Privacy Policy

This policy explains what data the BenchStream mobile app and website handle, why, and what your rights are. It is written in plain English. Where we use a legal term, we explain what it means.

BenchStream is designed to be private by default. We do not run a server that receives your video. We do not store copies of your streams. We do not include analytics, advertising, or crash-reporting SDKs in the app.

1. Who we are

BenchStream is operated by K. Jones, trading as BenchStream. For the purposes of UK GDPR, K. Jones is the controller for the limited personal data processed by BenchStream — including the Google account identity used to sign in, YouTube channel and broadcast data accessed through the app, data stored locally on your device by the app, and any support correspondence you send us.

Most of this data never leaves your device. We explain exactly what does, and where it goes, in the sections below.

Contact: [email protected].
Postal correspondence: [POSTAL ADDRESS], United Kingdom.

2. The short version

• BenchStream sends your video directly from your phone to YouTube (or to a streaming destination you configure yourself). It does not pass through any server we operate.
• To use BenchStream with YouTube you sign in with your Google account so the app can manage YouTube broadcasts on your behalf. We request a single YouTube read/write permission, plus basic Google identity permissions, needed for the app features.
• Your Google sign-in tokens are stored encrypted on your device. They are sent only to Google's own servers when refreshing your session. BenchStream does not receive or store these tokens on any server it operates.
• We do not include any analytics, advertising, or crash-reporting SDK in BenchStream.
• The website uses no tracking cookies and no third-party analytics tied to you. Our website host may process basic request logs for hosting and security.
• You can remove BenchStream's local app data and revoke its access to your Google account at myaccount.google.com/permissions. Broadcasts you created stay on your YouTube channel until you remove them there. See section 9.

3. Data we access via Google APIs

When you sign in with Google, BenchStream requests these OAuth scopes on Android and iOS:

• openid, email, profile — your email address, display name, and basic profile so we can show you who is signed in.
• youtube.force-ssl — read your YouTube channel and live broadcast information, create and configure live broadcasts and live streams, bind a stream to a broadcast, transition broadcasts between testing/live/ended states, and update broadcast metadata you set in the app.

In practice, the data the app handles falls into two groups:

• Identity data — your email address, display name, and basic profile information from Google.
• YouTube data — your channel ID, channel handle, channel avatar URL, the list of your scheduled and live broadcasts, live stream/broadcast IDs needed to start the stream, and the lifecycle state of those broadcasts (testing, live, ended).

We use these only to let you choose a broadcast, bind your stream to it, and manage its lifecycle (start, stop, transition) — the same things you can do yourself in YouTube Studio. The data is handled by the app on your device; it is not sent to any server we operate.

4. Limited Use of Google user data

BenchStream's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use access to YouTube user data to provide and improve the user-facing features of BenchStream (listing, creating, binding, configuring, and transitioning live broadcasts on the authenticated user's own YouTube channel).
• We do not transfer the data to others unless doing so is necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use the data for advertising, including retargeting, personalised, or interest-based advertising.
• We do not allow humans to read Google user data unless you have given affirmative agreement for specific data, access is necessary for security purposes such as investigating abuse, access is necessary to comply with applicable law, or the data is aggregated and used for internal operations in accordance with privacy law.

Because BenchStream does not transmit Google user data to any server we operate, in practice there is no routine human access to your data. The only exception is information you choose to share with us yourself — for example by attaching logs or screenshots to a support email. We would only use that information to handle your support request, to investigate a security or abuse issue, to comply with the law, or to maintain the service.

5. Your video and audio

While you are streaming, video frames from your camera and audio from your microphone are encoded on your device and sent directly to YouTube's ingest servers — or, if you have configured a manual RTMP, HLS, or SRT destination, to that server. BenchStream does not operate a server that receives, transcodes, records, or rebroadcasts your stream content.

We do not see your video or audio. We do not store copies. We have no ability to play back a stream after it has been sent.

6. Data stored on your device

The following items are stored locally on your phone and do not leave it except as described elsewhere in this policy:

• OAuth tokens (your Google access and refresh tokens). On Android these are stored using platform-provided encrypted storage backed by keys from the Android Keystore. On iOS they are stored in the iOS Keychain, restricted to this device.
• Manual destination credentials (any RTMP, HLS, or SRT URLs, stream keys, and authentication headers you enter yourself). Held using the same encrypted storage as your OAuth tokens.
• App preferences — microphone settings, default bitrate and resolution, scoreboard preset and team logos you have imported, custom thumbnails you have selected.

None of this is sent to any BenchStream server, because we do not operate one.

7. Analytics, crash reporting, advertising

BenchStream contains no analytics SDK, no crash-reporting SDK, no advertising SDK, and no third-party tracking. The app does not collect a device identifier or an advertising ID. The website uses no tracking cookies and no third-party analytics that identify you.

