1. Who we are
To Donate is a platform for creators to receive messages from their viewers in real time and display them in stream widgets. This policy explains how we process personal data under the General Data Protection Regulation (GDPR) and applicable Portuguese legislation.
For the purposes of this policy, To Donate acts as the data controller for data processed in operating the platform. For privacy requests, please contact us at support@todonate.me.
2. Data processed
- Account data: name, email, profile picture, and OAuth provider identifier.
- YouTube integration data when the creator connects their channel: basic authorised Google account data, channel identifier and name, livestream selection, granted permissions, OAuth tokens needed to maintain the connection, and live chat data read by the YouTube Data API, such as technical message identifiers, authors, message text, Super Chat/Super Sticker, timestamps, and metadata needed for alerts and basic moderation.
- Creator public data: username, public page, and widget settings, including QR codes, messages, support goals, and public display options when activated by the creator.
- Messages sent by viewers: name provided, content, date/time, and where applicable, moderation status.
- Essential technical data: session cookies, security logs, and operational metadata.
- Payment data: chosen method, amount, payment status, and technical identifiers needed to confirm and reconcile payments. The MB WAY phone number is used to initiate the request with EuPago and is not stored by To Donate. EuPago, Stripe, or equivalent providers process the data required for the payment; we do not store full card details.
- Creator financial onboarding data: contacts, activity, tax data, banking details, and documents needed for EuPago validation where applicable, including request status and technical identifiers assigned by the provider.
- External integration data, when the creator connects them on their own initiative: identifier, title, and public channel data, selected livestream metadata, access credentials (OAuth tokens), and, for the YouTube chat robot, public live chat messages from the broadcast, including the author's display name, message content, and public YouTube monetary support (Super Chat, Super Sticker, and memberships). These details are covered in the External integrations section.
- Game data (smart triggers), when activated: events from the creator's own game (e.g., eliminations, rounds, and end of match) used to trigger overlays on the broadcast. We do not collect data from other players or the Steam identifier.
- Advertiser data (B2B marketplace), when available: public brand contact data (company name, contact email, phone, website, country, sector, social media, and logo) and the creator's express consent record to receive proposals.
3. Purposes
- Service provision: creating accounts, authenticating users, storing messages, and displaying widgets.
- Contractual performance: managing the relationship with creators using the platform.
- Legitimate interest: security, abuse prevention, technical diagnostics, operational team notifications, and service improvement.
- Transactional and operational communications: sending emails needed to confirm actions, support payments, notify the team about new financial onboarding requests, or manage the account.
- Consent: non-essential cookies, analytics, marketing, or optional communications.
- Legal obligation: invoicing, accounting, responding to authorities, and tax compliance when payments are involved.
- Pre-contractual and contractual due diligence: preparing EuPago onboarding, KYC/KYB validation, and potential activation of settlements/split-payments for creators.
- Stream integrations: connecting external accounts chosen by the creator, validating channels and broadcasts, reading relevant events for widgets, displaying real-time alerts, and maintaining the integration's technical status.
4. Google/YouTube
When a creator chooses to connect their YouTube channel, To Donate uses Google OAuth and requests only the permissions required for the activated feature. Currently, the read integration uses the scope https://www.googleapis.com/auth/youtube.readonly to validate the channel, list or validate the creator's livestreams, and read live chat events needed for widget alerts.
To Donate does not use Google/YouTube data for advertising, data sales, advertising profile creation, or AI model training. We do not share Google/YouTube data with third parties except when necessary to provide the feature requested by the creator, comply with legal obligations, or protect platform security.
We store OAuth tokens and technical integration metadata while the connection is active or as long as needed for security, auditing, and service operation. The creator can disconnect the integration in To Donate settings and can also revoke access directly in their Google account at myaccount.google.com/permissions. After revocation, To Donate will no longer be able to access new data from that channel through the Google API.
The use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements.
5. Sharing
We may share data with the following sub-processors and recipients, exclusively for the purposes described:
- EuPago and Stripe: payment processing, including Pix in BRL through Stripe, and KYC/KYB validation.
- Google LLC: authentication and YouTube integration.
- Twitch: authentication and receiving channel events (subscriptions, bits, followers) for alerts, as described in the External integrations section.
- Streamlabs and StreamElements: forwarding donation alerts, when activated by the creator.
- Voice synthesis (TTS) provider used in alerts, when activated: OpenAI.
- Hosting, email, and service monitoring providers, including Vercel, Neon/PostgreSQL, Fly.io, Upstash/Redis, and Resend.
When a creator submits financial onboarding, we may share with EuPago the contacts, business data, and documents needed for KYC/KYB validation, anti-fraud analysis, activation of payment methods, settlement, and potential split-payment configuration.
