What we collect
- Account data. Email, display name, avatar URL, provided by Google or Twitch when you sign in.
- OAuth-scoped channel data. When you connect Google, we read your YouTube channel metadata, video metadata, and analytics under the
youtube.readonlyandyt-analytics.readonlyscopes. When you connect Twitch, we read your stream history, clips, and follower deltas under the scopes you consented to. - Generated artifacts. Stack Traces, Patch Notes, Breakpoint runs, and Hotfix recommendations produced by our AI engine. These are derived from your channel data and stored on your account.
- Product usage. Anonymized analytics on which features you use (e.g. page views, button clicks) via PostHog, used to improve the product.
What we do not collect
- Your audience's personal data beyond what YouTube/Twitch already reports in aggregate.
- Video files or audiovisual content (we only store metadata and thumbnails for display).
- Payment card data. Stripe handles that and we never see card numbers.
How we use it
- To run the stillerror product: ingestion, analysis, generation of reports.
- To send you your weekly Stack Trace and Hotfix notifications.
- To improve our AI prompts and quality, only with explicit opt-in for prompt sharing.
- For aggregate, anonymized benchmarks (e.g. "videos in your niche average 8% CTR"), never with identifying detail.
Sub-processors
We use the following third-party services to run stillerror. Each one processes a slice of your data.
- ok Supabase. Postgres database, file storage (thumbnails), auth identity (US East region).
- ok Cloudflare. Application hosting + edge runtime (Workers + Pages).
- ok Trigger.dev. Background job execution (ingestion, weekly reports).
- ok Anthropic. Claude API for narrative generation, vision analysis, and scoring. Subject to Anthropic's commercial terms (no training on your data).
- info Google. OAuth identity provider and YouTube Data + Analytics APIs.
- info Twitch. OAuth identity provider and Helix API.
- ok Resend. Transactional email (Stack Trace delivery + invites).
- ok PostHog. Product analytics (anonymized).
- ok Sentry. Error monitoring (no PII).
We do not sell your data to any third party. We share data with these sub-processors only to provide the stillerror service.
Token storage
OAuth access and refresh tokens issued by Google and Twitch are encrypted at rest using AES-256-GCM with keys held in our application environment before being stored in our Postgres database. They are decrypted in memory only at the moment of an API call (e.g. the nightly ingestion job) and never written to logs.
Data retention
- Active accounts: we retain channel data for as long as your account is active so historical trends remain available.
- Account deletion: all rows in our database related to your account are hard-deleted within 7 days of you requesting deletion. We also call Google's and Twitch's token revocation endpoints so your OAuth grant is withdrawn.
- Thumbnails uploaded for Breakpoint analysis: deleted 30 days after the Breakpoint run, or immediately on account deletion.
Your rights
- Export: request a JSON dump of all data tied to your account from your account settings.
- Delete: permanently delete your account and all associated data from your account settings. This action cannot be undone.
- Disconnect a provider: revoke our Google or Twitch access at any time without deleting your stillerror account.
EU/UK residents have additional rights under GDPR (rectification, restriction of processing, objection). Email the contact below to exercise them.
Children
stillerror is not intended for users under 13. If we learn we have collected data from a child under 13, we will delete it.
Changes
Material changes to this policy will be announced via email and an in-app banner at least 14 days before they take effect.
Contact
Email privacy@stillerror.com for any privacy-related question or request. We respond within 7 days.