Privacy Policy

Last updated: May 23, 2026

What is Hellow

Hellow is a streaming chat aggregation service that combines chat messages from multiple platforms (Kick, TikTok, Twitch, YouTube) into a single unified view.

Data We Collect

Account Data

When you sign in via a third-party platform (Kick, TikTok, Twitch, or YouTube), we store:

Your platform user ID and username
A chosen Hellow handle

We do not store your password. Authentication is handled entirely by the third-party platform via OAuth.

Chat Data

Chat messages are temporarily relayed through our service for real-time display. Messages are not permanently stored - they are held in memory for up to 6 hours and limited to the most recent 1024 messages per channel, after which they are discarded.

Viewer Data

Viewers may optionally set a country flag for display in chat. We store the platform ID and selected flag code for this purpose.

Data We Do Not Collect

We do not embed analytics or telemetry in our code
We do not track browsing behavior
We do not sell or share data with third parties
We do not use cookies for tracking purposes

Data Security

We use industry-standard security procedures to protect the confidentiality of your data, including all Google user data we access:

Encryption in transit. All communication between your browser, Hellow's servers, third-party platforms (including Google APIs), and our database uses TLS (HTTPS / wss:// / rediss://) to protect data from interception while it moves between systems.
Encryption at rest. Sensitive credentials — including all OAuth access tokens and refresh tokens we hold for Google and other platforms — are encrypted before being written to our database using AES-256-GCM, a NIST-approved authenticated encryption standard. The encryption key is held outside the database, in our application's secret store, and is not retrievable by anyone with read access to the database alone.
Limited access. Only a small number of authorized maintainers can access the production infrastructure, and access is gated behind multi-factor authentication on every involved provider. No third party has access to stored user data.
Secure infrastructure. Application servers, database, and edge layer all run on reputable managed providers that enforce TLS on every connection. The third-party services we rely on are listed below.
Authentication. We never store your platform passwords. Sign-in is delegated entirely to each platform's OAuth flow. Sessions within Hellow are issued as signed JWTs that expire on a fixed schedule.
Minimization. We request only the minimum OAuth scope required to provide the service, store only the fields described in this policy, and discard data we no longer need (for example, live chat messages are not persisted past the lifetime of the broadcast).

No system is perfectly secure, but we treat any incident affecting user data with priority and will notify affected users without undue delay.

Google API Services / YouTube Data

Hellow uses Google API Services to allow you to link your YouTube channel. This section describes how we handle data obtained through Google APIs, in compliance with the Google API Services User Data Policy.

Data Accessed

When you sign in or link your YouTube account, we request the youtube.force-ssl scope. This is the minimum scope that allows us to both read your live chat and post messages back to it. During and after authorization, we access:

Your YouTube channel ID, handle, and display name (for account linking and display)
Your active live broadcasts (to detect when you go live and find the associated live chat)
Messages sent in your live chat (to mirror them into Hellow's unified chat in real time)
Your live chat moderator list (to determine which viewers have moderation permissions)
Outgoing live chat messages we post on your behalf when you send a message through Hellow

How We Use This Data

To create and link your Hellow account to your YouTube channel
To auto-detect when you start a YouTube live stream and connect your chat to other platforms
To mirror YouTube live chat messages into the unified Hellow chat view alongside other platforms
To send chat messages you compose in Hellow back to your YouTube live chat
To recognize your YouTube moderators so they can use Hellow's moderation tools

Data Storage and Retention

We store your YouTube channel ID, handle, and display name in our database
We store your OAuth access token and refresh token, encrypted at rest with AES-256-GCM. These are required to maintain a persistent connection to your live chat and to send chat messages on your behalf — without them we would have to prompt you to re-authorize on every stream
Live chat messages pass through Hellow's relay in real time. Recent messages (up to 256 per live stream) are held briefly so viewers joining mid-stream can see context, then discarded when the stream ends
We do not store the content of your live chat messages, your video content, or any other YouTube data beyond what is listed above
All stored data is retained until you delete your Hellow account or unlink your YouTube connection, at which point it is permanently removed

Data Sharing

We do not sell, rent, or share your Google user data with third parties
We do not use Google user data for advertising or marketing purposes
We do not use Google user data to train AI or machine learning models
Your Google data is only used by Hellow to provide the chat aggregation service described above

Third-Party Services

Hellow relies on the following third-party services:

Kick, TikTok, Twitch, YouTube - for OAuth authentication and chat connectivity
Cloudflare - for hosting and content delivery
Fly.io - for backend infrastructure
Stripe - for payment processing (if applicable)

Each of these services has its own privacy policy.

Data Deletion

You may request deletion of your account and all associated data at any time by contacting us. Deleting your account removes all stored user data, broadcast links, and subscription information.

Contact

For privacy-related inquiries, reach out via GitHub: github.com/wfzyx