H3l1d0 Privacy Policy

Last updated: June 13, 2026

What data we collect

H3l1d0 collects only the data necessary for the platform to function:

  • Account data: email, username, profile picture and role — provided during registration or login with an external provider (Twitch, Kick, Google, GitHub, YouTube).
  • Linked identities: the OAuth tokens you grant us when you link your account from an external provider (for example Twitch). We store them encrypted and use them only for the flows you authorized.
  • Usage data: minimal activity records (login, transactions, subscriptions) to detect abuse and keep the platform operational.
  • Payments: payments are processed through third parties (Mercado Pago, on-chain cryptocurrencies). H3l1d0 does not store credit card data.

How we use the data

  • Authenticate you when you return to the platform.
  • Run the functions you explicitly requested (for example, managing your subscription or receiving messages in your Twitch/Kick chat if you linked a bot). When the markets module is active, we will also use it to run the alerts and tools you configure.
  • Send you operational notifications (plan change, email verification, critical alerts).

What we DON'T do with your data

  • We don't sell it to third parties.
  • We don't hand over your account data (email, profile, linked identities) to advertisers, social networks or data brokers. We show ads via Google AdSense, but that network does not receive your account data (see Advertising and cookies).
  • We don't use your email for external marketing.
  • We don't read the contents of your linked accounts beyond the scopes you authorized and that appear on the provider's consent screen.

OAuth provider data

When you link an account from an external provider, we access only the scopes you accept on the provider's consent screen. The scope depends on the flow: login (SSO) uses the minimum necessary to identify you; operational accounts (channel bots or company account) request additional access to run the functions you authorize.

  • Google: login withopenidemailprofile— to identify you (email + name + picture). Additionally, the support team's operational account useshttps://www.googleapis.com/auth/gmail.readonlyto receive notifications from the team mailbox via Gmail Push (Cloud Pub/Sub watch) and respond to inquiries quickly. That scope applies only to the H3l1d0 team mailbox — not to end-user inboxes. We do not access Calendar, Drive, Contacts or any other data from your Google account.
  • YouTube: login withopenid email profile;if you connect a channel bot, alsoyoutube.readonly(check live channel status) oryoutube(post/moderate content you define).
  • Twitch: login withuser:read:email;the channel bot addschat:readchat:editchannel:read:subscriptionsmoderator:read:followersmoderator:manage:banned_users— read/send messages, followers, subs and moderate.
  • Kick: login withuser:read;the bot addschannel:read channel:write chat:write.
  • GitHub: login withread:user user:email;operational account addsrepo read:org.

You can unlink any provider whenever you want from your account panel or by revoking the permissions directly at the provider. When you unlink, we delete the OAuth tokens immediately.

Advertising and cookies

H3l1d0 shows ads through Google AdSense. For this, Google and other external providers use cookies in your browser to show you ads based on your previous visits to this or other sites.

Retention and deletion

While your account is active, we keep your data. When you delete your account, we anonymize your profile and delete the OAuth tokens within a maximum of 30 days. We keep financial records (paid orders) for accounting and compliance reasons.

Security

OAuth tokens and other credentials are stored encrypted with AES-256-GCM and managed through a dedicated secrets service. Communication between your browser and our servers always uses HTTPS.

Contact

For inquiries, account deletion or security reports, email us at cesaroma@gmail.com.