Privacy Policy

How Ember Studio collects, uses, stores, and protects your information — including platform connections, stream data, chat, overlays, and billing through Stripe.

Last updated: June 30, 2026

This document is provided for informational purposes and does not constitute legal advice.

See also Terms of Service.

Introduction

Bright Forest Software ("we," "us," or "our") operates Ember Studio, a stream command center for live creators. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

By creating an account or using Ember Studio, you agree to this Privacy Policy. If you do not agree, please do not use the service.

Information we collect

We collect information in the following categories:

  • Account information — name, email address, profile image (if you sign in with Google), email verification status, and account creation date.
  • Session information — authentication cookies, session tokens, and optional IP address and browser user-agent recorded with active sessions.
  • Platform connection data — Twitch and YouTube OAuth tokens (encrypted at rest), connected channel identifiers, display names, avatars, connection status, and granted OAuth scopes.
  • Stream and destination data — stream run titles, schedules, statuses, destination selections (such as YouTube Live and YouTube Vertical), provisioned broadcast and ingest identifiers, metadata (categories, tags, privacy settings), and error messages from platform APIs.
  • Chat data — messages ingested from connected platforms while you are live, including author display names, message bodies, timestamps, badges, and whether a message was sent from Ember.
  • Alert events — follows, subscriptions, memberships, and raids received through platform webhooks (such as Twitch EventSub) while connected.
  • Overlay and studio data — overlay package configurations, widget layouts, theme settings, signed browser-source URLs, OBS studio settings, and stream preparation checklists you create.
  • Content pipeline data — content ideas, planned streams, templates, recurring schedules, content assets, repurpose tasks, and stream notes.
  • OBS integration metadata — when you connect OBS locally, connection and health statistics may be read from your machine through your browser; we do not store your OBS password.
  • Subscription and billing metadata — Stripe customer and subscription identifiers, plan tier, status, billing period dates, and cancellation flags. Payment card details are collected and stored by Stripe, not by us.
  • Trial usage — records of stream runs used during your Creator trial period, if applicable.

How we use information

We use the information above to:

  • Authenticate you and keep your account secure.
  • Connect and maintain Twitch, YouTube, and other platform integrations you authorize.
  • Provision live broadcasts, ingest keys, and destination metadata on your behalf.
  • Display unified chat, alerts, overlays, and control-room tools while you stream.
  • Provide content planning, stream history, and post-stream workflows.
  • Enforce subscription tiers, trial limits, and feature access.
  • Process subscriptions and send billing-related updates through Stripe.
  • Send transactional emails (such as sign-in magic links) through our email provider.
  • Operate, maintain, and improve the service; diagnose errors; and comply with law.

How we share information

We do not sell your personal information. We do not share your data for cross-context behavioral advertising. We share information only with service providers that help us run the app, under contracts that limit their use of your data:

  • Google — user sign-in (Better Auth) and YouTube Data API for broadcast provisioning, chat polling, and analytics where enabled.
  • Twitch — OAuth, chat, metadata sync, and EventSub webhooks for alerts.
  • Stripe — subscription checkout, billing portal, and payment processing.
  • Resend — delivery of authentication emails.
  • Vercel — application hosting and, when enabled, privacy-oriented Web Analytics.
  • Neon — managed PostgreSQL database hosting for application data.
  • Better Auth — authentication session management integrated with our application.

Platform data and your responsibilities

When you connect Twitch, YouTube, or other platforms, you authorize us to access data on your behalf according to the scopes you approve. You remain responsible for complying with each platform's terms of service and community guidelines.

Chat messages and alert data originate from third-party platforms. We ingest them to display in your control room; we do not control how those platforms store or moderate that data.

Cookies and similar technologies

We use essential cookies and local storage required for sign-in sessions and core app functionality. We do not use third-party advertising cookies. If we enable optional privacy-oriented analytics (such as Vercel Web Analytics), those tools are configured to avoid collecting stream content or chat message bodies.

Data retention

We retain your account information while your user account exists. Stream history, chat messages, and overlay configurations are retained to provide history and reporting features unless you delete them or your account.

If your Creator subscription ends, your account may move to Starter tier limits. Your data generally remains stored unless you request deletion.

Deletion and disconnecting platforms

You can disconnect individual platform accounts from Broadcast Setup or Connections. Disconnecting revokes our access to that platform's API on your behalf and may remove associated ingest resources where applicable.

There is no self-serve "delete my user account" button today. To request deletion of your user account and associated data, email us at the contact address below. We will process verified requests within a reasonable timeframe, subject to legal retention obligations.

Security

We use industry-standard measures to protect data in transit (HTTPS) and at rest. Platform OAuth tokens are encrypted using application-managed encryption keys. Overlay browser-source URLs are signed to prevent unauthorized access.

No method of transmission or storage is completely secure. Please use a strong, unique sign-in method and notify us if you suspect unauthorized access.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. To exercise these rights, contact us using the email below. We may need to verify your identity before responding.

You can disconnect platforms, cancel subscriptions through the Stripe billing portal, and manage overlay and stream data within the app.

Children

Ember Studio is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

Changes to this policy

We may update this Privacy Policy when our practices or legal requirements change. We will post the revised policy on this page and update the "Last updated" date. Material changes may also be communicated in the app or by email where appropriate.

Contact us

Questions about this Privacy Policy or our data practices? Email privacy@brightforestsoftware.com.