Privacy Policy — Streamer Analytics Application

J and J Consulting (“we”, “us”, or “our”) respects the privacy of the creators, account holders, and program operators whose data is accessed through the Streamer Analytics Application (“the Application”). This Privacy Policy explains how the Application accesses, uses, stores, and protects data.

1. Scope

This policy covers data accessed and processed by the Application, including:

• Public profile information from social media platforms
• Aggregate engagement metrics from social media platforms
• Lists of content posted during a reporting period, with non-content metadata only
• OAuth access tokens granted by individual creators
• Operational logs and audit records

2. Information We Access

With explicit authorization from each individual creator (via per-platform OAuth grants) or from J and J Consulting’s own authenticated platform accounts where applicable, the Application accesses:

• Public profile information: display name, username or handle, profile image, follower count, video count, account creation date, where exposed by the platform
• Aggregate engagement metrics: concurrent viewer counts during live broadcasts, monthly view totals, monthly impression totals, subscriber counts
• Content lists: for the reporting month, the list of videos, posts, or broadcasts published by the creator, with non-content metadata (titles, durations, post timestamps, public engagement counts) only
• Internal authentication state: OAuth access and refresh tokens issued to the Application by each creator’s authorizing platform

The Application does not access private messages, the contents of private posts, payment information, or personally identifying information beyond what each creator has chosen to make publicly visible on their authorizing platform account.

3. How We Use This Information

Data accessed by the Application is used solely for:

• Producing monthly aggregated analytics reports about creator performance for the program operator who has engaged J and J Consulting to operate the pipeline
• Operational logging, reliability monitoring, and troubleshooting required to deliver the above
• Refreshing OAuth tokens proactively to maintain authorized access without re-prompting creators unnecessarily

We do not use this data for advertising, marketing analytics, profiling, or sale to any third party. We do not use this data to train, validate, fine-tune, or improve any machine-learning or artificial-intelligence models, whether J and J Consulting-operated, third-party-hosted, or otherwise.

4. Data Storage and Security

• OAuth access and refresh tokens are encrypted at rest on systems controlled by J and J Consulting and are keyed to the platform and creator identifier
• Application credentials are stored in access-restricted, version-control-excluded configuration on infrastructure controlled by J and J Consulting
• All API communications use TLS 1.2 or higher
• Audit logs are retained for operational and troubleshooting purposes
• Access is restricted to authorized J and J Consulting personnel with a need-to-know role in operating the pipeline

5. Third-Party Services

The Application integrates with the following third-party services strictly as service providers required to deliver the Application’s functionality:

• Twitch (Helix API) — follower counts (read via operator-side app-only access token, no per-creator OAuth required), subscriber counts (where broadcaster authorization is granted, per-creator OAuth scope: channel:read:subscriptions), live-session metadata, stream metadata.
• YouTube Data API v3 — channel statistics, live broadcast metadata, video lists. Per-creator OAuth scopes: https://www.googleapis.com/auth/youtube.readonly and https://www.googleapis.com/auth/yt-analytics.readonly (the latter used for channel-level views via the YouTube Analytics API).
• Meta Instagram Graph API — Instagram Business or Creator account metrics including follower counts and aggregate view totals. Per-creator OAuth scopes: instagram_business_basic and instagram_business_manage_insights.
• TikTok Display API — user profile metrics including follower count, and user video list. Per-creator OAuth scopes: user.info.basic, user.info.stats, and video.list.
• X API (formerly Twitter) — public profile metrics and post-level impression counts. Authenticated via operator-side app-only Bearer token; no per-creator OAuth required for the metrics we read.
• SocialBlade Business API — supplemental historical statistics used for cross-validation and as a fallback during platform review periods. Authenticated via operator-side API key; no per-creator OAuth.
• TwitchTracker — supplemental Twitch metrics used for cross-validation. Public-page access; no authentication or OAuth required.

Data accessed through these services is used solely as described in Section 3. We do not share data with any third party beyond what is required for the operation of the Application or required by law.

6. Data Recipients

Aggregated analytics reports produced by the Application are delivered to the program operator that has engaged J and J Consulting to operate the pipeline. Per-creator raw data and tokens are not delivered to the program operator; only aggregate metrics derived from authorized API reads.

7. Data Retention

• OAuth tokens are retained for the duration of the active integration with each creator. Tokens are deleted upon creator-initiated revocation, upon disconnect by J and J Consulting’s administrator, or upon termination of the engagement.
• Aggregated audit logs are retained for operational and compliance purposes.
• Source data accessed during a reporting month is retained only as long as needed to produce the monthly report; raw snapshot data is purged on a rolling basis.

8. Creator Rights — Access, Revocation, and Deletion

Each creator who has authorized the Application may:

• Revoke the Application’s access at any time through the relevant platform’s app permissions interface (e.g., Twitch Connections, Google Account Permissions, Meta Business Apps, TikTok Manage App Permissions, X Connected Apps). Revocation invalidates the corresponding OAuth tokens immediately.
• Request deletion of, or access to, data stored about them by the Application by contacting us using the information in Section 12.

We will respond to verified deletion and access requests within thirty (30) calendar days of receipt, in accordance with applicable law.

9. Children’s Privacy

The Application is not directed to children under the age of 13 and does not knowingly access or process data from accounts owned by children under 13. Where a platform’s terms require creators to be of a higher minimum age, the Application accesses only accounts that comply with that platform’s age requirements.

10. International Data Transfers

The Application is operated from infrastructure located in the United States. By authorizing the Application, creators consent to the transfer of data accessed via authorized API reads to the United States for processing as described in this policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be reflected in this document at the published URL.

12. Contact

For questions or requests regarding this Privacy Policy: