PRIVACY POLICY

1. INTRODUCTION
Welcome to the Privacy Policy of ZI-CHAT. At ZI-CHAT, we place great importance on protecting your personal information. This policy outlines how we collect, use, share, and protect your personal data when you use our platform.

2. INFORMATION COLLECTED
We collect the following types of data when you use ZI-CHAT:
- Personal Information: such as your first name, last name, email address, postal address, phone number, and identity document for identity verification.
- Account Information: such as your username and password.
- Payment Information: if you choose to subscribe to paid services.
- Usage Information: such as interactions with the platform, preferences, and account settings.

3. USE OF INFORMATION
We use your personal information to:
- Provide, operate, and improve our services.
- Manage your account and respond to your requests.
- Personalize your user experience and communicate with you.
- Prevent fraud and ensure the security of our users and our platform.
- Comply with our legal and regulatory obligations.

4. SHARING OF INFORMATION
We do not sell or rent your personal information to third parties. We share your information in the following circumstances:
- With third-party service providers to facilitate our services (e.g., payment processing).
- When required by law or to protect our rights.

5. PROTECTION OF INFORMATION
We implement technical and organizational security measures to protect your personal information against unauthorized access, misuse, or disclosure.

6. YOUR CHOICES AND RIGHTS
You have the right to access your personal information, correct it, update it, or delete it. You may also choose to limit certain uses of your information.

7. DATA RETENTION
We retain your personal information for as long as necessary to provide our services and to comply with our legal obligations.

8. MODIFICATION OF OUR PRIVACY POLICY
We may update this Privacy Policy periodically. Changes will be posted on this page with an indicated update date.

9. CONTACT US
For any questions regarding this Privacy Policy, you can contact us at the following email address: info@zi-chat.com.

10. THIRD-PARTY PLATFORM INTEGRATIONS

10.1 Services we integrate with

When you choose to use our "Chat Aggregator" feature on the streaming gaming page, Zi-Chat communicates with the following third-party APIs on your behalf:

- YouTube Data API v3 — provided by Google LLC
- Twitch Helix API — provided by Twitch Interactive, Inc.
- Meta Graph API — provided by Meta Platforms Ireland Limited

These services are only contacted after you have explicitly authorized Zi-Chat via the OAuth 2.0 standard. Connection is opt-in, and you can disconnect at any time from the streaming dashboard.

10.2 Data we read from third parties

For each connected platform, Zi-Chat requests the minimum scope required to aggregate live chat during your streams:

- Platform: YouTube | OAuth scope: youtube.readonly | Data read: Your YouTube channel identifier, the ID of your active live broadcast, and public live chat messages sent by viewers during your live
- Platform: Twitch | OAuth scope: chat:read | Data read: Your channel username and public IRC chat messages sent to your channel during your live
- Platform: Facebook | OAuth scope: pages_show_list, pages_read_engagement, pages_read_user_content | Data read: Page identifier of the Facebook Page you manage, and public comments posted on live videos of that Page during your live

10.3 Data we do NOT collect

To make our policy explicit, the following information is never accessed, stored, or shared by Zi-Chat:

- Personal email addresses of viewers beyond what is visible as a public username
- Your friends list, followers list, or subscribers list
- Private messages or direct messages on any platform
- Content from channels other than your own connected channel
- Payment, financial, or billing information held by third parties
- Information about minors or protected users

10.4 How we use third-party data

Data received via third-party APIs is used exclusively to display aggregated live chat messages inside the Zi-Chat streaming dashboard during your live session. Specifically:

- Messages are displayed in real time, in a single unified feed
- Messages are not persisted to our database once the live session ends
- Messages are not used to build advertising profiles
- Messages are not transferred to any third party other than the platform of origin
- Messages are not read by Zi-Chat staff unless required for abuse investigation, security, legal compliance, or with your explicit consent

10.5 Third-party privacy policies

Because we act as an API client on your behalf, you should also be aware of the privacy policies of the platforms you connect:

- Google: https://policies.google.com/privacy
- Twitch: https://www.twitch.tv/p/legal/privacy-policy/
- Meta: https://www.facebook.com/privacy/policy/

10.6 Your rights on third-party data

You may at any time:

- Disconnect a platform from the Zi-Chat streaming dashboard ("Disconnect" button)
- Revoke Zi-Chat's access directly from the platform:
- Google: https://myaccount.google.com/permissions
- Twitch: https://www.twitch.tv/settings/connections
- Facebook: https://www.facebook.com/settings?tab=applications

11. OAUTH TOKEN STORAGE AND SECURITY

11.1 Encryption at rest

OAuth tokens (access_token, refresh_token) issued by third-party platforms are stored on our servers only in encrypted form. We use AES-256-GCM encryption with a server-side master key that is never exposed to clients.

11.2 Storage location

Tokens are stored exclusively on our MAIN application server, within the preference_social_media_utilisateur table. They are never replicated to satellite nodes (streaming, video, or TURN servers). When a satellite needs to perform an API call on your behalf, it requests a short-lived token from the MAIN server via an authenticated HTTPS internal channel.

11.3 Token lifecycle

- YouTube/Google: refresh tokens are reused to obtain short-lived access tokens. No expiry unless explicitly revoked.
- Twitch: refresh tokens are reused to obtain short-lived access tokens.
- Facebook: Page tokens are long-lived (60 days) and must be re-issued via a new OAuth flow after expiry.

11.4 Revocation

You can revoke Zi-Chat's access to a platform at any time:

1. Inside Zi-Chat: streaming dashboard → platform card → "Disconnect"
2. On the third-party platform: via the links listed in section 10.6

Once disconnected, the corresponding encrypted tokens are immediately deleted from our database.

11.5 Data deletion request

You may also request full deletion of all data linked to a platform integration, including historical metadata, by writing to our support. A Facebook-specific automated data deletion endpoint is available at https://www.zi-chat.com/api/oauth/facebook/data-deletion.

12. GOOGLE API SERVICES USER DATA POLICY — LIMITED USE DISCLOSURE

Zi-Chat's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

In particular, Zi-Chat commits to the following:

- Limited scope request: we only request the minimum OAuth scope necessary to provide our feature (youtube.readonly).
- No transfer to third parties: data obtained via Google APIs is not transferred to any third party other than to provide or improve the user-facing feature the data was collected for, and subject to this privacy policy.
- No advertising use: data obtained via Google APIs is never used for advertising, advertising targeting, or advertising profile creation.
- No unauthorized human reading: data obtained via Google APIs is not read by humans, unless:
a) the user has given explicit consent for Zi-Chat staff to read specific data;
b) it is necessary for security purposes (such as investigating abuse);
c) it is necessary to comply with applicable law;
d) the data has been aggregated and anonymized to the point where it can no longer be associated with an identifiable user.

For any question regarding this clause, contact: ukasead@gmail.com.