Legal
Privacy Policy
Your trust matters. This policy explains what data we collect, how we use and protect it, who we share it with, and the rights you have over your information.
Last updated · 10 July 2026
Introduction
This Privacy Policy explains how Streamlet ("Streamlet", "we", "us", or "our") collects, uses, discloses, and protects information when you use our media infrastructure platform at streamletedge.com and its associated APIs, dashboards, and SDKs (the "Service"). It applies to visitors, account holders, and their team members.
This policy should be read together with our Terms of Service. By using the Service, you agree to the practices described here. Where we act as a processor of Content on your behalf, you remain responsible for informing your own End Users about how their data is handled.
Information we collect
Information you provide
- Account data — your name, email address, password (stored only as a salted hash), workspace and organization details, and, where provided, company name, address, country, and phone number.
- Billing data — the Plan you select, billing cycle, transaction records, and invoices. Card and bank details are collected and processed directly by our payment processor and are not stored on our servers.
- Content — the videos, images, documents, audio, captions, and metadata you upload or generate through the Service.
- Support & communications — messages you send us, including support tickets, emails, and form submissions.
Information collected automatically
- Usage & log data — API requests, feature usage, storage and processing consumption, timestamps, and error logs.
- Device & connection data — IP address, browser and device type, user-agent, and approximate location derived from IP, used for security, delivery routing, and analytics.
- Delivery data — information needed to serve your Content at the edge, including request headers and geographic region, used to enforce signed-URL, geo, and referrer restrictions you configure.
How we use information
We use the information we collect to:
- Provide, operate, and maintain the Service, including ingesting, transcoding, storing, and delivering your Content;
- Generate captions and translations where you enable those features;
- Authenticate you, secure your account, and enforce access controls and usage limits tied to your Plan;
- Process payments, send invoices, and manage subscriptions;
- Communicate with you about your account, service changes, security alerts, and support requests;
- Monitor, analyze, and improve performance, reliability, and security, and to prevent fraud and abuse;
- Comply with legal obligations and enforce our Terms of Service.
Legal bases for processing
Where the GDPR or similar laws apply, we process personal data on the following bases: performance of a contract (to provide the Service you request), legitimate interests (to secure, improve, and market the Service in a proportionate way), consent (where required, such as certain communications), and legal obligation (to meet accounting, tax, and regulatory requirements). You may withdraw consent at any time where processing is based on consent.
Content you upload
We access and process your Content only to provide the Service — for example, to transcode a video into adaptive-bitrate renditions, generate captions, or deliver an asset to an End User. We do not sell your Content, and we do not use your Content to train general-purpose AI models. Caption generation and translation may involve sending audio or text to a specialized processing provider solely to produce the output you requested.
Sharing & sub-processors
We do not sell your personal data. We share information only with service providers who process it on our behalf under appropriate contractual safeguards, and where required by law. Our key sub-processors include:
- Cloudflare — global edge delivery, object storage (R2), and security/WAF services;
- Razorpay — payment processing and billing;
- MongoDB Atlas — managed database hosting for account and application data;
- AI caption/translation provider — automated transcription and translation of Content you choose to caption;
- Email provider — transactional email such as verification, receipts, and service notices.
We may also disclose information to comply with a valid legal request, to protect the rights, property, or safety of Streamlet, our users, or the public, or in connection with a merger, acquisition, or asset sale, in which case we will notify you of any material change to how your data is handled.
Data retention
We retain personal data and Content for as long as your account is active or as needed to provide the Service. When you delete Content, we remove it from active systems, though residual copies may persist in caches or backups for a limited period before being overwritten. When you close your account, we delete or anonymize your personal data within a reasonable period, except where we must retain certain records to meet legal, tax, accounting, or security obligations.
Data security
We apply technical and organizational measures to protect your data, including encryption in transit (HTTPS/HTTP/3), AES-128 encryption for HLS streams, hashed passwords, signed and expiring delivery URLs, an edge web-application firewall, rate limiting, and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.
International data transfers
Streamlet operates from India and uses providers with globally distributed infrastructure. Your data — including Content delivered from our edge network — may be processed in countries other than your own. Where personal data is transferred across borders, we rely on appropriate safeguards, such as standard contractual clauses, to protect it in line with applicable law.
Your privacy rights
Depending on your location, you may have the right to access, correct, update, port, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. Account holders can update much of their information directly in their settings. To exercise other rights, contact us at [email protected]. We will respond within the timeframe required by applicable law and may need to verify your identity before acting on a request.
If you are in the EEA or UK, you have the right to lodge a complaint with your local data-protection authority. If you are in India, you may raise concerns under the Digital Personal Data Protection Act by contacting our grievance channel below.
Children's privacy
The Service is not directed to children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will take steps to delete it.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or through the Service. We encourage you to review this page periodically.
Contact & grievances
For any privacy question, request, or grievance, contact us at [email protected]. Streamlet is operated from Bengaluru, Karnataka, India. We will acknowledge and address grievances in accordance with applicable data-protection law.
Questions about this document? Reach us at [email protected] .