RastryRastry

Privacy Policy

Last updated: January 30, 2026

Introduction

Rastry (operated by an individual developer) operates the website rastry.com, the RastryControl desktop application, and the Rastry Music browser extension. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

Information We Collect

RastryControl (Desktop Application)

When you use the RastryControl desktop application, we collect:

  • User Account Data: Your Twitch username, user ID, and email (obtained via Twitch OAuth)
  • Session Tokens: Bearer tokens stored locally encrypted on your device for authentication
  • ShareCode: A unique 6-character code generated and stored in our database to enable remote OBS control
  • Tunnel URLs: Temporary connection URLs (valid while app is running, deleted when tunnel stops)
  • Command Logs: Records of OBS commands executed (scene changes, source visibility, etc.) with timestamps for security and debugging
  • Premium Status: Subscription tier (Free/PRO) managed through Stripe
  • OBS Metadata: Scene names, source names, and filter information (processed locally on your device, NOT stored on our servers)

Important: Your OBS video/audio streams are NEVER transmitted or stored. Only control commands are sent through encrypted tunnels.

Rastry Music Extension

When you use the Rastry Music browser extension, we collect:

  • Authentication Data: Session cookies to verify your login status with Rastry.com
  • Music Activity: Currently playing song title, artist name, album artwork, playback progress, and music service (Spotify or YouTube Music)
  • Website Content: Song metadata and cover images from music streaming services

Rastry Platform

  • Account Information: Twitch username and user ID when you authenticate via Twitch OAuth
  • Usage Data: Overlay configurations, preferences, and settings

How We Use Your Information

We use the collected information to:

  • Enable remote OBS control through secure encrypted tunnels (RastryControl)
  • Verify Premium license status and device authorization (RastryControl)
  • Display currently playing music on your stream overlays
  • Synchronize music data between the browser extension and OBS overlays
  • Authenticate your identity and maintain your session
  • Provide and improve our services
  • Store your customization preferences (colors, position, opacity)

Data Sharing and Third Parties

We do NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers or data brokers
  • Track your browsing history outside of YouTube Music and Spotify (browser extension only)
  • Transmit or store your OBS video/audio content

We share data with third-party services only when necessary for core functionality:

  • Twitch: For OAuth authentication (login)
  • Stripe: For Premium subscription payment processing (€3.99/month)
  • Cloudflare: For secure encrypted tunnels enabling remote OBS access
  • Cloud Hosting Provider (Vercel/Railway): For storing session data and ShareCodes

Data Storage and Security

RastryControl: ShareCodes are stored in our PostgreSQL database. Tunnel URLs are temporary and exist only while the tunnel is active (deleted when you stop the connection). Session tokens (Bearer tokens) are stored encrypted locally on your device using electron-store with AES encryption. All remote connections use end-to-end encrypted Cloudflare tunnels (wss:// protocol). OBS scene data is processed locally on your device and NEVER transmitted or stored on our servers.

Rastry Music: Music detection data is stored temporarily (up to 30 seconds) to synchronize with your OBS overlay. Your preferences and settings are stored in our database until you delete your account.

We implement industry-standard security measures including HTTPS encryption for all data transmission, secure authentication via NextAuth.js, and encrypted local storage for sensitive tokens.

Your Rights

You have the right to:

  • Access the data we have collected about you
  • Request deletion of your account and associated data
  • Opt-out of our services at any time by uninstalling the extension
  • Update your preferences and settings

Browser Extension Permissions

The Rastry Music extension requires the following permissions:

  • cookies: To authenticate your session with Rastry.com
  • storage: To save your authentication state locally
  • identity: For OAuth authentication flow
  • Host permissions (music.youtube.com, open.spotify.com, rastry.com): To detect music and communicate with our API

Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: contact@rastry.com

← Back to Home