Legal Documentation

Privacy Policy

Effective date: May 7, 2026 · Last updated: May 7, 2026

This Privacy Policy describes how the applications maintained by Victor Cavalcante (operating as "ViktorKav") ("we", "our", "us") collect, use, store, and share information when you authorize and use them. Our applications are personal content production tools that run locally on the user's own machine, integrating with third-party APIs including Google APIs for YouTube data.

By authorizing or using our applications, you acknowledge that you have read and understood this Privacy Policy.

1. Applications covered

This Privacy Policy applies to the following applications, and to any future applications by Victor Cavalcante that share this OAuth client configuration:

Members Image Generator — A local desktop tool that generates a 4K image listing the paying members of the operator's own YouTube channel, used in end-of-video credit screens. It uses the YouTube Data API v3 endpoint members.list under the OAuth scope https://www.googleapis.com/auth/youtube.channel-memberships.creator.
Stream-tools — A self-hosted server application for live stream alerts and live chat moderation. It uses the YouTube Data API v3 (live chat endpoints) under the OAuth scopes https://www.googleapis.com/auth/youtube.readonly and https://www.googleapis.com/auth/youtube.force-ssl. It also integrates with Twitch and LivePix APIs (governed by their respective policies).

2. Information we access

From the YouTube Data API

Members Image Generator accesses, via members.list: members' public display names, public channel URLs, current membership level (e.g. "Adepto", "Mecenato"), the date each member joined, and the total membership duration in months.
Stream-tools accesses, via the live chat endpoints: public live chat messages and their authors' public display names, channel IDs, badges, profile image URLs, and event types (membership, super chat, regular message). When the operator performs moderation, it accesses message IDs and target channel IDs only as needed to execute the requested moderation action.

We do not access or process: email addresses, payment information, private messages, viewer location data, or any non-public personal information.

From the OAuth flow

Refresh tokens and access tokens issued by Google's authorization server, used solely to call the APIs listed above on the user's behalf.

3. How we use the information

Members Image Generator: the members list is rendered into a static PNG/JPG image used in the end credits of the operator's YouTube videos — exactly the same names YouTube already displays publicly on the channel's "Members" tab.
Stream-tools: live chat messages are displayed in stream overlays and used to trigger configured visual/audio alerts. Moderation actions (delete, timeout, ban) are executed only when manually requested by the operator through the admin interface.
OAuth tokens are used exclusively to authenticate API requests for the purposes above.

4. Compliance with Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, we confirm:

We only use Google user data to provide the user-facing features described in section 3 of this policy.
We do not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
We do not sell Google user data to data brokers, advertisers, or any other third party.
We do not transfer Google user data to any third party, except as necessary to provide or improve user-facing features prominent in the requesting application's user interface and only with the user's consent.
No humans read Google user data, except: (a) with the user's affirmative agreement for specific messages, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for the application's internal operations and only when the data has been aggregated and anonymized.

5. Where the data is stored

All data is stored locally on the user's own infrastructure. We do not operate any cloud server that aggregates user data. Specifically:

OAuth tokens are stored in a local .env file on the user's own machine, with restricted file permissions. Tokens are never transmitted to any third party.
Members list cache (Members Image Generator) is stored in a local membros.csv file on the user's own machine and is overwritten each time the application runs. It is not shared.
Live chat messages (Stream-tools) are processed in memory during an active stream and are not persisted to disk for permanent history.
Configuration data for Stream-tools is stored in config.json and secrets.json files on the user's own server, with restricted file permissions.

The only "output" that becomes public is the credit image at the end of YouTube videos (containing publicly visible member names) — published as part of the video by the operator's choice.

6. Sharing with third parties

We do not share Google user data with any third party. Specifically:

No analytics services, tracking pixels, or telemetry are connected to our applications.
The data is not sold, rented, or monetized in any form.
The data does not leave the user's personal infrastructure.

7. Data retention and deletion

The user controls all data, since everything is stored locally. To delete data collected by our applications:

Members Image Generator: delete the files .env and membros.csv in the project directory.
Stream-tools: delete server/data/secrets.json and server/data/config.json.

To revoke our applications' access to your Google account at any time:

Visit https://myaccount.google.com/permissions
Find the application in the list of apps with access to your account.
Click "Remove access". The OAuth tokens become invalid immediately.

8. Children's privacy

Our applications are not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Cookies and tracking on this website

The website viktorkav.com.br (including this Privacy Policy page) does not use tracking cookies, analytics, fingerprinting, or advertising pixels. Web fonts are loaded via Google Fonts (subject to Google's Privacy Policy).

10. Changes to this policy

Material changes to this Privacy Policy will be reflected by updating the "Last updated" date at the top of this page. If the changes are significant, we will notify users through the operator's YouTube channel or via email when applicable.

11. Compliance with related policies

By using our applications, you also agree to comply with:

12. Contact

If you have questions about this Privacy Policy or want to exercise your privacy rights:

Email: [email protected]

This Privacy Policy is maintained by Victor Cavalcante (ViktorKav), an independent content creator based in Brazil.

Versão em português: esta política está disponível em inglês como versão canônica para verificação Google. Para esclarecimentos em português, contate via email acima.