Privacy Policy

Effective Date: December 20, 2025

Summary

Meshcast is a streaming platform. We collect account information (via Google OAuth), operational logs, and store recordings you create. We use Cloudflare, Stripe, and Backblaze B2 as service providers. We don't sell your data. You can request deletion of your account and data.

1. Information We Collect

Account Information

When you sign in with Google OAuth, we receive:

Google account ID (unique identifier)
Email address
Display name
Profile picture URL

We do not receive or store your Google password.

Service Data

Stream keys you create and their associated settings
Streaming activity: timestamps, duration, bandwidth usage
Recordings: video files you choose to record (stored on Backblaze B2)
Restream destinations: RTMP URLs and stream keys you configure
Billing information: subscription status, payment history (payment details handled by Stripe)

Technical/Operational Data

IP addresses
Browser/device information (User-Agent)
Access timestamps
Error logs and diagnostics
Server performance metrics

What We Do NOT Collect

We do not monitor or analyze the content of your streams
We do not use tracking cookies for advertising
We do not sell your personal data

2. How We Use Your Information

Provide the Service: authenticate you, route streams, store recordings, process payments
Operate and improve: monitor performance, fix bugs, develop features
Security: detect abuse, prevent fraud, protect users and infrastructure
Communicate: service announcements, billing notices, support responses
Legal compliance: respond to legal requests, enforce our Terms

3. Third-Party Service Providers

We use the following third-party services that process data on our behalf:

Cloudflare

DDoS protection and CDN. Receives IP addresses, request URLs, User-Agent, and sets security cookies. See Cloudflare Privacy Policy.

Stripe

Payment processing. Handles credit card information directly; we only receive subscription status. See Stripe Privacy Policy.

Google (OAuth)

Authentication. We receive basic profile information you authorize. See Google Privacy Policy.

Backblaze B2

Recording storage. Your recorded videos are stored encrypted at rest. See Backblaze Privacy Policy.

Vultr / AWS

Server hosting. Media servers and infrastructure may be located in multiple regions.

4. Data Retention

Data Type	Retention Period
Account information	Until account deletion
Stream activity logs	90 days
Recordings	Per tier limits (7-90 days), or until manual deletion
Server/error logs	30 days
Billing records	As required by law (typically 7 years)
Abuse/incident logs	As required by law (up to 1 year for child safety)

5. International Data Transfers

Your data may be processed on servers located in the United States, Canada, and other countries where our infrastructure providers operate. By using the Service, you consent to this transfer.

For EEA/UK users: We rely on Standard Contractual Clauses and service provider certifications for lawful data transfers.

6. Your Rights (GDPR and Similar Laws)

Depending on your location, you may have the following rights:

✓

Access: Request a copy of your personal data

✓

Rectification: Correct inaccurate data

✓

Erasure: Request deletion of your data ("right to be forgotten")

✓

Restriction: Limit how we process your data

✓

Portability: Receive your data in a structured format

✓

Object: Object to processing based on legitimate interests

✓

Withdraw consent: Where processing is based on consent

To exercise these rights, contact steve@seguin.email. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

7. Legal Basis for Processing (EEA/UK)

We process your data under the following legal bases:

Contract: To provide the Service you requested (account, streaming, recordings)
Legitimate interests: Security, fraud prevention, service improvement, analytics
Legal obligation: Tax records, responding to lawful requests, child safety reporting
Consent: Where specifically requested (e.g., marketing emails, if any)

8. Cookies and Local Storage

Essential cookies only. We use cookies for:

Session authentication (keeping you logged in)
Security (CSRF protection, Cloudflare security tokens)

We do not use tracking or advertising cookies.

Local storage may store preferences (e.g., video player settings). Clear via browser settings.

9. Security

We implement reasonable security measures including:

TLS encryption for all connections
Encrypted storage for recordings (B2 server-side encryption)
Cloudflare DDoS and bot protection
Regular security updates
Access controls and audit logging

No system is perfectly secure. You are responsible for securing your account credentials and stream keys.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Account Deletion

You can request account deletion by emailing steve@seguin.email from your registered email address.

Upon deletion:

Your account and stream keys are deactivated immediately
Your recordings are deleted within 30 days
Operational logs are retained per our retention schedule then deleted
Billing records are retained as required by law

12. Changes to This Policy

We may update this policy from time to time. For material changes, we will update the effective date and post a notice. Continued use after changes take effect means you accept the updated policy.

13. Contact

Data Controller: Steve Seguin

Email: steve@seguin.email

For privacy requests, include "Privacy Request" in your subject line.