Streamlint Privacy Policy
Effective date: 2026-05-09 Operator: T&E Capital Partners LLC (Wyoming, USA), DBA "Streamlint." Contact: privacy@streamlint.com
This Privacy Policy explains what data Streamlint collects, why, how we store and share it, and your rights. It applies to streamlint.com and any service offered there.
1. Plain-English summary
- We collect the email you type at checkout, the IP-derived country and region (used to enforce our 18+ and geofence rules), and the screenshot or short clip you upload.
- We send the screenshot or clip to a third-party AI model (Anthropic) to generate your report. We do not store the bytes of the upload after the report is generated.
- We do not sell your data. We do not use your data to train AI models.
- You can email privacy@streamlint.com to request deletion of your report and order metadata at any time.
The rest of this document is the formal version.
2. Categories of data we collect
| Category | What | Why | How long |
|---|---|---|---|
| Order metadata | Email, Stripe session id, payment timestamps, order amount | Deliver your audit, support refunds, satisfy tax / accounting recordkeeping | Up to 7 years (tax + chargeback window), then deleted |
| Geo data | IP-derived country and region (no full IP retained) | Enforce 18+ rules, geofence Illinois, Texas, EU, UK | Stored with the order; deleted with order metadata |
| Upload content | Screenshot (PNG/JPG) or short clip (MP4) you submit | Generate your audit | Processed in memory; bytes are NOT persisted |
| Audit report | Structured JSON + rendered HTML of the report we returned to you | So you can revisit your report | Until you request deletion |
| Audit log | Internal action log: who/what/when, model used, cost, latency | Operational observability, fraud prevention, debugging | 12 months, then aggregated or deleted |
| Inbound and outbound transactional + support emails | Support, billing, legal correspondence | 3 years from last contact |
3. Categories of personal information under California law
For purposes of the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) as amended by CPRA, we may collect the following statutory categories:
- Identifiers: email address, IP-derived country/region.
- Commercial information: purchase records.
- Internet activity: session timestamps, audit ids.
- Inferences from upload content: lighting / framing / audio scoring derived from your Upload.
- Sensitive personal information / biometric-adjacent (only when you submit a clip containing your face or voice): the clip is processed by the AI model; we do not retain it; we do not use it to train the model; we do not sell it; we do not share it with anyone other than the model provider for the purpose of generating your report.
We do not collect: precise geolocation; government IDs; financial-account numbers (Stripe holds those, not us); health data; sexual-orientation data; union-membership data; race or ethnic-origin data; religious-belief data; immigration-status data.
4. How we use the data
- Service delivery. Generate and deliver your audit. Email you the report.
- Payment processing. Pass minimum necessary fields to Stripe to charge and refund.
- Fraud and abuse prevention. Detect duplicate orders, geofence circumvention, chargeback patterns.
- Compliance. Enforce age and geofence rules, respond to DMCA notices, maintain the audit log required by our internal QA and self-improvement loops.
- Service improvement. Aggregated, non-identifying performance metrics (e.g., median report generation latency, error rates).
We do not use your data for advertising. We do not use your data to train AI models. We do not sell your data.
5. Who we share data with
We share the minimum data necessary with the following processors:
| Processor | What | Where |
|---|---|---|
| Anthropic, PBC | Your Upload content + the rubric prompt, for the duration of one inference call | United States |
| Stripe, Inc. | Payment data (card data goes directly to Stripe; we never receive it) | United States |
| Supabase, Inc. | Order metadata, audit reports, internal audit log | United States |
| Resend (Resend.com, Inc.) | Email content (transactional reports, receipts, support replies) | United States |
| Vercel, Inc. | Web hosting; request logs | United States |
| Cloudflare, Inc. | DNS, CDN, geofencing at the edge | Global edge, request originating from US |
We share data with law enforcement only when legally compelled (subpoena, court order, valid legal process) or when we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of any person.
6. Your rights
Depending on where you live, you may have the following rights. Email privacy@streamlint.com to exercise any of them. We will verify your identity through the email associated with your order before actioning a request.
- Right to know. Get a copy of the personal information we hold about you.
- Right to delete. Have your report and order metadata deleted (subject to retention required by law, e.g., tax records).
- Right to correct. Correct inaccurate information.
- Right to opt out of sale or sharing. We do not sell or share your data; this right is therefore not exercised because there is nothing to opt out of.
- Right to limit use of sensitive personal information. You may direct us to use SPI only for purposes the CPRA expressly permits without consent. We already operate within those purposes.
- Right to non-discrimination. Exercising any right above does not change your access to the Service or the price you pay.
We will respond to verified requests within 45 days. If we need an extension we will tell you why.
7. "Do Not Sell or Share My Personal Information"
We do not sell or share personal information for cross-context behavioral advertising. There is no sale to opt out of. If our practices change we will update this section and provide a working "Do Not Sell or Share" link before any such activity begins.
8. Data security
We use industry-standard practices: TLS in transit, encryption at rest in our database, scoped service-role access, and audit logging on every data-touching action. No method of transmission or storage is 100% secure, but we are not aware of any data breach as of the effective date above. We will notify affected users and regulators as required by applicable law in the event of a breach.
9. Children
The Service is for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, email privacy@streamlint.com and we will delete it.
10. International users
The Service is currently offered only to users located in the United States outside Illinois and Texas. We have geofenced the European Economic Area and the United Kingdom because we have not yet implemented a GDPR-compliant consent flow. If you reach the Service from a geofenced region you will see a "not yet available in your region" page; no personal data is processed.
11. Changes
We may update this Privacy Policy. Material changes will be posted on this page with a new effective date. If a change materially expands the categories of data we collect or the purposes for which we use them, we will provide notice (e.g., via email at the email associated with your order) before the change takes effect.
12. Contact
- Privacy and data requests: privacy@streamlint.com
- General: hello@streamlint.com
- Mailing: T&E Capital Partners LLC, 30 N Gould St Ste N, Sheridan, WY 82801
This Privacy Policy is drafted for the v1 launch posture. It is intended to be defensible standalone but has not yet been reviewed by outside counsel; counsel review is on the Phase 2 reinvestment checklist.