Privacy & your Twitch data
The short version: we ask Twitch for read-only permissions, we encrypt the access tokens we store, and you can disconnect and delete everything in one click. Here are the details.
We only request read permissions. The connection you grant cannot post or send messages as you, change your title/category, run ads, start raids, time out or ban anyone, or modify any channel setting. There is no write access to give away — by design.
What we access, and why
When you click “Connect with Twitch,” we ask only for the permissions needed to run your overlay:
| Permission (scope) | What it lets us do |
|---|---|
Sign-in + emailopenid, user:read:email | Identify your channel and create your account. We store your Twitch user id, display name, and email. |
Followersmoderator:read:followers | Receive a “new follower” event so the overlay can pop a follow alert. |
Subscriptionschannel:read:subscriptions | Receive sub / resub / gift-sub events for alerts. |
Bitsbits:read | Receive cheer events for bits alerts. |
Channel pointschannel:read:redemptions | Detect a channel-point redemption so viewers can trigger taunts (Pro). |
These are event streams — we react to “someone just followed/subbed/cheered” to draw an alert. We do not download or store your follower or subscriber lists, and raids need no permission at all.
What we store
| Data | Where / how |
|---|---|
| Twitch id, display name, email | Our Postgres database, to run your account. |
| Twitch access & refresh tokens | Encrypted at rest (AES-256-GCM). They authorize the alert events above and nothing else. |
| Your overlay settings + keys | Your dashboard config and your private overlay/control keys. |
| Billing (Pro only) | A PayPal subscription id and its status. Your card / PayPal login go straight to PayPal and never touch our servers. |
Who else is involved
- Twitch — sign-in and the alert event streams.
- PayPal — payments, only if you upgrade to Pro.
- Anthropic (Claude) — only if a viewer uses the
!askbot command; that question text is sent to generate a reply. - Vercel (app hosting) and the WebSocket relay host — infrastructure that runs the service.
- Public game/meme feeds (the AoE2 ladder API, meme-api/Reddit) — used for ELO and the ticker. No personal data is sent to them.
We do not sell your data or use it for advertising.
Delete everything, anytime
You’re always in control:
- In Studio, use “Disconnect & delete my data.” This revokes our token at Twitch and permanently deletes your account, tokens, and settings from our database.
- Or revoke us anytime from Twitch directly: Settings → Connections → Disconnect.
- For anything else — questions, data requests — email support@aoebott.live.
This is a tool built for streamers, not a data company. Not affiliated with Twitch or Microsoft / Age of Empires. See also our Terms.