Privacy Policy

1. Information We Collect

1.1 Account and User Information

When a streamer creates or uses an account with us, we may collect basic account information such as:

• Name or display name;
• Email address;
• Company or organization name, if applicable;
• Login and account status information;
• Application settings and preferences.

1.2 Connected Livestreaming Account Information

When a streamer connects a YouTube, Twitch, or Kick account through OAuth or another platform authorization flow, we may collect and store limited information necessary to provide the livestream chat automation feature.

For YouTube accounts, this may include:

• The streamer’s YouTube channel ID;
• The YouTube channel name or display name;
• OAuth access tokens and refresh tokens provided after the streamer authorizes the Application;
• The ID and metadata of the currently active livestream when needed to identify where the message should be sent;
• The live chat ID or equivalent identifier required to send a message to the active livestream chat;
• The message content configured by the streamer to be sent when an overlay is displayed;
• Operational logs confirming that a chat message was requested, sent, failed, or retried.

For Twitch and Kick accounts, we may collect equivalent account, channel, livestream, chat, token, and operational information required to provide the same feature.

2. Google User Data We Access

When a streamer connects a YouTube account, the Application accesses Google user data only for the following purposes:

• To identify the YouTube channel connected by the streamer;
• To detect or identify the currently active YouTube livestream associated with that channel;
• To identify the correct live chat associated with the active livestream;
• To send a chat message to that active live chat when the streamer displays an overlay through the OBS plugin.

The Application does not use Google user data for unrelated purposes.

Even if a Google OAuth scope technically grants broader capabilities than our specific feature requires, we only use the permission to identify the active YouTube livestream and send the streamer-configured message to the active livestream chat. We do not use any other capability unless it is clearly disclosed to the user and separately required for a user-facing feature.

3. How We Use Information

We use collected information to:

• Provide and operate the OBS plugin and related services;
• Allow streamers to connect and disconnect supported livestreaming accounts;
• Identify the streamer’s active livestream;
• Send streamer-configured messages to the active livestream chat when overlays are inserted;
• Display and manage overlay campaigns, QR codes, polls, surveys, mini-games, and rewards;
• Maintain security, prevent abuse, and troubleshoot technical issues;
• Monitor service performance and reliability;
• Comply with legal obligations.

We do not use Google user data, YouTube account data, Twitch account data, or Kick account data to build advertising profiles, sell data, or determine creditworthiness.

4. OAuth Tokens

When a streamer authorizes the Application through YouTube, Twitch, or Kick, the platform may provide OAuth access tokens and, where applicable, refresh tokens.

We use these tokens only to perform actions authorized by the streamer and required by the Application’s user-facing features. For YouTube, this means identifying the active livestream and sending a chat message to the active livestream chat when an overlay is displayed.

OAuth tokens are stored securely and are protected using technical and organizational safeguards, such as encryption at rest, encryption in transit, access controls, and restricted internal access.

The streamer may disconnect a connected account at any time from the Application. When a connected account is disconnected, we stop using the related OAuth tokens and delete or invalidate the tokens stored by us, unless retention is required for security, fraud prevention, troubleshooting, or legal compliance.

Streamers may also revoke the Application’s access directly through the relevant platform’s account permission settings.

5. Chat Messages Sent by the Application

The Application sends chat messages only when triggered by a streamer action or configuration, such as displaying an overlay through the OBS plugin.

The chat message is sent in the name of the connected livestreaming account because the streamer has authorized the Application to do so.

The Application does not independently create unrelated chat messages, participate in conversations, read chat for profiling purposes, or send messages outside the active livestream selected for the overlay experience.

6. Data Sharing

We do not sell personal information or Google user data.

We may share limited information only in the following cases:

• With service providers that help us operate, host, secure, monitor, or support the Application;
• With livestreaming platforms, only as necessary to perform the action requested by the streamer, such as sending a message to the active live chat;
• When required by law, legal process, or regulatory obligation;
• To protect the rights, safety, and security of users, viewers, the Application, or third parties;
• In connection with a merger, acquisition, financing, corporate transaction, or sale of assets, subject to appropriate safeguards and applicable law.

Service providers are only allowed to process information for the purposes described in this Privacy Policy and according to our instructions.

7. Google API Services User Data Policy

The Application’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means that we use Google user data only to provide or improve user-facing features that are visible and prominent in the Application. We do not sell Google user data, transfer it to advertising platforms or data brokers, use it for personalized advertising, or use it to determine creditworthiness.

Human access to Google user data is limited and only permitted when necessary for security, troubleshooting, legal compliance, or with the user’s explicit consent.

8. Data Retention

We retain information only for as long as necessary to provide the Application, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.

Connected account data and OAuth tokens are retained while the streamer’s account remains connected. If the streamer disconnects the account, we delete or invalidate the related OAuth tokens stored by us.

Operational logs may be retained for a limited period for security, debugging, fraud prevention, and audit purposes. The usual retention period is 90 days, unless a longer period is required by law or necessary to investigate abuse or security incidents.

9. Security

We use reasonable technical and organizational safeguards to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

These safeguards may include:

• Encryption in transit;
• Encryption or secure storage for sensitive credentials and OAuth tokens;
• Access controls;
• Authentication controls;
• Logging and monitoring;
• Internal restrictions on who can access production systems;
• Regular review of security practices.

No system is completely secure, but we work to protect user information and reduce the risk of unauthorized access.

10. User Choices and Controls

Streamers can:

• Connect or disconnect YouTube, Twitch, and Kick accounts;
• Configure whether chat automation is enabled;
• Configure the chat message sent when overlays are displayed;
• Stop using the OBS plugin;
• Request access, correction, deletion, or export of personal information, where applicable;
• Revoke OAuth access directly from the relevant platform account settings.

To request deletion or assistance, contact us at support@abilitya.tech.

11. Children

The Application is intended for streamers and business users. It is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

12. International Data Processing

We may process information in countries other than the country where the user is located. When required by applicable law, we use appropriate safeguards for international transfers of personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to how we access, use, store, or share Google user data or other personal information, we will update this Privacy Policy and, where required, notify users or request renewed consent before using data for a new purpose.

14. Contact Us

For privacy questions, data requests, or account disconnection support, contact us at:

Abilitya Srl
Email: support@abilitya.tech
Address: Via Antonio Baldissera 2, 20129 Milan, Italy