4thRock Docs

English

Espanol
日本語
Русский
한국어

English

Espanol
日本語
Русский
한국어

Privacy Policy

Last Updated: April 2026

About This Service

4thRock Cloud is a streamer toolkit that helps content creators manage live chat, overlays, and audience engagement across multiple streaming platforms.

Our Core Principle

We do not collect personal information. All data that passes through our system originates from third-party platforms and is already publicly available within those platforms. We do not harvest, mine, profile, sell, or monetize any data.

Data We Process

We process the following categories of data, all of which originate from third-party streaming and communication platforms:

Platform Identifiers — Numerical or alphanumeric user and channel IDs assigned by external platforms. These are not personal information; they are opaque identifiers issued by each platform.

Publicly Visible Chat Data — Display names, chat messages, badges, and roles as they appear in public live chat streams. This is the same data visible to any viewer of the stream.

Contribution Data — Publicly visible monetary contributions (e.g., Super Chats) as surfaced by each platform's own public APIs.

Payment Data — When you send a tip or subscribe through our platform, payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or full billing addresses. Stripe may collect billing information, geographic data, and device information as described in Stripe's Privacy Policy. We receive only transaction identifiers, amounts, and payment status necessary to fulfill your purchase.

Authentication Credentials — Where a platform requires OAuth consent for integration, we store the minimum credentials necessary to maintain the authorized connection. These are granted directly by the user through the platform's own consent flow.

Device Fingerprints — We generate device fingerprints strictly for security purposes — specifically, bot prevention, session integrity, and detection of unauthorized access attempts. Device fingerprints are never used for advertising, tracking, profiling, or sold to any third party.

Voice & Audio Data — If you use voice cloning features, audio samples you provide are transmitted to our third-party voice synthesis provider (Speechify) for processing. Audio samples are subject to Speechify's own data handling and retention policies. We store only the resulting voice model identifiers, not the original audio samples.

AI-Generated Content — Chat interactions with our AI chatbot feature are processed through Venice AI, a privacy-focused third-party inference provider. Venice AI does not store prompts, responses, or conversation history. Conversation context is held temporarily in memory on our servers during active sessions and is not permanently stored or used for model training. See Venice AI's Privacy Policy for details on their data handling practices.

We do not collect: real names, email addresses, physical addresses, phone numbers, or browsing history beyond what is described above. Payment processing is handled by Stripe; we never have access to full card details.

What We Do Not Do

  • No tracking cookies. We do not use advertising, analytics, or cross-site tracking cookies. Session cookies used for authentication contain only a session identifier.
  • No advertising. There are no ads, ad networks, tracking pixels, or retargeting on our platform.
  • No data sales. We do not sell, rent, trade, license, or disclose data to third parties under any commercial arrangement.
  • No profiling. We do not build behavioral profiles, perform sentiment analysis, generate derived insights, or score users in any way.
  • No data brokers. We have no relationships with data brokers, data aggregation services, or data marketplaces.
  • Security-only fingerprinting. We use device fingerprinting exclusively for bot prevention, session security, and fraud detection. Fingerprints are never used for advertising, user tracking, or sold to third parties.
  • Limited geographic data. We do not actively collect or infer geographic location. However, our payment processor (Stripe) may collect geographic information as part of payment fraud prevention. See Stripe's Privacy Policy.
  • No cross-platform tracking. We do not correlate identities across platforms. Each platform integration is treated independently.

Data Security

  • All data is stored on infrastructure we control, within network-isolated environments that are not directly accessible from the public internet.
  • All external communication is encrypted in transit using TLS.
  • Authentication credentials are stored with restricted access controls and are automatically invalidated when a user disconnects.
  • We follow the principle of least privilege — services only have access to the data they require to function.
  • Device fingerprinting is employed as a security measure to detect bots, prevent unauthorized access, and maintain session integrity.
  • We conduct regular reviews of our security practices and access controls.
  • We do not disclose specific details of our security architecture, infrastructure topology, or defensive measures in public-facing documents.

Data Retention

CategoryRetentionDisposal
Chat messages3 daysAutomated permanent deletion
Event & activity logs24 hoursAutomated permanent deletion
Temporary processing caches3 days or lessAutomated permanent deletion
Moderation & audit logs14 daysAutomated permanent deletion
Usage & trend data30 daysAutomated permanent deletion
Billing & cost records60 daysAutomated permanent deletion
Authentication credentialsUntil user disconnectsRevoked & permanently deleted
Active session dataDuration of sessionCleared on disconnect
Platform integration dataUntil integration removedPermanently deleted on removal

When data reaches the end of its retention period or a user disconnects, it is permanently deleted. We do not archive, anonymize-and-retain, or transfer expired data to secondary storage.

Third-Party Platform Compliance

Our service integrates with third-party platforms solely to provide the functionality the user has requested. We comply with each platform's developer terms, API policies, and data handling requirements.

Where a platform requires OAuth authorization, we request only the minimum permissions necessary. Users can revoke authorization at any time through the respective platform's account settings. Data originating from one platform is never transmitted to a different platform.

Your Rights

You have the following rights at any time, without restriction, regardless of your jurisdiction:

RightDescription
DisconnectRemove any platform integration from your dashboard. Data flow stops immediately and associated data is permanently deleted.
RevokeRevoke OAuth authorization directly through any platform's account settings. We cannot override or circumvent a platform-level revocation.
DeleteRequest complete deletion of all data associated with your account. We will confirm deletion within 7 days.
AccessRequest a summary of what data we hold about you. We will respond within 14 days.
PortabilityRequest an export of your data in a machine-readable format.

These rights are honored universally. You do not need to reference any specific regulation.

Children's Privacy & Age Requirement

This service is intended exclusively for users aged 18 and older. It is not directed at children or minors. We do not knowingly collect or process data from anyone under the age of 18. If you believe a minor's data has been processed by our system, contact us and we will delete it immediately. Users who misrepresent their age are in violation of these terms and may be terminated without notice.

International Data

Our servers are located in the United States. If you access the service from outside the United States, you acknowledge that your data (as described above) will be processed in the United States. We apply the same protections regardless of where you are located.

Built for streamers, by streamers.

2026 4thRock