Privacy Policy
Effective date: 2026-05-06 · Version: 2026-05-06
1. Who is responsible for your data?
The data controller for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) is the operator of 2chat. Full identification is in the Legal Notice. You can contact us at privacy@2chat.tv.
We have not appointed a Data Protection Officer (DPO); however, you can address any data-protection question to the contact address above. The competent supervisory authority is the data protection authority of the EU Member State where the operator is established (see Legal Notice). You may also lodge a complaint with the supervisory authority of the EU Member State of your habitual residence under Article 77 GDPR.
2. What data we process & why
| Category | Examples | Purpose | Lawful basis |
|---|---|---|---|
| Account | Discord ID, username, avatar URL, email | Operate the service, link your sessions | Art. 6(1)(b) — performance of a contract |
| Live audio & video | WebRTC peer-to-peer streams; relayed via Cloudflare TURN when a direct connection fails | Real-time chat. Streams are sent peer-to-peer and are not recorded by us. When peers cannot connect directly, encrypted media is relayed through Cloudflare’s TURN servers; Cloudflare receives connection metadata but the media stays end-to-end encrypted (DTLS-SRTP). | Art. 6(1)(b) |
| Camera overlays (face landmarks) | On-device face position used to place cosmetic AR overlays | Cosmetic filters. Processed only in your browser; no facial geometry/template is stored or transmitted. The MediaPipe model is loaded from a CDN (jsDelivr / Google), which receives your IP address. | Art. 6(1)(a)/(b) |
| Identity verification (optional) | Live selfie + government ID, processed by Stripe Identity | Optional “verified” badge. This is biometric / special-category data and is processed only if you start verification yourself. | Art. 9(2)(a) — explicit consent |
| Report-triggered safety captures | Still JPEG images of your video feed (no audio). Two cases: (1) a single frame captured when you are reported; (2) while a staff member is actively observing a live room for an ongoing-harm investigation, your feed may be sampled as periodic still frames for the duration of that observation. There is no continuous recording and no audio capture. | Verifying user complaints under our Community Guidelines | Art. 6(1)(f) — legitimate interest in user safety, accepted as a condition of use under Terms §7; Art. 21 right to object reviewable case-by-case (no per-user opt-out, since an opt-out would defeat the safety purpose) |
| Reports | Reason, optional note, screenshot | Investigate complaints (DSA Art. 16) | Art. 6(1)(c) — legal obligation; Art. 6(1)(f) — legitimate interest in safety |
| Payments | Stripe session ID, amount, frame purchased | Process purchases, comply with tax/accounting law | Art. 6(1)(b) + Art. 6(1)(c) |
| Age & parental | Date of birth, parent email if minor | Verify eligibility, comply with DSA Art. 28 | Art. 6(1)(c) + Art. 8 (children) |
| Logs & consents | Acceptance timestamps, IP, user-agent | Demonstrate compliance | Art. 6(1)(c) — accountability |
3. Retention
- Account data— for the lifetime of your account; deleted within 30 days of an account-deletion request, unless retention is required by law.
- Live audio/video— not retained by us; relayed peer-to-peer.
- Live-observation snapshots(case 2 above) — deleted within about one hour of capture by an automated job.
- Report screenshots & report evidence— retained while the report is open and for up to 30 days after, then deleted by an automated cleanup job; report metadata may be kept up to 2 years after resolution and then anonymised.
- Payment records— up to 10 years to comply with applicable EU and national tax / accounting retention obligations.
- Consent records— for the lifetime of the account plus 3 years.
4. Sub-processors
We rely on the following processors. They are bound by data processing agreements; full details are available on request.
- Supabase, Inc.— database, auth, storage, realtime. EU region (Frankfurt). DPA available at supabase.com/legal/dpa.
- Stripe Payments Europe, Limited— payment processing.
- Stripe Technology Europe, Limited (Stripe Identity) — optional identity verification (live selfie + government ID); processes special-category biometric data only if you start verification.
- Discord, Inc.— (a) OAuth identity provider for sign-in; and (b) a recipient we use for internal moderation operations: when an account is created or a report or support ticket is filed, the relevant details (e.g. username, the report reason and your note, and account metadata) are forwarded to a private staff channel on Discord so our moderators can act. We are working to minimise this; see “International transfers” below.
- Cloudflare, Inc.— STUN/TURN relay for WebRTC connectivity. Receives connection metadata (and an internal user identifier) when media must be relayed; media remains end-to-end encrypted.
- Push delivery services(Google, Apple, Mozilla) — if you enable push notifications, the title and body of the notification are delivered through your browser/OS push service.
- Vercel Inc.— web application hosting.
5. International transfers
Some sub-processors are based in or operate from the United States (Stripe, Discord, Cloudflare, Vercel, and the push services). Transfers are protected by the EU–US Data Privacy Framework or by Standard Contractual Clauses adopted by the European Commission, as applicable. You can request copies of these safeguards at the contact address above.
6. Your rights
You have the right to:
- request access to your personal data (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased (Art. 17 — “right to be forgotten”);
- restrict processing (Art. 18);
- data portability (Art. 20) — you can download a machine-readable copy of your core account data from the Settings tab, and request any further data we hold at the contact address below;
- object to processing based on legitimate interest (Art. 21);
- withdraw any consent you have given, at any time, without affecting the lawfulness of processing before the withdrawal;
- lodge a complaint with your local EU data protection authority (see Section 1).
To exercise these rights, contact privacy@2chat.tv. We respond within 30 days.
7. Automated decision-making
We do not use any fully automated decision-making with legal or similarly significant effects. Bans and warnings are decided by human moderators reviewing reports.
8. Children
2chat is for users 18 and older. Users who are at least 13 but under 18 may use the service only with the permission and supervision of a parent or legal guardian, must confirm that consent and provide a guardian contact email, which we may use to contact the guardian. We never knowingly collect personal data from anyone under 13. If you believe a user under 13 has registered, or that a minor is using the service without guardian consent, please contact us immediately at privacy@2chat.tv and we will remove the account.
9. Security
We protect your data with encryption in transit (HTTPS, WebRTC’s DTLS-SRTP) and at rest, role-based access control, audit logs, and regular dependency updates. No system is perfectly secure; in the unlikely event of a personal data breach affecting your rights and freedoms we will notify you and the competent supervisory authority as required by Art. 33–34 GDPR.
10. Changes
We may update this policy. The current version and effective date appear at the top. Material changes will be highlighted in the app.