Transferências internacionais. Some recipients are located outside the European Economic Area, namely Google LLC (United States) for Google/YouTube integrations, Streamlabs (United States), and StreamElements (Israel/United States) for alert forwarding. These transfers are safeguarded by GDPR mechanisms, including the European Commission's Standard Contractual Clauses and, where applicable, adequacy decisions (Israel) or the EU-U.S. Data Privacy Framework.
6. Sub-processors
To operate To Donate, we may use hosting, database, cache/rate limiting, authentication, email, payment, observability, and stream integration providers. These may include, depending on the active feature, Vercel, Neon/PostgreSQL, Fly.io, Upstash/Redis, Google/YouTube, Twitch, EuPago, Stripe, Resend, Streamlabs, and StreamElements.
These providers process data only within the scope of service provision, the integration requested by the creator, payment processing, security, or legal compliance. Some providers may process data outside the European Economic Area using applicable legal mechanisms, including Standard Contractual Clauses where necessary.
7. Retention
We retain each data category only for the period necessary for the described purposes:
- Account data: while the account is active and up to 12 months after closure, unless required otherwise by legal obligation, litigation, fraud, security, or rights defence.
- Payment and invoicing data: for the applicable legal and tax retention period of 10 years.
- Messages and live chat data ingested from external platforms: messages associated with donations may be kept while the account is active; technical events and raw chat data are kept for up to 90 days, unless needed for security, fraud, litigation, or legal obligation.
- Audit and security records: up to 24 months.
- Game events (smart triggers): up to 90 days.
After these periods, data is deleted or anonymised. Financial onboarding documents may not be deleted immediately when retention is necessary for legal obligations, rights defence, auditing, fraud prevention, or payment provider requirements.
- OAuth tokens and integration metadata are kept while the connection is active or as long as needed for security, auditing, incident resolution, or legal obligations.
- Technical events from widgets, chat, integrations, and automations are retained only for the period needed to operate the platform, diagnose issues, prevent abuse, and comply with applicable obligations. Wherever possible, we use public payloads or hashes instead of full payloads.
- Audit logs may be kept for a longer period when necessary for security, fraud prevention, evidence of relevant actions, or legal compliance.
8. Public messages
By sending a message to a creator, the name provided, the message content, and where applicable the paid amount may appear publicly on the broadcast, stream widget, support goals, and creator panels. Do not include sensitive data or information you do not want to be made public.
9. External integrations
Some features depend on connections that the creator voluntarily activates and can disconnect at any time in their settings:
- YouTube (Google LLC). By signing in or connecting YouTube, the creator authorises access to the following Google scopes: openid, email, profile, and youtube.readonly. By activating the chat robot, they additionally authorise the scope youtube.force-ssl, which allows To Donate to publish public messages in the live chat on the creator's behalf. This data is exchanged with Google servers.
- Twitch. By signing in or connecting Twitch, the creator authorises access to the scopes user:read:email, channel:read:subscriptions, bits:read, and moderator:read:followers. In addition to authentication, these scopes allow us to receive channel events (subscriptions, bits, followers) to trigger alerts on the broadcast. This data originates from Twitch.
- Streamlabs and StreamElements. By connecting these integrations, the creator authorises us to forward to those platforms, for each paid message, the sender's display name, message content, amount, and donation currency. For StreamElements, the creator's account email is also sent as a technical alert identifier.
- Game integration (CS2). The creator installs a configuration file that sends their own game state to To Donate, authenticated by a token that can be rotated at any time.
- Advertiser marketplace (B2B), when available. Creator participation is by express opt-in; we process public brand contact data to present proposals and creatives.
The creator is responsible for having a legal basis to forward their audience's data (for example, live chat messages) and for complying with the terms of the external platforms they connect.
10. Rights
You may request access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent. You may also lodge a complaint with the National Data Protection Commission (CNPD). Authenticated creators can export their data in JSON, trigger anonymisation of stored payment technical data for their account, and delete the account through account settings. Data we are required to retain by law (for example, invoicing records) is retained or anonymised as described in the Retention section.
11. Security
We apply proportional technical and organisational measures, including OAuth authentication, secure session cookies in production, input validation, basic moderation, distributed rate limiting, payment webhook validation, security headers, audit logs with pseudonymised IPs, encryption of external integration access credentials, data minimisation, and access control. Financial onboarding documents and data are treated as restricted information, with internal access limited to authorised personnel, downloads subject to access control, and use only for EuPago validation, payment management, and related obligations. No system is 100% risk-free, but we follow a data minimisation and access control approach by default.
12. Contact
The data controller is To Donate, with operational contact at Av. da República, Vila Nova de Gaia. For requests related to privacy, data protection, or exercise of GDPR rights, please contact us at support@todonate.me. No data protection officer has been appointed; requests should be sent to this contact.
Utilizadores no Brasil. We process data from Brazilian users, including Pix payments in BRL through Stripe, under the LGPD. Data subject requests and queries may be directed to support@todonate.me; the competent supervisory authority is the ANPD.
