Privacy Policy

1. Identity and Nature of the Project

The getty software is an application for managing overlays, tips, chat, notifications, creator analytics, and related livestream tools. This page applies to the hosted app available at app.getty.sh.

2. Data Protection Principles

• Minimization: only data necessary for enabled features is processed.
• Transparency: the project logic is reviewable in its codebase and public docs.
• User Control: users can revoke tokens, disable integrations, or remove configuration.
• No Commercial Exploitation: personal data is not sold or rented.
• No External Tracking SDKs: no Google Analytics or similar third-party trackers are embedded.

3. What Data is Processed

3.1 Basic Operation

• Session cookies or local storage for authentication and preferences.
• Wallet address and public transaction data required to display goals and support activity.
• User configuration values such as text, themes, language, and feature settings.
• Webhook URLs or tokens only for services the user explicitly configures.

3.2 Hosted Technical Data

• Technical request logs such as timestamp, path, and response status.
• Aggregated internal process metrics for stability and monitoring.

3.3 Data Not Collected

• No behavioral profiles.
• No advertising identifiers.
• No deliberate browser fingerprinting.

4. Connected Platform Permissions and Data Access

When a user connects Twitch, YouTube, or Kick, the hosted app may receive OAuth tokens, provider account identifiers, channel metadata, and live chat or event data needed for the enabled integration. Access and refresh tokens may be stored so the connection can continue to work across sessions, and these tokens are intended to be stored encrypted when encryption is configured on the hosted instance.

4.1 Twitch

The current Twitch authorization flow may request scopes including chat:read, chat:edit, channel:read:redemptions, moderator:read:followers, channel:read:subscriptions, and bits:read. These scopes support Twitch chat connection and enabled stream features such as chat sync, badges, redemptions, follower events, subscription events, and cheer or bits-related events.

For Twitch, the app may read or derive the connected account ID, login name, display name, profile image, badge metadata, chat messages, emotes, user color, and selected event data such as follows, subscriptions, gifted subscriptions, raids, cheers, and redemptions when those features are enabled.

4.2 YouTube

The current YouTube OAuth flow requests the youtube.readonly scope. This is used to identify the authenticated channel's active live broadcast and poll its live chat. The app may read the connected channel ID, author display name, author channel ID, profile image, message content, message type, published timestamp, moderator or owner flags, verified or sponsor flags, and Super Chat or Super Sticker display amounts when present in the provider response.

Getty also supports a manual YouTube mode that uses a public videoId together with a server-side API key to preview or poll a public live chat without keeping a full OAuth session active for that flow.

4.3 Kick

The current Kick authorization flow may request scopes including user:read, channel:read, and events:subscribe. These permissions support resolving the authenticated channel, reading channel and chatroom metadata, and receiving subscribed event payloads needed for the hosted integration.

For Kick, the app may read the connected user or broadcaster ID, channel slug, channel and chatroom identifiers, profile image, chat messages, emotes, badge metadata, username color, reply references, and sender verification state when the provider includes that data.

4.4 User Expectations

• Connected platform data is processed only to power the enabled integration and related hosted features.
• Disconnecting an integration is intended to stop future synchronization, event subscriptions, and token use for that provider.
• Third-party platforms apply their own privacy terms, data handling rules, and API limitations in addition to this policy.

5. Purposes

• Authentication and session management.
• Displaying and updating widgets, chat, tips, and goals.
• Sending notifications to external services configured by the user.
• Operating, debugging, and securing the hosted service.

6. Legal Basis

• Use of the app and enabled features: contract or service fulfillment.
• Technical logs and security records: legitimate interest.
• User-provided wallets, webhooks, and tokens: explicit user action and consent.

7. Retention Periods

• Sessions: while active or until restart/expiration.
• Configuration: until changed or deleted by the user.
• Hosted logs: limited retention with rotation, recommended up to 30 days.
• Temporary caches: short-lived and performance-oriented.

8. Third-Party Disclosure

• Read-only requests to public gateways or APIs when required for app functionality.
• User-configured services such as Discord or Telegram only for the data the user chooses to send.
• Legal disclosure only if required by valid law or court order.

9. User Rights

• Access and portability through readable configuration and exported data.
• Rectification by editing settings or local data.
• Deletion by revoking tokens, removing configuration, or closing the account.
• Objection or limitation by disabling features and integrations.

10. Security

The hosted service uses HTTPS and standard security measures to protect data in transit. No system is infallible, but the service is designed to limit exposure and avoid unnecessary collection.

11. Policy Modifications

Updates are published with a new effective date. Continued use of the hosted application implies acceptance of the current version.

12. Contact

For questions about this policy or data handling, contact [email protected].

This internal page mirrors the legal information published in the getty documentation and is intended to provide a direct, crawlable policy URL for the hosted application.