Rebeam

Privacy Policy

Last updated: 3 March 2025

1. Who we are

Rebeam is operated by AAA Interactive Ltd. ("we", "us", "our"). We provide a multistreaming relay service that forwards your live stream to platforms like Twitch and YouTube simultaneously.

For privacy enquiries, contact privacy@rebeam.co.

2. Data we collect

Account information

When you sign up via our authentication provider (WorkOS), we receive and store your email address, name, and profile picture URL. We also store a unique identifier from WorkOS to manage your session.

Platform connections

When you connect Twitch or YouTube, we store your platform user ID, display name, and OAuth tokens. OAuth tokens are encrypted at rest in our database. For Twitch, we also store your RTMP stream key. For YouTube, we store your RTMP ingest URL and stream key.

We request the following OAuth scopes:

  • Twitch: user:read:email, channel:manage:broadcast, channel:read:stream_key, user:write:chat, moderator:read:followers
  • YouTube: youtube.force-ssl (manage your YouTube account)

Streaming data

Your video and audio content is never stored by Rebeam. It is relayed in real time through our servers to your configured destinations and discarded immediately. We do store stream session metadata including start/end timestamps, duration, and connection status for each destination.

Usage data

We track your monthly streaming minutes to enforce plan limits. This is aggregated per calendar month and associated with your account.

Payment information

Payments are processed by Stripe. We send Stripe your name and email address to create a customer record. We store only your Stripe customer ID locally. We never see or store your card number, CVV, or full payment details.

3. How we use your data

  • Provide the service: authenticate you, relay your streams, manage your platform connections, and track usage against your plan.
  • Process payments: create and manage your subscription via Stripe.
  • Communicate with you: respond to support requests and send service-critical notices.
  • Maintain security: rate limit API requests, verify webhook signatures, and detect abuse.

We do not use your data for advertising, profiling, or selling to third parties.

4. Third-party services

We share data with the following services only as necessary to operate Rebeam:

  • WorkOS — authentication and session management. Receives your email, name, and profile picture.
  • Stripe — payment processing. Receives your name, email, and payment details.
  • Twitch — stream relay and chat. We access your channel via the OAuth scopes you authorise.
  • YouTube (Google) — stream relay, broadcast management, and chat. We access your channel via the OAuth scope you authorise.
  • Hetzner — cloud infrastructure hosting our API and relay servers (EU-based).
  • PlanetScale — managed database hosting.
  • Vercel — frontend hosting.

We do not use any third-party analytics, tracking, or advertising services.

5. Cookies and local storage

We use a session cookie and a locally stored API token to keep you signed in. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics.

6. Data security

  • OAuth tokens for Twitch and YouTube are encrypted at rest.
  • All API traffic is served over HTTPS.
  • Webhook payloads from Stripe and Twitch are verified using HMAC signatures.
  • API endpoints are rate-limited to prevent abuse.
  • Internal service communication is authenticated via shared secret headers.
  • Authentication callbacks use POST requests to keep authorisation codes out of URLs and server logs.

7. Data retention

We retain your account data and stream session history for as long as your account exists. Temporary data such as cached chat messages, stream relay URLs, and OAuth state tokens are automatically deleted within 24 hours.

If you delete a platform connection (Twitch or YouTube), the associated OAuth tokens and destinations are deleted immediately. Historical stream session records are retained for your reference.

8. Your rights

You can:

  • Disconnect platforms at any time, which deletes stored tokens and destinations.
  • Cancel your subscription via the Stripe billing portal.
  • Request account deletion by contacting privacy@rebeam.co. This permanently deletes all your data including stream keys, usage records, platform connections, and session history.
  • Request a data export by contacting us at the same address.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the site. Continued use of Rebeam after changes constitutes acceptance of the updated policy.

10. Contact

AAA Interactive Ltd.
Email: privacy@rebeam.co