Privacy Policy

surstreaming (“we”, “us”, or “our”) respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.

The data controller is Sahin Salincakli’s SAHIN.TECH, Berlin, Germany (full details in the Impressum). For any privacy matter, contact surstreaming-support@sahin.tech.

Account data (via TikTok OAuth):

• TikTok Open ID (a pseudonymous identifier)
• Display name, username, and avatar URL

Billing data (via Stripe):

• Stripe customer ID and subscription ID
• We do not store card numbers or full billing addresses — these are held by Stripe, our payment processor.

Usage data:

• Stream session metadata (start/end times, TTS event counts)
• Server logs (IP address, timestamps) retained for up to 30 days

To provide the Service, we connect to your active TikTok LIVE stream and process incoming live events — chat comments, gifts, likes and follows, including the sending viewer’s display name — in real time so they can be converted to speech and played back to you.

This event content is processed transiently: it is converted to audio, played once, and discarded. We do not record, store, publish, or redistribute TikTok video, audio, or chat content, and we do not build profiles of viewers. We process this data on your behalf, as the streamer, solely to deliver the read-aloud feature you requested.

• Service delivery: Authenticating your session, enabling TTS features, and managing your subscription.
• Billing: Processing payments via Stripe and enforcing plan entitlements.
• Support: Responding to your enquiries.
• Security: Detecting and preventing abuse.

We do not sell your personal data to third parties, and we do not use it for advertising.

• Contract performance (Art. 6(1)(b)): Account management, delivering the TTS feature, and subscription billing.
• Legitimate interests (Art. 6(1)(f)): Service security and fraud prevention.
• Legal obligation (Art. 6(1)(c)): Tax and financial record-keeping; we retain billing records as the seller, while card data is held by Stripe.

We share data only with the following processors, under data processing agreements:

• Stripe: Payment processing. See Stripe’s Privacy Policy.
• TikTok: OAuth authentication only. We receive only the data TikTok provides through the OAuth scope.
• Eulerstream: A third-party connection/signing provider used to establish the TikTok LIVE connection so we can receive live events.
• Cloud infrastructure providers: Hosting and database services.

We do not sell or rent personal data to anyone.

Some of our processors (for example Stripe) may process data outside the European Economic Area. Where that happens, the transfer is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

• Account data is retained while your account is active and for 30 days after deletion.
• Subscription and invoice records are retained as required by tax law (up to 10 years under German law).
• TikTok LIVE event content is not retained — it is processed transiently and discarded.
• Server logs are purged after 30 days.

Under GDPR (and similar laws), you have the right to:

• Access a copy of the personal data we hold about you;
• Correct inaccurate data;
• Request deletion of your data (“right to be forgotten”);
• Restrict or object to certain processing;
• Data portability.

To exercise any of these rights, email surstreaming-support@sahin.tech. We will respond within 30 days. You also have the right to lodge a complaint with a data protection supervisory authority — in our case the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

We use a single HTTP-only session cookie for authentication. We do not use third-party tracking or advertising cookies. Stripe Checkout may set Stripe-managed cookies during payment; see Stripe’s privacy policy for details.

We use industry-standard measures including HTTPS, encrypted database storage, and access-controlled infrastructure. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

The Service is not directed at children under 13, and you must be at least 13 (the minimum age required by TikTok) to use it. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us and we will delete it.

We may update this Privacy Policy periodically. The revised version will be posted here with an updated effective date. For material changes, we will notify you by email or in-app notice.

For privacy enquiries or to exercise your rights, contact: surstreaming-support@sahin.tech

SAHIN.TECH, Berlin, Germany