This policy explains what CastFork collects, why, and what control you have over it.
Effective July 12, 2026
Account information — your name, email address, and password (stored as a salted hash, never in plain text) when you sign up directly, or your name and email from Google if you sign up that way.
Platform connections — when you connect a destination like YouTube (Google), Twitch, Facebook, X, LinkedIn, TikTok, Kick, that platform shares an authorization token and basic profile information (like your channel name) with us, governed by the permissions you approve during that platform’s own OAuth consent screen. Each of these platforms has its own privacy policy covering what it shares with connected apps — worth a look if you want the full picture from their side.
Content you create — video and audio you stream, upload, or record through CastFork, plus metadata like titles, descriptions, and thumbnails.
Usage and device data — stream health metrics (bitrate, dropped frames, connection status), pages you visit, browser type, and IP address, mainly for reliability and security.
We use this information to operate the service you signed up for: authenticating your account, relaying your stream to the destinations you’ve enabled, compositing Studio sessions, storing recordings under your plan’s retention window, showing you analytics, sending service emails (like a verification link or a failed-payment notice), and investigating abuse or security issues.
You can disconnect a platform from CastFork’s channel settings at any time, which deletes the stored token for that platform on our side. You can also revoke CastFork’s access directly from the platform’s own app-permissions page (for example, Google’s or YouTube’s connected-apps settings) — either method works, and doing it from the platform’s side is the faster way to be sure the token is dead everywhere.
We share information only in these situations:
You can update your account information, disconnect a platform, turn off individual email notifications, download your data, or close your account, all from account settings. If something isn’t self-serve yet, email us and we’ll help directly.
Passwords are hashed, never stored in plain text. OAuth tokens for connected platforms and custom RTMP credentials are encrypted at rest. Traffic between your browser and CastFork is encrypted in transit. No system is perfectly secure, but this is the standard we hold ourselves to, and we’ll notify affected users if that standard is ever broken by an incident.
Uploaded video is kept until you delete it. Cloud recordings of live streams and Studio sessions are kept for a window that scales with your plan — currently 15 to 30 days depending on tier, custom on Business and Enterprise — and are deleted automatically once that window passes, with no way to recover them afterward. Account and billing records are kept as long as your account is active, plus whatever period the law requires afterward for tax and accounting purposes.
Closing your account from account settings queues your profile, connected-platform tokens, uploaded video, and recordings for deletion. We keep a minimal billing record where the law requires it, and anything already streamed to a destination platform is governed by that platform’s own retention, not ours.
CastFork isn’t directed at children under 16, and we don’t knowingly collect information from anyone under that age. If you believe a child has created an account, email us and we’ll remove it.
We’ll post material changes here and, where required, notify you directly before they take effect. For questions about this policy or your data, email privacy@castfork.com. If you’re in the EU or UK, see our GDPR Compliance page for how to exercise your specific rights.