notes you write on friend profiles
- Timezone preference
- Theme preference (light, dark, or match-system) stored in your browser's localStorage
Automatically collected
- Standard server access logs — IP address, user agent, request path — retained for up to 30 days for security and abuse investigation
- Supabase auth session metadata — last sign-in time, refresh token rotation
- No analytics trackers, no fingerprinting, no advertising cookies
2. How We Use Your Data
| Display name, avatar | Render your profile in the app UI and on shared event pages |
| Account identity within Supabase Auth and out-of-band contact for security or legal matters | |
| Stream history (VODs) | Estimate your typical streaming windows and surface co-streams from VOD metadata |
| Schedule segments | Anchor calendar predictions to your published stream schedule |
| Follow list / followers | Power friend suggestions and import flows |
| Discord tokens | Post collab event notifications to the channel you chose |
| Friend list + notes | Track your collaborator network and personal context |
| Collab events | Calendar display, Discord notifications, reminder scheduling |
| Timezone | Format all displayed times in your local time |
We do not sell your data, share it with advertisers, or use it to train machine learning models. Data is used solely to operate the Collab Planner service for you.
3. Data Storage & Security
The application is hosted on Vercel (US region). The database is Supabase Postgres, also in a US region. Both vendors maintain SOC 2 Type II controls and encrypt data at rest and in transit.
Discord OAuth tokens are encrypted at the application layer before being written to the database. The encryption key is held in the application's environment and is never exposed to clients or logs.
We use HTTPS exclusively. Session cookies are httpOnly and SameSite=Lax. Server-side checks gate every API endpoint that returns or mutates user data.
4. Third-Party Services
Collab Planner integrates with the services below. Each has its own privacy policy.
| Twitch | Authentication, stream data, schedule data, follow graph | Policy ↗ |
| Discord | Optional notifications via incoming webhooks | Policy ↗ |
| Supabase | Authentication, encrypted Postgres database | Policy ↗ |
| Vercel | Application hosting and edge delivery | Policy ↗ |
We encourage you to review each policy. Your use of those platforms within the Collab Planner experience is also governed by their terms.
5. Data Retention
Concrete retention windows:
- Stream history older than 12 months may be pruned to manage storage
- Reminder records: marked sent and retained for 90 days, then deleted
- Server access logs: deleted after 30 days
- Discord OAuth tokens: deleted immediately when you disconnect Discord, or within 7 days of the last refresh failure
- When you request account deletion: all personal data is purged within 30 days, plus a 7-day buffer for backup rotation
6. Your Rights
Depending on your jurisdiction, you may have one or more of the following rights:
- Access — request a copy of all data we hold about you
- Correction — update inaccurate data via the app settings or email request
- Deletion — request complete account and data deletion
- Portability — request your data in a machine-readable JSON export
- Disconnect — revoke Discord access from in-app Settings; revoke Twitch access via your Twitch account's connected applications page
- Objection / opt-out of certain processing — under GDPR, CCPA, and similar regimes
We honor the Global Privacy Control (GPC) signal where applicable. To exercise any of these rights, email deutschmarkonline@gmail.com. We respond within 14 days, or sooner where required by law.
EU/UK residents have the right to lodge a complaint with their local data protection authority. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information. We do not sell or share personal data as those terms are defined under the CCPA.
7. International Transfers
If you access Collab Planner from outside the United States, your data is transferred to and processed in the US by Supabase and Vercel. We rely on the Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms maintained by those vendors for cross-border transfers from the EEA, UK, and Switzerland.
8. Security Incidents
In the unlikely event of a security incident affecting your data, we will notify affected users by email within 72 hours of confirmation, where practicable, and comply with applicable breach-notification laws (including GDPR Article 33, CCPA §1798.82, and equivalents). Notifications will describe the nature of the incident, the data categories involved, and remediation steps you may need to take.
9. Children's Privacy
Collab Planner requires a Twitch account, and Twitch requires its users to be at least 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us data, contact deutschmarkonline@gmail.com and we will delete it promptly.
10. Changes to This Policy
We may update this policy to reflect changes in the service, the law, or operational practices. Material changes will be communicated by updating the “Last updated” date above; significant changes that affect how your data is used will also be highlighted in-app where reasonable. Continued use of the service after the effective date of a change constitutes acceptance.
11. Contact
Questions, requests, or complaints about this policy: deutschmarkonline@gmail.com