RebeamRebeam

Privacy Policy

Last updated: 20 April 2026

1. Who we are

Rebeam is operated by AAA Interactive Ltd. ("we", "us", "our"). We provide a multistreaming relay service that forwards your live stream to platforms like Twitch and YouTube simultaneously.

For privacy enquiries, contact privacy@rebeam.co.

2. Data we collect

Account information

When you sign up via our authentication provider (WorkOS), we receive and store your email address, name, and profile picture URL. We also store a unique identifier from WorkOS to manage your session.

Platform connections

When you connect Twitch or YouTube, we store your platform user ID, display name, and OAuth tokens. OAuth tokens are encrypted at rest in our database. For Twitch, we also store your RTMP stream key. For YouTube, we store your RTMP ingest URL and stream key.

We request the following OAuth scopes:

  • Twitch: user:read:email, channel:manage:broadcast, channel:read:stream_key, user:write:chat, moderator:read:followers
  • YouTube: youtube.force-ssl (manage your YouTube account)

Streaming data

Your video and audio content is never stored by Rebeam. It is relayed in real time through our servers to your configured destinations and discarded immediately. We do store stream session metadata including start/end timestamps, duration, and connection status for each destination.

Giveaway winner claims (viewer data)

When a Rebeam customer runs a live giveaway and a viewer is selected as a winner, the viewer may choose to claim the prize by signing in with their Twitch or YouTube account on a Rebeam-hosted claim page. In that flow, we collect from the viewer:

  • Their email address (returned by the platform during OAuth, editable before submission), used to contact the viewer about prize delivery.
  • Their shipping address (only if the giveaway requires a physical prize and the viewer chooses to provide it).
  • The viewer's stable platform identifier (Twitch user ID or YouTube channel ID) and the IP address used to submit the claim, solely for abuse prevention and to confirm the claim was made by the account that won.

Email and shipping fields are encrypted at rest. This information is made available only to the Rebeam customer who ran the giveaway, for the purpose of delivering the prize.

Claim records (email, shipping address, IP) are automatically deleted 30 days after claim submission. The winner's display name and platform remain as part of the giveaway audit record. Viewers can request earlier deletion using the link included in the claim confirmation, or by emailing privacy@rebeam.co.

The viewer OAuth flow requests:

  • Twitch: user:read:email — to verify the claiming account matches the winning account and pre-fill the email field.
  • YouTube (Google): openid, email, profile, youtube.readonly — to verify the claiming Google account owns the winning YouTube channel (via a one-off channels.list API call) and pre-fill the email field.

Usage data

We track your monthly streaming minutes to enforce plan limits. This is aggregated per calendar month and associated with your account.

Payment information

Payments are processed by Stripe. We send Stripe your name and email address to create a customer record. We store only your Stripe customer ID locally. We never see or store your card number, CVV, or full payment details.

3. How we use your data

  • Provide the service: authenticate you, relay your streams, manage your platform connections, and track usage against your plan.
  • Process payments: create and manage your subscription via Stripe.
  • Communicate with you: respond to support requests and send service-critical notices.
  • Maintain security: rate limit API requests, verify webhook signatures, and detect abuse.

We do not use your data for advertising, profiling, or selling to third parties.

4. Third-party services

We share data with the following services only as necessary to operate Rebeam:

  • WorkOS — authentication and session management. Receives your email, name, and profile picture.
  • Stripe — payment processing. Receives your name, email, and payment details.
  • Twitch — stream relay and chat. We access your channel via the OAuth scopes you authorise.
  • YouTube (Google) — stream relay, broadcast management, and chat. We access your channel via the OAuth scope you authorise.
  • Hetzner — cloud infrastructure hosting our API and relay servers (EU-based).
  • PlanetScale — managed database hosting.
  • Vercel — frontend hosting.

We do not use any third-party analytics, tracking, or advertising services.

