Privacy Policy

How account and channel data is handled.

Build 2026.04.11.2

Last Updated: March 11, 2026

RODbot processes only the data needed to authenticate authorized channels and execute configured bot features.

What we store: signed session cookies, OAuth token bundles for connected channels, channel configuration (commands/targets/catches/profile), and operational telemetry/caches.

How we use it: to discover streams, monitor chat, execute commands, enforce quotas, and provide dashboard/admin visibility.

What we do not do: sell personal data, share tokens with third parties, or expose OAuth tokens in API responses.

Retention and deletion: sessions expire automatically; OAuth tokens are revoked/deleted on disconnect; operational caches are short-lived; channel data persists while channel is onboarded unless reset/offboarded.

User controls: users can disconnect and revoke Google access at any time. Brand/proxy identities are handled per Google account behavior.

Retention Summary

Data Class Purpose Retention Deletion Trigger
Session Cookie Keep authenticated dashboard session Up to 30 days Logout, expiry, session invalidation
OAuth Token Bundle YouTube API access for connected channel While channel is onboarded Disconnect/revoke flow or token invalidation
Channel Config Command/chat/profile behavior While channel is onboarded Channel reset/offboarding request
Operational Logs/Telemetry Reliability, quota, and diagnostics Short-lived rolling retention Automatic TTL expiry

User Controls and Deletion

You can disconnect and revoke access at any time using the in-app Disconnect Google action or from your Google account permissions page.

If you need channel offboarding or data deletion assistance, contact support at wannaseemyrod@gmail.com. Target response time is within 7 calendar days.

Third-Party Policies

YouTube API Services Terms of Service YouTube API Services Developer Policies Google API Services User Data Policy Google Privacy Policy

OAuth Scope to Feature Mapping (Least Privilege)

Scope Feature Use Why Required
https://www.googleapis.com/auth/youtube.force-ssl Read live broadcast/chat resources and post authorized bot replies. Required for authenticated live chat read + insert operations from channel owner identity.
https://www.googleapis.com/auth/userinfo.email Bind Google identity email for tester/admin allowlist and session ownership. Required for operator identity association and access governance.
openid Bind stable Google subject (`sub`) for session and channel ownership linkage. Required for consistent identity mapping across reauth and session refresh.

RODbot uses incremental authorization: initial account sign-in requests identity scopes first, then requests YouTube runtime scope in a second OAuth step.

For full retention definitions, see the operator retention policy and contact support if you need offboarding help.