Privacy Policy
Effective Date: May 24, 2026 | Last Updated: May 24, 2026
1. What We Collect
- Email Address — used only for transactional purposes (e.g., confirmations, receipts).
- Payment Information — only collected when you choose to amplify a story, and processed securely via a third-party provider.
- Offline Payment Details — wire/ACH reference codes, deposit confirmations, and related metadata needed to reconcile non-card payments. We do not store your full bank account number; those are handled by Chargebee, Plaid, or your financial institution.
- Identity Verification Data — if required for fraud prevention, we may collect limited government-issued ID information, selfies, or verification logs through trusted vendors (e.g., Stytch or Persona). We only request this when necessary to comply with law or protect our community.
- Activity Data — stories you like or follow are stored with your account so we can show your library back to you. Anonymous story-view counts and aggregated traffic telemetry (page views, referring source) are recorded for analytics but are not tied to your account.
- Optional Info — like name or preferences, if you choose to share it.
We do not collect biometric data or sensitive identifiers.
2. How We Use Your Info
- Send you receipts, confirmations, or story status updates
- Process your Amplify purchases securely
- Reconcile offline payments, match wire references, and keep invoices accurate
- Verify your identity when needed to prevent fraud, abuse, or unauthorized access
- Improve your viewing and submission experience
We never sell or rent your data.
3. Email Communication
We only use your email for:
- Transaction confirmations
- Story submission status updates
- Receipts for Amplify purchases
We do not send promotional emails unless you specifically opt in elsewhere.
4. Cookies & Analytics
We use cookies and analytics to:
- Understand viewer behavior
- Improve platform performance
You can disable cookies in your browser settings or manage your preferences below. We also honor the Global Privacy Control (GPC) signal — if your browser advertises GPC, we automatically decline analytics and marketing trackers, no further action required.
Cookie Declaration & Preferences
Streamlly uses Cookiebot to manage consent for analytics, personalization, and ad delivery. Use the button below to reopen the same consent prompt you saw when you first visited Streamlly.
5. Third-Party Tools
We share personal information with the following service providers strictly to operate Streamlly. Each is contractually obligated to protect your data and use it only for the purpose listed.
- Stytch — authentication and session management (email, account ID).
- Chargebee — checkout, subscription, and invoicing (payment details, billing address).
- Plaid — bank deposit detection for offline Amplify payments (transaction metadata).
- Persona — identity verification when fraud signals require it (limited government ID).
- Google Analytics — aggregated, de-identified site usage telemetry.
- Taboola — story recommendations on partner networks (pseudonymous cookie ID).
- Mux — video delivery and playback analytics.
- Cookiebot — consent management.
- Cloudflare — content delivery network + edge analytics (page views, performance timing) when Cloudflare Web Analytics is enabled on the streamlly.com zone.
- Help Scout / Beacon — support inquiries you initiate from /about.
We also load the following advertising and marketing pixels through our Google Tag Manager container. These pixels run only after you accept the marketing category in our cookie consent banner, and never on stories you watch (we suppress them on /story/* paths in the page itself):
- Meta Pixel (Facebook / Instagram) — ad measurement + audience building.
- TikTok Pixel — ad measurement + audience building.
- X (Twitter) Pixel — ad measurement + audience building.
- Vibe — connected-TV ad attribution.
- IntenTiQ — cross-publisher audience identifier.
- Google Ads (DoubleClick) — Google Ads remarketing lists.
Streamlly does not sell personal information for money. When the marketing pixels above are allowed to run, the cookie ID they set on your browser may be shared with the listed ad platforms for cross-context behavioral advertising — under California law (CPRA), that counts as "sharing." You can opt out at any time by clicking Your Privacy Choices in the footer, choosing Reject in the cookie banner, or enabling the Global Privacy Control signal in your browser — we honor GPC automatically. See Section 8 below for California-specific rights.
6. Your Rights
You can:
- Download your data — go to Account & Data and click Download my data for a JSON export of everything we store about you.
- Delete your account — same page, Delete. Your profile and identifying data are removed within 30 days.
- Correct your info — update your account details directly, or email us.
- Withdraw consent — use the cookie preferences button above, or visit Your Privacy Choices in the site footer.
Contact us at: [email protected]
7. How We Protect Your Info
We use encryption and secure infrastructure. Payment details are processed via PCI-compliant third parties only, identity documents are stored with specialized vendors, and offline payment references are limited to the metadata needed to match your deposit.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act and its amendments (collectively "CCPA") give you the following rights. The disclosures below apply to information collected in the twelve months preceding the Last Updated date.
Categories of Personal Information We Collect
- Identifiers — email address, account ID, IP address.
- Commercial Information — Amplify purchase history, invoice references.
- Internet or Network Activity — stories you have liked or followed (tied to your account); anonymous story-view counts and aggregated page-view telemetry (not tied to your account).
- Inferences — none drawn or stored for profiling purposes.
- Sensitive Personal Information — only collected when fraud prevention requires identity verification (government ID, selfie), and only as long as needed.
Sale or Sharing of Personal Information
Streamlly does not sell personal information for money or other valuable consideration. When you allow marketing cookies, the cookie identifier set by the advertising pixels listed in Section 5 (Meta, TikTok, X, Vibe, IntenTiQ, Google Ads) may be shared with those platforms for the purpose of cross-context behavioral advertising — which under CPRA counts as "sharing". We suppress all of these pixels on story-watch pages (/story/*) so they never see what video you watched. You can opt out of sharing at any time:
- Click Your Privacy Choices in the footer and turn off the Marketing category.
- Reject all in the cookie banner.
- Enable Global Privacy Control in your browser — we honor it automatically (no pixels load).
Your California Rights
- Right to Know — what categories and specific pieces of personal information we have collected.
- Right to Delete — request deletion of personal information we have collected from you.
- Right to Correct — request correction of inaccurate personal information.
- Right to Opt Out of Sale / Sharing — applies if/when we ever change our practices.
- Right to Limit Use of Sensitive Personal Information — restrict use of any sensitive PI beyond what's necessary to provide the service.
- Right to Non-Discrimination — exercising these rights will not change the price or quality of the service you receive.
How to Exercise Your Rights
- Right to Know: visit Account & Data → Download my data, or email us.
- Right to Delete: visit Account & Data → Delete, or email us.
- Right to Opt Out / Privacy Choices: click Your Privacy Choices in the footer, or enable the Global Privacy Control signal in your browser — we honor GPC automatically.
- Authorized Agent: you may designate someone to submit a request on your behalf. We will require written authorization and verification of the agent's identity before acting.
We may verify your request by matching against the email on your Streamlly account. We will respond within 45 days, with one 45-day extension if reasonably necessary.
Submit any California-specific request to [email protected] with the subject line California Privacy Request.
9. Children's Privacy
We do not knowingly collect information from children under 13.
10. Updates to This Policy
We'll update the "Last Updated" date and notify users if major changes are made.
11. Questions?
Contact us here.