Privacy Policy

This document is a general template provided for transparency and should be reviewed by qualified legal counsel before being relied upon. It describes how Castinar handles personal data.

Castinar ("Castinar", "we", "us") operates the webinar and live-streaming platform available at castinar.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it. For any privacy question, contact us at privacy@castinar.com.

1. Data we collect

• Account data — name, email address, password (hashed), and role, created when you register.
• Webinar & content data — webinars, autowebinars, recordings, slides, polls, offers, branding and chat messages you create or that occur during your events.
• Registration & attendance data — information that your attendees submit to register for your webinars (e.g. name, email), and watch/engagement metrics.
• Payment data — billing and transaction records. Card and payment details are processed by our payment providers; we do not store full card numbers.
• Connected-account data — when you connect a third-party platform (e.g. YouTube) via OAuth, we store access/refresh tokens (encrypted) and basic channel/stream identifiers needed to provide the integration.
• Technical & usage data — IP address, device/browser information, log data, and analytics about how the service is used.
• Cookies — see section 6.

2. How we use data

• To provide, operate and maintain the platform (hosting webinars, streaming, chat, recordings, registrations).
• To authenticate you and keep your account and sessions secure.
• To process payments and manage billing.
• To deliver the integrations you enable (e.g. restreaming to and aggregating chat from external platforms).
• To send transactional emails (e.g. registration confirmations, notifications).
• To monitor, troubleshoot, improve and secure the service.
• To comply with legal obligations.

Our legal bases (under the GDPR/RODO) include the performance of our contract with you, your consent (e.g. connecting third-party accounts), our legitimate interests in operating and securing the service, and compliance with legal obligations.

3. Third-party services & data processors

We rely on the following providers to operate the platform. Each processes only the data needed for its function:

• Google / YouTube — to connect your YouTube channel and manage live broadcasts and live chat on your behalf (see section 4).
• Payment processors — to handle billing and transactions.
• Email service provider — to deliver transactional emails.
• Content delivery network (CDN) — to deliver video and platform assets.
• Streaming infrastructure — to power real-time audio/video.
• Hosting & database providers — to store and serve application data.

4. YouTube API Services

Castinar uses YouTube API Services to let you connect your YouTube channel and to create, manage and stream to your live broadcasts and read or send live-chat messages on your behalf, only for the features you explicitly enable.

• By using these features you also agree to the YouTube Terms of Service.
• Google's handling of your data is described in the Google Privacy Policy.
• You can review and revoke Castinar's access to your Google account at any time at myaccount.google.com/permissions.
• We use data obtained through the YouTube API Services solely to provide the restreaming and chat features you enable, do not use it for advertising or profiling, and do not sell it or share it with third parties except as needed to operate those features.
• OAuth tokens obtained for YouTube are stored encrypted and are revoked/deleted when you disconnect the integration or delete your account.

5. Sharing & disclosure

We do not sell your personal data. We share data only with the processors listed above, where required by law or to respond to lawful requests, and in connection with a business transfer (e.g. merger), subject to this policy. Content you publish to external platforms (e.g. a restreamed broadcast) is governed by those platforms' own terms and privacy policies.

6. Cookies

We use strictly necessary cookies for authentication and security (for example cstr_auth, cstr_refresh and cstr_csrf), which keep you signed in and protect against cross-site request forgery. We may also use limited analytics to understand usage. You can control cookies through your browser settings; disabling necessary cookies will prevent you from signing in.

7. Data retention

We keep personal data for as long as your account is active and as needed to provide the service, then for any period required to meet legal, accounting or security obligations. You can request deletion as described in section 9.

8. Security

We use industry-standard measures to protect data, including encrypted transport (HTTPS), encryption of sensitive secrets at rest (such as stream keys and OAuth tokens), and access controls. No method of transmission or storage is completely secure, but we work to protect your information.

9. Your rights

Subject to applicable law (including the GDPR/RODO), you may have the right to access, correct, delete, or port your data, to restrict or object to certain processing, and to withdraw consent. To exercise these rights, email privacy@castinar.com. You also have the right to lodge a complaint with your local data protection authority (in Poland, the President of the Personal Data Protection Office, UODO).

10. International transfers

Some of our processors may store or process data outside your country. Where data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses.

11. Children

The service is not directed to children under 16, and we do not knowingly collect their data.

12. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date above and, where appropriate, notify you of material changes.

13. Contact

Questions about this policy or your data: privacy@castinar.com.