The website is hosted on Cloudflare Pages. Cloudflare may process basic request metadata such as your IP address, browser user agent, requested URL, timestamp, and security signals to deliver the site and protect it from abuse. We do not intentionally use Cloudflare Web Analytics, Zaraz, Turnstile, or other Cloudflare tracking features on this site.

If we add opt-in crash reporting in a future release (for example to help us fix bugs that affect many users), we will update this policy, add a setting in the app to enable or disable it, and default it to off until you opt in.

8. Permissions the app requests

• Camera — to capture the live video you are broadcasting.
• Microphone — to capture the live audio you are broadcasting.
• Photos (when you select a custom thumbnail or team logo) — a one-shot picker; we do not browse your photo library.
• Bluetooth (Android only, when you choose to use a Bluetooth audio device) — to enumerate and connect to your paired microphone or headset.
• Foreground service (Android) and background audio mode (iOS) — so the stream keeps running if you switch apps or the screen turns off mid-game.
• Network state — to detect whether you are on Wi-Fi or cellular so the encoder can adapt.

9. Retention and deletion

Because BenchStream does not run a server, there is no central database to retain or delete. Data exists only on your device, and only for as long as you keep the app installed and signed in. To remove it:

1. From the app's account settings, sign out or choose Delete data. This clears your OAuth tokens, cached profile information, and saved preferences from the app.
2. Revoke BenchStream's access to your YouTube account at myaccount.google.com/permissions.
3. Uninstall the app to remove anything that remains on the device.

Broadcasts you have created on your YouTube channel are yours and remain on your YouTube account; deleting them is done through YouTube Studio.

If you email us for support, we retain that correspondence and any attachments for up to 12 months after the request is resolved, unless we need to keep it longer for security, legal, accounting, or dispute-resolution reasons.

10. Your rights under UK and EU data protection law

If you are in the UK, the EEA, or somewhere with similar rights, you can ask us to:

• Confirm what personal data we hold about you and provide a copy (right of access).
• Correct inaccurate information (right to rectification).
• Delete personal data we hold (right to erasure).
• Restrict or object to certain processing.
• Receive your data in a portable format (right to data portability).
• Not be subject to a decision based solely on automated processing, including profiling, where that right applies. BenchStream does not currently make these decisions.

In practice, because we do not hold a server-side copy of your data, most of these requests are satisfied by the deletion steps in section 9. For anything else, write to [email protected]. We aim to respond within one month, as required by UK GDPR.

You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk/concerns, or to your local supervisory authority in the EEA.

11. Legal basis for processing

• Performance of a contract — to process Google identity data, YouTube channel/broadcast data, local app preferences, and stream-destination settings needed to provide the features you ask the app to provide.
• Legitimate interests — for security, abuse prevention, responding to your support requests, maintaining correspondence records, and operating reliable website hosting, where this does not override your rights.
• Consent — for any optional feature that requires it, such as opt-in crash reporting we may add in a future release.

12. Children

BenchStream is intended for users aged 18 or over. The app's target audience on Apple's App Store and Google Play is set to 18+. We do not knowingly collect personal data from children or allow under-18 users to use BenchStream. If you believe a child has provided personal data through BenchStream, contact us and we will delete it where required.

13. Third parties

We rely on the following third parties to provide BenchStream. Their handling of your data is governed by their own privacy policies:

• Google — for sign-in (OAuth) and for the YouTube Data API. See Google's Privacy Policy.
• YouTube — as the destination for your broadcasts, governed by the YouTube Terms of Service.
• Cloudflare — for website hosting, content delivery, and security logging for bench-stream.com. See Cloudflare's Privacy Policy.
• Apple and Google Play — for app distribution, downloads, and Pro subscription billing handled through their app stores.
• Our email provider — for support, legal, and privacy correspondence you send us.
• Any third-party streaming destination you configure manually (RTMP, HLS, or SRT) is operated by whoever provides it and is outside our control.

We do not sell, share, or transfer your personal data to third parties for advertising purposes.

14. International transfers

When you sign in with Google or stream to YouTube, your data is transferred to Google's infrastructure, which may process it outside the UK or EEA. When you load our website, Cloudflare may process request metadata through its global network. Support email, app-store services, and manual streaming destinations may also involve processing outside the UK or EEA.

Where international transfers require safeguards, we rely on the relevant provider's transfer mechanisms, such as adequacy regulations, the UK International Data Transfer Agreement, or the UK addendum to the EU Standard Contractual Clauses.

15. Changes to this policy

If we make material changes to this policy we will update the "Last updated" date at the top and surface an in-app notice on next launch. Where practical, we will give at least 30 days' notice before material changes take effect. If a change needs your consent, such as a new optional telemetry feature or a new use of Google user data, we will ask for that consent separately.

16. Contact

For privacy questions, rights requests, or anything else, email [email protected].