5. Google user data

When you connect your YouTube account as a Rebeam customer, Rebeam requests access to your Google user data via the youtube.force-ssl OAuth scope. When a viewer signs in to claim a giveaway prize on a Rebeam-hosted claim page, Rebeam separately requests openid, email, profile, and youtube.readonly scopes from that viewer. This section describes how we handle Google user data for both flows.

What we access (broadcaster flow)

  • Your YouTube channel information (channel ID, display name, avatar).
  • Your RTMP stream key and ingest URL for live streaming.
  • Live broadcast management (creating, updating, and deleting broadcasts).
  • Live chat messages for chat aggregation.
  • Video category listings for broadcast metadata.

What we access (giveaway claim flow)

  • Your Google account email and profile (name, avatar), returned via the openid/email/profile scopes.
  • Your YouTube channel list, used solely to verify that your Google account owns the YouTube channel that was drawn as a winner. No channel content or metadata beyond channel identifiers is stored.

How we use it

We use your YouTube data solely to provide the Rebeam multistreaming service: relaying your live stream to YouTube, setting broadcast titles and categories, uploading thumbnails, and displaying chat messages from your live broadcasts. For viewers claiming a giveaway prize, we use Google profile data only to verify the claim identity and pre-fill the email field; we do not access, read, or modify any other Google account data.

How we store it

Your YouTube OAuth tokens (access and refresh tokens) are encrypted at rest in our database. We also store your YouTube channel ID, display name, and RTMP credentials. We do not store your video content, chat history beyond the current session, or any other YouTube account data.

Sharing

We do not share, sell, or transfer your Google user data to any third party, except as necessary to provide the Service (e.g., sending API requests to YouTube on your behalf). Your data is never used for advertising, analytics, or any purpose unrelated to the Rebeam service.

Revocation and deletion

You can disconnect your YouTube account at any time from your dashboard. This immediately deletes all stored YouTube tokens, credentials, and associated destinations from our systems. You can also revoke Rebeam's access from your Google Account permissions page.

Google API Services limited use disclosure

Rebeam's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Cookies and local storage

We use a session cookie and a locally stored API token to keep you signed in. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics.

7. Data security

  • OAuth tokens for Twitch and YouTube are encrypted at rest.
  • All API traffic is served over HTTPS.
  • Webhook payloads from Stripe and Twitch are verified using HMAC signatures.
  • API endpoints are rate-limited to prevent abuse.
  • Internal service communication is authenticated via shared secret headers.
  • Authentication callbacks use POST requests to keep authorisation codes out of URLs and server logs.

8. Data retention

We retain your account data and stream session history for as long as your account exists. Temporary data such as cached chat messages, stream relay URLs, and OAuth state tokens are automatically deleted within 24 hours.

If you delete a platform connection (Twitch or YouTube), the associated OAuth tokens and destinations are deleted immediately. Historical stream session records are retained for your reference.

Giveaway claim data (viewer email, shipping address, and submission IP) is automatically deleted 30 days after claim submission. The winner's display name and platform are retained as part of the giveaway audit record.

9. Your rights

You can:

  • Disconnect platforms at any time, which deletes stored tokens and destinations.
  • Cancel your subscription via the Stripe billing portal.
  • Request account deletion by contacting privacy@rebeam.co. This permanently deletes all your data including stream keys, usage records, platform connections, and session history.
  • Request a data export by contacting us at the same address.

Giveaway claimants (viewers): if you submitted a claim on a Rebeam-hosted claim page, you can request immediate deletion of your claim data (email, shipping address, IP) using the link in your claim confirmation email, or by emailing privacy@rebeam.co with the claim reference. Deletion is effective immediately; the drawn-winner display name is retained as part of the broadcaster's audit trail.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the site. Continued use of Rebeam after changes constitutes acceptance of the updated policy.

11. Contact

AAA Interactive Ltd.
Email: privacy@rebeam.co