Back to Legal

Privacy Policy

Information about how Streamify GmbH collects, uses, and protects your personal data in accordance with the GDPR

Privacy Policy

Effective Date: March 12, 2026

This Privacy Policy explains how Streamify GmbH ("Streamify," "we," "us," or "our") collects, uses, stores, and protects your personal data when you use our platform and services. This policy is provided in accordance with Articles 13 and 14 of the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Data Controller

The data controller responsible for processing your personal data is:

Streamify GmbH
Loeffelstrasse 22-24
70597 Stuttgart
Baden-Wuerttemberg, Germany

Email: hello@streamify.com
Phone: +49 173 769 2475
Website: https://streamify.com

Managing Director (CEO): Tin Votan

Commercial Register: HRB 798666, Amtsgericht Stuttgart
VAT ID: DE460009955

2. Data Protection Officer

For all data protection inquiries, you may contact our Data Protection Officer at:

Email: privacy@streamify.com

Streamify GmbH
Attn: Data Protection Officer
Loeffelstrasse 22-24
70597 Stuttgart, Germany

3. Categories of Personal Data We Collect

3.1 Account Data

When you register for a Streamify account, we collect and process personal data through our authentication provider Clerk, including:

  • Full name
  • Email address
  • Profile picture (optional)
  • Password (hashed, managed by Clerk)
  • Authentication tokens and session data
  • Account preferences and settings
  • Organization membership and role information

3.2 Payment Data

When you subscribe to a plan or process payments, we collect data through Stripe and/or PayPal, including:

  • Billing name and address
  • Payment method details (card number, expiration date, CVC -- processed and stored exclusively by Stripe or PayPal; we do not store full card numbers)
  • Transaction history
  • Subscription status and plan information
  • Payout and bank account details (for creators receiving payments)
  • Invoice and billing records

3.3 Video and Content Data

When you upload and manage video content via Mux, we process:

  • Video files and metadata (titles, descriptions, tags)
  • Thumbnail images
  • Playback statistics and analytics
  • Video encoding and processing data
  • Playlist and category assignments

3.4 Website Builder Content

When you use our website builder (powered by Craft.js), we store:

  • Page layouts and design configurations
  • Text content, images, and media references
  • Theme and styling preferences
  • Published website content

3.5 Viewer Data

When end users (viewers) access platforms built with Streamify, we may collect:

  • Email address (for account creation on customer platforms)
  • Viewing history and preferences
  • Purchase and subscription data for content access
  • IP address and approximate geolocation
  • Device and browser information

3.6 Domain and DNS Data

When you configure custom domains for your streaming platform, we process:

  • Domain names and DNS records
  • SSL/TLS certificate data
  • Domain verification records

3.7 Technical and Usage Data

We automatically collect certain technical data when you use our services:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Pages visited and features used
  • Referring URLs
  • Date and time of access
  • Error logs and performance data

3.8 Communication Data

When you contact us, we process:

  • Email correspondence
  • Support ticket content
  • Feedback and survey responses

4. Legal Bases for Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

4.1 Performance of a Contract -- Art. 6(1)(b) GDPR

  • Providing and maintaining your Streamify account
  • Processing subscription payments and payouts
  • Hosting and delivering video content
  • Operating the website builder and publishing platforms
  • Managing custom domains and DNS configurations
  • Providing customer support

4.2 Consent -- Art. 6(1)(a) GDPR

  • Sending marketing communications and newsletters
  • Setting non-essential cookies (where applicable)
  • Processing optional profile information

You may withdraw your consent at any time by contacting us at privacy@streamify.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

4.3 Legal Obligation -- Art. 6(1)(c) GDPR

  • Maintaining financial and tax records
  • Responding to lawful requests from authorities
  • Compliance with anti-money-laundering regulations
  • Retaining invoice and transaction data as required by German tax law (Abgabenordnung)

4.4 Legitimate Interest -- Art. 6(1)(f) GDPR

  • Improving and optimizing our platform and services
  • Preventing fraud, abuse, and security threats
  • Analyzing aggregated usage patterns for product development
  • Ensuring network and information security
  • Enforcing our Terms of Service and Acceptable Use Policy

Our legitimate interests are balanced against your rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 8).

5. Data Processors and Third-Party Services

We use the following third-party service providers (data processors) to operate our platform. Each processor is bound by a Data Processing Agreement (DPA) in accordance with Article 28 GDPR.

