Privacy Policy

Last updated: February 2026

1. Introduction

Overlay Blue ("we," "our," or "us") provides a self-service platform for creating donation overlay campaigns for live streams. This Privacy Policy explains how we collect, use, and protect your information when you use our platform.

2. Information We Collect

Account Information

  • Name and email address (provided during registration)
  • Password (stored as a secure one-way hash; we cannot read your password)
  • Account role (admin or super admin)

Campaign Data

  • Campaign names, descriptions, and ActBlue fundraising page URLs
  • Overlay configuration settings (colors, layout, images)
  • Fundraising progress data scraped from public ActBlue pages

Session Data

  • Overlay viewing sessions (used to track which streamers are active)
  • Session timestamps and duration

3. How We Use Your Information

  • To authenticate and manage your account
  • To display donation overlays on live streams
  • To track fundraising progress by scraping public ActBlue pages
  • To provide analytics on campaign performance
  • To send invitation emails to new team members

4. Third-Party Services

  • ActBlue — We scrape publicly available fundraising data from ActBlue Express pages. We do not access private ActBlue account data.
  • Resend — We use Resend to send invitation emails. Your email address is shared with Resend solely for email delivery.
  • MongoDB Atlas — Your data is stored in a secure MongoDB Atlas database with encryption at rest and in transit.

5. Cookies

We use a single session cookie for authentication. See our Cookie Policy for details.

6. Data Retention

Account data is retained as long as your account is active. Campaign data and analytics snapshots are retained for the lifetime of the campaign. You may request deletion of your account and associated data by contacting your administrator.

7. Data Security

We implement industry-standard security measures including encrypted database connections, secure password hashing (bcrypt), JWT-based session tokens, and HTTPS-only communication.

8. Your Rights

You have the right to access, correct, or delete your personal data. Contact your organization's administrator to exercise these rights.

9. Changes to This Policy

We may update this policy from time to time. Changes will be reflected on this page with an updated revision date.