RU

Streamrise Privacy Policy

Last updated: April 22, 2026

This Privacy Policy explains how Streamrise ("we", "us") collects, uses, stores, and shares the personal data of visitors and customers of stream-rise.com. It applies to EN-domain traffic and is drafted to align with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA) where applicable.

Russian-language customers on streamrise.ru are governed by the legacy Personal Data Processing Policy under Russian Federal Law 152-FZ; that document is available on the RU domain.

1. Data Controller

Streamrise is the data controller for personal data collected through stream-rise.com. Contact for privacy enquiries and data-subject-access requests: support@stream-rise.com. We do not currently operate an EU establishment, so for EU data subjects we accept requests via this email address under GDPR Article 27.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data. Email address, password hash, and optional display name supplied during registration.
  • Order data. Target channel name, service tier, quantity, and delivery preferences for each order you place.
  • Payment data. A tokenised reference to the payment method (provided by our payment processor), the last four digits of the card, and the billing address. We do not store the full card number — the PAN never reaches our servers.
  • Support data. The content of any ticket, email, or live-chat conversation you initiate with us, together with routing metadata (timestamp, user-agent, IP) needed to resolve the issue.
  • Usage data. Pages viewed, referrers, approximate geolocation (derived from IP), device and browser details, collected via cookies and server-side logs.
  • KYC data (conditional). For orders above the thresholds in our AML / KYC statement, we may additionally process identity documents, proof of address, and source-of-funds declarations.

3. Legal Basis for Processing

We process personal data under the following legal bases (GDPR Article 6):

  • Contract (Article 6(1)(b)). Account, order, and payment data — necessary to provide the services you request.
  • Legal obligation (Article 6(1)(c)). KYC documentation, sanctions screening, tax-invoice records — necessary to comply with AML regulations and tax law.
  • Legitimate interests (Article 6(1)(f)). Fraud prevention, security logging, service-quality analytics (aggregated), customer support routing. Balanced against your rights — you can object at any time via support@stream-rise.com.
  • Consent (Article 6(1)(a)). Non-essential cookies and marketing communications. You can withdraw consent at any time.

4. Cookies and Similar Technologies

We use the following categories of cookies and browser storage:

  • Strictly necessary. Authentication session token, CSRF protection, locale preference. These cannot be disabled without breaking core site functionality.
  • Performance & analytics. Yandex Metrika and, on some pages, Google Analytics. These use cookies to count pageviews, measure load performance, and identify broken flows. IP addresses are truncated before storage; we do not use these for cross-site behavioural profiling.
  • Support chat. Chatwoot live-chat widget stores a session identifier so that repeat visitors can resume a ticket without re-authenticating.
  • Marketing. We do not currently run third-party advertising cookies on stream-rise.com. If this changes we will update this policy and prompt a fresh consent.

On your first visit we present a cookie banner offering Accept / Reject / Manage choices for the non-strictly-necessary categories. You can change your choice at any time by clearing cookies for stream-rise.com and reloading the page.

5. Third-Party Processors

We share personal data with the following categories of sub-processor under GDPR Article 28 data-processing agreements. Each processor receives only the minimum data needed to perform its function.

  • Payment processors. Card and e-wallet transactions are routed to the processor selected at checkout (Visa/Mastercard acquirer, e-wallet provider, or cryptocurrency gateway depending on the payment method chosen). The processor is the controller of the card-holder data it collects from you directly.
  • Chatwoot (self-hosted). Our support-ticketing platform. Processes the content of support conversations.
  • Yandex Metrika. Web analytics. Receives truncated-IP pageview events.
  • Google Analytics. Web analytics (selected landing pages). Receives truncated-IP pageview events. We use the EU-SCC-compliant data-processing terms published by Google.
  • Email delivery. Transactional email (order confirmations, password resets, refund confirmations) is sent via our SMTP provider, which processes recipient email addresses and message content.
  • Infrastructure. Our servers are operated on commercial VPS infrastructure in European data centres. The hosting provider acts as an infrastructure sub-processor and does not access application data under normal operation.

We do not sell personal data to third parties, do not engage in cross-context behavioural advertising, and do not share personal data with data brokers.

6. Data Retention

We retain personal data only as long as necessary for the purpose for which it was collected:

  • Account data. Retained while the account is active, and for 12 months after the last login to support dispute resolution, after which the account is anonymised or deleted on request.
  • Order and payment records. Retained for 5 years from the order date (minimum required by AML and tax record-keeping obligations).
  • KYC documents. Retained for 5 years from the end of the customer relationship per our AML / KYC statement.
  • Support tickets. Retained for 24 months from the last message on the ticket.
  • Server logs. Operational logs are retained for 90 days; security / incident logs up to 12 months.
  • Analytics data. Aggregated pageview counters are retained indefinitely; individual-session-level analytics data is retained for 14 months or the provider's default, whichever is shorter.

7. Your Rights (GDPR & CCPA)

If you are in the EU, UK, or EEA you have the following rights under GDPR:

  • Access. A copy of the personal data we hold about you.
  • Rectification. Correction of inaccurate data.
  • Erasure ("right to be forgotten"). Deletion of data we no longer need a legal basis to keep. Note that some records (orders, KYC documents) must be retained under legal obligation and cannot be erased on request.
  • Restriction of processing. For example, during a dispute about accuracy.
  • Data portability. A machine-readable export of data you supplied to us.
  • Objection. To processing based on legitimate interests, including profiling.
  • Withdrawal of consent. At any time, for processing based on consent, without affecting the lawfulness of processing prior to withdrawal.
  • Complaint. The right to lodge a complaint with your national data-protection authority.

If you are a California resident, the CCPA gives you the rights to know what personal information we collect about you, to delete it (subject to the exceptions above), and to opt out of "sale" (we do not sell personal information as defined by the CCPA).

To exercise any of these rights, email support@stream-rise.com with your account email and a short description of the request. We respond within 30 days; if we need more time we will tell you within that window.

8. International Transfers

Our servers are located in European data centres. Some of our sub-processors (notably Google Analytics) may process data outside the EEA. Where this happens, transfers are made under the European Commission's Standard Contractual Clauses (2021 modules) or an adequacy decision where one is in force for the destination country.

9. Security

We apply industry-standard security controls: TLS 1.2+ for all traffic between your browser and our servers, password hashing with a modern KDF, access controls on administrative tooling, and logging of administrative actions. Payment-card data never transits our servers. We do not claim invulnerability — if you observe a potential vulnerability please report it to support@stream-rise.com (subject "Security").

10. Changes to this Policy

We may update this policy to reflect changes in our services, in the set of sub-processors we use, or in applicable law. The "Last updated" date at the top of this page reflects the most recent revision. Material changes that reduce your rights will be communicated by email to the address on your account at least 14 days before the change takes effect.

11. Contact

Privacy enquiries and data-subject-access requests: support@stream-rise.com.

See also: /refund-policy, /aml-kyc-statement, /contacts.

All services
twitch logokick logo