Privacy Policy

1. Scope of Application

This policy applies to the Service's website, API, and all related features. By using the Service, you are deemed to have agreed to this policy.

2. Information We Collect

The Service collects and uses the following information.

2.1 Information Obtained at Authentication (Discord OAuth2)

We use Discord's authentication (OAuth2) for login. In doing so, we obtain the following information from Discord.

2.2 Information Stored by the Service

• User information: Discord ID, username, discriminator, avatar URL, created/updated timestamps
• Server (guild) information: Discord server ID, name, icon URL, etc. (for access permission determination)
• File-related: Metadata of uploaded files (file name, size, type, uploader, share link/token, etc.). File contents are stored in external storage (Cloudflare R2).
• Upload sessions: Session ID, expiration, status, etc. for web upload (temporary processing)

2.3 Information Held on Browser/Device

• Session cookie: We use discord-stream-session for login state (max 7 days, HttpOnly, Secure).
• Local storage: We store the auth token (JWT) as discord_token. We may store display language as i18nextLng.

3. Purposes of Use

• Providing the Service (authentication, file list display, streaming, upload, share link management)
• Permission management to show only content tied to Discord servers the user is allowed to access
• Technical processing necessary for operation (error investigation, load measures, etc.)
• Compliance with laws and regulations

4. Third-Party Provision and External Services

• Discord: We send requests to the Discord API for authentication and to obtain joined server information. Discord's privacy policy applies.
• Cloud storage (Cloudflare R2): Used to store the contents of uploaded files.
• Hosting: The Service may run on cloud infrastructure such as Google Cloud Run; in such cases the provider's terms and data processing apply.

Other than as stated above, we do not sell or transfer data that identifies individuals to third parties without user consent.

5. Data Retention

• User, guild, and file metadata: Retained for the period necessary to provide the Service, or until the user deletes it.
• Sessions and upload sessions: Deleted or invalidated after expiration.
• Server logs: May be retained for a certain period for operation and incident investigation.

6. Security

• We use HTTPS and the Secure attribute of session cookies for authentication.
• Auth tokens (JWT) have an expiration; re-login is required after expiration.
• Access to the database and storage is limited to what is necessary for the Service.

7. Your Rights

You can invalidate the session and auth token stored in your browser by logging out. If you wish to request access, correction, deletion, or suspension of use of your personal data, please contact us via "9. Contact".

8. Cookies and Local Storage

We use the session cookie (discord-stream-session) to maintain login state, and the auth token (discord_token) and display language (i18nextLng). We do not currently use cookies for advertising or behavioral targeting.

9. Contact

For questions or requests regarding this policy or the handling of personal information, please contact the operator of the Service. (Contact details are provided in "Help" or as designated by the operator.)

10. Revisions

This policy may be revised as needed. For material changes, we will notify you via the Service or by updating the last-updated date. Use of the Service after a revision constitutes acceptance of the revised policy.