— LEGAL

PRIVACY
POLICY.

Last updated: March 2026 · v2.0 · Effective immediately

01 — INTRODUCTION

About This Policy

This Privacy Policy describes how Rastry (“we”, “our”) collects, uses, and protects your information when you use our services: RastryControl, Rastry Music, and the Rastry Platform.

By using any Rastry service you agree to the data practices described here. We are committed to data minimization — collecting only what is strictly necessary to provide the service.

02 — DATA WE COLLECT

Information We Receive

RASTRYCONTROL

→Twitch OAuth token (scoped, read-only where possible)

→Channel name and broadcaster ID

→Subscription and follower counts

→Current stream title and category

Your Twitch token is stored locally on your machine and never transmitted to Rastry servers.

RASTRY MUSIC

→Spotify OAuth token (read access only)

→Currently playing track, artist, and album metadata

→Playback state and volume level

Music tokens are stored in memory only and discarded on disconnect.

RASTRY PLATFORM

→Email address (required for account creation)

→Twitch username and user ID

→Overlay layout and configuration preferences

→Anonymized usage analytics

03 — DATA USAGE

How We Use Your Information

→Authenticate with Twitch and Spotify on your behalf

→Display real-time overlay elements on your stream

→Save and restore your overlay and bot configuration

→Generate anonymized product usage statistics

→Respond to support requests and bug reports

→Send essential service notifications (outages, security alerts)

We do not use your data for advertising, and we do not sell it to any third party.

05 — SECURITY

How We Protect Your Data

→All traffic is transmitted over HTTPS / TLS 1.2+ encryption

→RastryControl tokens remain local — never uploaded to servers

→Database records are encrypted at rest

→Access to production systems is restricted and audited

→Affected users are notified within 72 hours of any confirmed breach

While we apply industry-standard security measures, no system is fully immune to risk. We recommend using strong, unique passwords for your Twitch and Spotify accounts.

06 — YOUR RIGHTS

Data Subject Rights

ACCESS

Request a full copy of all data we hold about you.

CORRECTION

Ask us to fix inaccurate or incomplete information.

ERASURE

Request permanent deletion of your personal data.

OPT-OUT

Withdraw consent for analytics collection at any time.

To exercise any of these rights, contact us at contact@rastry.com. We will respond within 30 days.

07 — OAUTH SCOPES

Permissions Requested

Rastry requests the minimum OAuth scopes required to operate. Below is a complete breakdown:

channel:read:subscriptions

Display live subscriber count in overlays

channel:read:hype_train

Show hype train progress in real time

moderator:read:followers

Display follower count and recent follows

channel:manage:broadcast

Allow stream title and game updates from RastryControl

user-read-currently-playing

Show currently playing song from Spotify

user-read-playback-state

Detect play / pause state for overlay sync

08 — MISC

Children & Policy Updates

Rastry services are not directed to children under 13. We do not knowingly collect personal data from minors. If you believe a child has provided data, contact us immediately for removal.

We may update this policy periodically. The “Last Updated” date at the top of this page reflects the most recent revision. Continued use of Rastry after an update constitutes acceptance of the revised policy.

CONTACT

Questions about this policy?

We are happy to help with any privacy questions or data requests.

PRIVACYPOLICY.