Privacy Policy
Last updated: May 2025 · GDPR compliant
At Stream Circle, we take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we process it, and your rights under the GDPR.
1. Data Controller
Stream Circle is the data controller responsible for your personal data. For any questions or requests: contact form.
2. Data We Collect
We process the following personal data to provide our service:
| Category | Data | Source |
|---|---|---|
| Identity & contact | First name, last name, email address | Registration or social sign-in |
| Profile photo | Uploaded avatar or photo from your social account | Optional |
| Event data | Event name, date, location, description | When you create an event |
| Media files | Uploaded photos and videos | Via guest upload or direct upload |
| Payment reference | Transaction reference (card details stay with Stripe) | When purchasing a plan |
| Technical data | IP address, browser type, server logs | Automatically on each request |
| Session data | Session token, last login date | When you sign in |
3. Legal Basis for Processing (GDPR Article 6)
- Contract Account management, event creation, and file uploads — necessary to deliver the service (Art. 6(1)(b)).
- Legitimate interest Server logs and security monitoring to prevent fraud and protect our systems (Art. 6(1)(f)).
- Consent Profile photo — optional and can be removed at any time (Art. 6(1)(a)).
4. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | While account is active + 30-day backup | — |
| Event data & media | Until the event is archived or deleted | — |
| Payment records | 7 years | Tax compliance |
| Server logs | 90 days | Security and debugging |
| Session tokens | 7 days (active session) or until sign-out | — |
5. Third Parties
- Cloudflare R2 — Photo and video storage. GDPR-compliant with EU data center options.
- Stripe — Payment processing. Card details are held exclusively by Stripe; we never see card numbers.
- Google / Meta (Facebook) — Optional social sign-in. Only name, email, and profile photo are retrieved.
We never sell or share your data with third parties for marketing purposes.
6. Your Rights Under GDPR
- check_circleRight of access: You can request a copy of the personal data we hold about you.
- check_circleRight to rectification: You can ask us to correct inaccurate or incomplete data.
- check_circleRight to erasure: You can request deletion of your account and all associated data.
- check_circleRight to data portability: You can receive your data in a machine-readable format.
- check_circleRight to restriction: You can request that we limit processing under certain conditions.
- check_circleRight to object: You can object to processing based on legitimate interests.
- check_circleRight to lodge a complaint: You can file a complaint with your national supervisory authority.
To exercise any of these rights, use our contact form. We will respond within 30 days.
7. Data Security
All data is transmitted over HTTPS. Passwords are stored as bcrypt hashes — never in plain text. Session tokens are single-use and rotated on every sign-in. Cloudflare R2 storage uses AES-256 encryption.
8. Cookies
For detailed information about our use of cookies, see our Cookie Policy.
9. Changes to This Policy
We may update this policy from time to time. For significant changes, we will notify you at your registered email address.