Service ProviderPurposeData ProcessedLocationTransfer Mechanism
Clerk (Clerk, Inc.)Authentication and user managementAccount data, session tokens, profile informationUnited StatesStandard Contractual Clauses (SCCs)
Stripe (Stripe, Inc.)Payment processing and payoutsPayment details, billing information, transaction dataUnited StatesStandard Contractual Clauses (SCCs)
PayPal (PayPal (Europe) S.a r.l. et Cie, S.C.A.)Payment processingPayment details, billing information, transaction dataUnited States / European UnionSCCs / EU entity
Mux (Mux, Inc.)Video hosting, encoding, and streamingVideo files, playback data, viewer analyticsUnited StatesStandard Contractual Clauses (SCCs)
Amazon Web Services (AWS S3)File storageUploaded files, documents, media assetsEuropean Union (Frankfurt)Processed within the EU
NeonDB (Neon, Inc.)Database hostingAll application data stored in the databaseUnited StatesStandard Contractual Clauses (SCCs)
Amazon Web Services (AWS CloudFront/ECS)Web application hosting and edge deliveryHTTP request data, IP addresses, performance metricsEuropean Union / global edgeStandard Contractual Clauses (SCCs)
Resend / AWS SESTransactional email deliveryEmail addresses, email content, delivery metadataUnited States / European UnionStandard Contractual Clauses (SCCs)

6. International Data Transfers

Some of our data processors are located outside the European Economic Area (EEA), particularly in the United States. For these transfers, we rely on the following safeguards in accordance with Articles 44-49 GDPR:

  • Standard Contractual Clauses (SCCs): We have entered into EU-approved Standard Contractual Clauses with all US-based processors, as adopted by the European Commission.
  • Supplementary Measures: Where necessary, we implement additional technical and organizational measures (such as encryption in transit and at rest) to ensure an adequate level of data protection.
  • EU-US Data Privacy Framework: Where applicable and where processors are certified under the EU-US Data Privacy Framework, we additionally rely on this adequacy decision.

You may request a copy of the applicable Standard Contractual Clauses by contacting privacy@streamify.com.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Data CategoryRetention PeriodBasis
Account dataDuration of account plus 30 days after deletionContract performance
Payment and transaction data10 years after the transactionGerman tax law (Section 147 AO, Section 257 HGB)
Invoice and billing records10 yearsGerman tax law (Section 147 AO, Section 257 HGB)
Video content and metadataDuration of account; deleted within 30 days of account closureContract performance
Website builder contentDuration of account; deleted within 30 days of account closureContract performance
Viewer dataDuration of the viewer account on the customer platform; deleted upon requestContract performance / Legitimate interest
Server logs and technical data90 daysLegitimate interest (security)
Communication and support data3 years after resolutionLegitimate interest
Cookie dataSee Cookie Policy for specific durationsConsent / Legitimate interest

After the retention period expires, data is securely deleted or anonymized so that it can no longer be linked to an identifiable individual.

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to access that data along with information about the purposes, categories, recipients, retention periods, and your rights.

8.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data and the completion of incomplete data.

8.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data where the data is no longer necessary for its original purpose, you withdraw consent, you object to processing, or the data was unlawfully processed. This right is subject to legal retention obligations.

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing where you contest the accuracy of the data, the processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification.

8.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where processing is based on consent or contract and is carried out by automated means.

8.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data based on legitimate interests (Art. 6(1)(f) GDPR). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

You also have the right to object at any time to processing for direct marketing purposes, in which case we will immediately cease such processing.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

8.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Streamify GmbH is:

Der Landesbeauftragte fuer den Datenschutz und die Informationsfreiheit Baden-Wuerttemberg (LfDI)
Lautenschlagerstrasse 20
70173 Stuttgart, Germany
Phone: +49 711 615541-0
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@streamify.com
Mail: Streamify GmbH, Attn: Data Protection, Loeffelstrasse 22-24, 70597 Stuttgart, Germany

We will respond to your request within one month. In complex cases, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay.

We may ask you to verify your identity before processing your request to ensure the security of your data.

9. Automated Decision-Making and Profiling

Streamify does not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, as described in Article 22 GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and role-based permissions
  • Regular security assessments and updates
  • Secure authentication through Clerk with support for multi-factor authentication
  • Monitoring and logging of access to personal data
  • Employee training on data protection and security

11. Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@streamify.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Effective Date" at the top of this page. For significant changes, we may also notify you via email.

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us:

Streamify GmbH
Loeffelstrasse 22-24
70597 Stuttgart, Germany

Email: hello@streamify.com
Privacy inquiries: privacy@streamify.com
Phone: +49 173 769 2475

Cookie settings

We use cookies to improve your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept", you agree to the storing of cookies on your device.

You can customize your settings by clicking . For more details, see our Cookie Policy.