liveSats logo

Privacy Policy — liveSats

Last updated: June 1, 2026
Controller: BLINDSIGHT TECNOLOGIA LTDA (“liveSats”, “we”, “us”)
Privacy/DPO contact: tech.blindsight@gmail.com

This document describes how we collect, use, store, share, and protect personal data when you use liveSats, including social login (SSO) and integrations with third-party services (e.g., Google/YouTube).
Important: blockchain transactions are public and irreversible. Some data cannot be deleted because it lives on public networks.

1) Scope and compliance

This Policy applies to use of liveSats by:

  • creators (“Creators”) who connect accounts and receive donations/tips;
  • supporters/donors (“Donors”) who send donations;
  • site visitors (where applicable).

We aim to comply with:

  • LGPD (Brazil) — Law 13.709/2018;
  • GDPR (European Union), where applicable;
  • Google/YouTube policies and terms, when you authenticate or authorize access via OAuth.

2) Data we collect

We collect personal data on a minimal basis to operate the service.

2.1) Account and profile data

  • Account identifiers: name, email, photo/avatar (when provided by the SSO provider).
  • Internal IDs: liveSats user identifier, profile settings.

2.2) SSO authentication (Google) and integrations (YouTube)

When you use SSO and/or connect your channel:

  • Provider data: provider identifier, email, name, avatar.
  • OAuth tokens: access/refresh tokens (where applicable) needed to run integrations.
  • YouTube data required for functionality (e.g., listing lives, identifying broadcast/channel), according to scopes you authorize.

We do not access content beyond what is needed for enabled functionality and do not sell integration data.

2.3) Donation and transaction data (crypto)

liveSats may support donations on EVM networks (Ethereum and compatible chains) and, when enabled, the Bitcoin Lightning Network.

We may process/store:

  • wallet address (sender/recipient, when available);
  • transaction hash, network/chain, token/contract, amount, timestamp, status, fees (gas/charges);
  • metadata associated with the donation on the platform (e.g., donor message, displayed nickname).

Note: wallet addresses and transaction hashes may, in some contexts, be considered personal data because they can identify or make a person identifiable.

2.4) Technical and usage data

  • IP address, user agent, pages visited, error logs, session identifiers;
  • device/browser data and security events.

2.5) Support and communication data

  • information you provide in tickets/emails;
  • logs for fraud/abuse investigation.

2.6) Identity verification (KYC) and compliance data (where applicable)

To enable features (especially for Creators) and meet compliance requirements, we may collect and/or receive from KYC providers data such as:

  • full name, date of birth, nationality;
  • address and contact information;
  • identity document and/or tax ID (where applicable);
  • selfie, liveness checks, and anti-fraud verification;
  • business information (e.g., legal name, registration), where applicable;
  • verification outcomes (e.g., approved/rejected) and audit trails.

Some of this data may be collected directly by a KYC provider; we receive only what is necessary to enable the account and maintain compliance records.

3) Legal bases and purposes

We process personal data for specific purposes and, where applicable, on appropriate legal bases (LGPD/GDPR). Examples:

  • Contract performance: authenticate users, operate donations, display events and reports, perform payouts/settlement where applicable.
  • Legitimate interest: security, fraud/abuse prevention, usage metrics, service improvement.
  • Legal/regulatory compliance: records, audit, responses to lawful orders.
  • Consent (where applicable): third-party integrations via OAuth and optional preferences.
  • Fraud prevention and security/compliance: identity verification (KYC), risk mitigation, and platform protection.

4) Cookies and similar technologies

We use cookies and local storage (localStorage) as described below.

4.1) Essential (required for operation)

Always active. Examples include:

  • session and authentication cookies (e.g., SSO login);
  • security cookies/tokens (e.g., CSRF protection, abuse mitigation);
  • storage of your consent preference (liveSats_cookie_consent) so the banner is not shown repeatedly.

Legal basis: contract performance and/or legitimate interest (security and service operation).

4.2) Analytics (usage measurement)

We use Google Tag Manager (container GTM-TBVMHD4W) to understand how the site is used (pages visited, events, performance). GTM and services configured in it (e.g., Google Analytics, if enabled in the container) may set cookies or identifiers according to the current configuration.

Legal basis: consent where required, and/or legitimate interest (aggregated metrics and product improvement), as applicable.

4.3) Marketing

We do not use liveSats-owned marketing or behavioral advertising cookies at this time. If that changes, we will update this Policy.

4.4) How to manage or refuse

  • Cookie banner: on selected pages (e.g., landing and legal pages), you can click Accept or Reject. Your choice is saved in the browser (localStorage).
  • Browser: you can block or delete cookies in your browser settings; this may affect login and essential features.
  • Google: see policies.google.com/technologies/cookies and Google’s opt-out tools, where applicable.

For cookie questions: tech.blindsight@gmail.com.

5) Data sharing (no sale)

We do not sell your personal data.

We may share data only when necessary with:

  • SSO/integration providers: Google/YouTube, strictly to operate the integration per authorized scopes.
  • Infrastructure and observability: hosting, databases, queues, storage, monitoring/logs (under contract and confidentiality).
  • Blockchain/infrastructure providers: RPC providers, indexers, blockchain webhooks (e.g., to detect transactions).
  • KYC/compliance providers: identity verification, anti-fraud, and related checks.
  • Authorities: to comply with law, court orders, or protect rights and safety.
  • Corporate transactions: merger/acquisition (with notice when required).

6) International data transfers (Brazil, USA, India)

Because we operate internationally and use global providers, your data may be processed outside your country (including the USA and/or India), with safeguards such as:

  • contracts and confidentiality/protection clauses;
  • technical and organizational controls;
  • minimization and limited retention.

7) Retention and disposal

We keep data only as long as needed to:

  • operate the account and features;
  • meet legal obligations;
  • prevent fraud/abuse.

Blockchain data (e.g., hashes and public records) may remain available indefinitely on public networks, outside our control.

KYC/compliance data may need longer retention for audit, fraud prevention, and legal obligations.

Detailed retention table: [OPTIONAL_IF_DESIRED].

8) Information security

Typical measures include:

  • encryption in transit (TLS) and, where applicable, at rest;
  • access control and privilege segregation;
  • security event logging and monitoring;
  • token rotation/expiry and secrets management.

Reality: no system is 100% secure; the goal is to reduce risk with proportionate controls.

9) Your rights (LGPD/GDPR)

You may request:

  • access, correction, and update of data;
  • portability (where applicable);
  • anonymization, blocking, or deletion (where applicable);
  • information about sharing;
  • withdrawal of consent (e.g., Google/YouTube permissions).

Important limit: we cannot delete data already recorded on public blockchains or data required to meet legal obligations.

10) Children and minors

liveSats is not intended for anyone under 18. If we identify use by a minor under 18, we may suspend/terminate the account and take steps to minimize collection.

11) Google/YouTube integrations (YouTube API Services)

Where applicable:

  • liveSats uses YouTube API Services for features related to broadcasts and authorized data;
  • you can revoke access at any time in your Google account settings;
  • after revocation, we will take steps to prevent future use of tokens and remove/invalidate stored credentials, as applicable.

We also recommend Google’s privacy policy: https://policies.google.com/privacy.

12) Changes to this Policy

We may update this Policy to reflect legal, technical, or operational changes. Material changes will be communicated by email and/or within the platform.

13) Contact

For privacy requests and exercising your rights: