Last updated : 2/18/2026

1. Introduction

This Privacy Policy explains how Islandium collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). By using Islandium, you accept the practices described below.

2. Data Collected - Complete Inventory

For complete transparency, here is all the data we collect and store:

2.1. User Account Data

Data	Purpose	Retention
Email	Authentication, communication	Account duration
Username	Identification	Account duration
Password (bcrypt hashed)	Secure authentication	Account duration
Name, surname (optional)	Billing	Account duration
Postal address (optional)	Billing	Account duration
Google ID (if Google login)	OAuth authentication	Account duration
Google profile photo (if OAuth)	Profile display	Account duration

2.2. Technical and Security Data

Data	Purpose	Retention
IP Address	Security, fraud prevention	30 days (logs)
User-Agent (browser)	Compatibility, debug	30 days (logs)
Session tokens (JWT)	Session maintenance	7 days then deleted
Audit logs (actions)	Security, traceability	90 days
Timezone (browser)	Automatic region detection for TikTok gifts	Account duration

2.3. Payment and Billing Data

Data	Purpose	Retention
Stripe customer ID	Subscription management	Account duration
Transaction history	Accounting	10 years (legal obligation)
PDF invoices	Proof of purchase	10 years (legal obligation)
Credit card numbers	NOT STORED - processed by Stripe	-

2.4. Configurations and Preferences

Data	Purpose	Retention
Overlay profiles (JSON)	Tool customization	Account duration
Trigger configurations	TikTok automations	Account duration
Custom webhooks	External integrations	Account duration
Notification preferences	Personalized communication	Account duration

3. TikTok LIVE Data - Detailed Storage

Unlike some services that don't record anything, Islandium stores TikTok data to enable the functioning of leaderboards, statistics, and history. This data is publicly accessible during TikTok lives.

3.1. Stored Viewer Data

Data	Example	Retention
TikTok username (@username)	@viewer_example	Streamer account duration
TikTok user ID	123456789	Streamer account duration
Profile picture URL	External TikTok URL	Streamer account duration
First visit date	01/01/2025	Streamer account duration
Last activity date	01/15/2025	Streamer account duration
Counters (follows, likes, shares)	5, 120, 3	Streamer account duration
Total gifts sent	15	Streamer account duration
Calculated points	1250	Streamer account duration

3.2. Gift History

Data	Purpose
Gift type (Rose, Lion, etc.)	Statistics, leaderboards
Quantity per type	Top donors leaderboards
Value in diamonds	Total calculations

3.3. Trigger Execution Logs

Data	Retention
Username of viewer who triggered the action	30 days
Event data (JSON)	30 days
Success/failure of action	30 days

What we do NOT collect from TikTok viewers

Viewer email addresses
Phone numbers
Private TikTok account data
TikTok browsing history
Viewer geolocation
Private messages

Legal basis: This data is publicly accessible during TikTok lives. Processing is based on the streamer's legitimate interest in managing their activity and the fact that the viewer, by participating publicly in the live, makes this information visible to everyone.

4. Subcontractors and Third-Party Services

Hosting - OVH / Hostinger

Data : All stored data
Location : Europe (France)
Guarantees : GDPR compliant, ISO 27001 certified

Database - MySQL

Data : Accounts, configurations, statistics
Location : Europe
Encryption : At rest and in transit

Payments - Stripe

Transmitted : Email, amount, customer ID
NOT transmitted : Card numbers (processed directly by Stripe)
Certification : PCI-DSS Level 1
Policy : stripe.com/privacy

AI - OpenAI (GPT-4)

Data sent : Generation prompts (text only)
Purpose : Overlay configuration generation
Retention : Not retained after processing
Policy : openai.com/policies/privacy-policy

AI - Google Gemini

Data sent : Image generation prompts
Purpose : Image creation for overlays
Policy : policies.google.com/privacy

TTS - Google Cloud Text-to-Speech

Data sent : Texts to convert to audio
Purpose : Voice synthesis for alerts
Cache : Audio files cached for 24h

Authentication - Google OAuth

Data received : Email, name, profile picture
Purpose : Simplified login
Policy : policies.google.com/privacy

5. Cookies

Islandium uses minimal cookies

No marketing or advertising tracking cookies are used.

Cookie	Type	Duration	Purpose
access_token	Essential	15 min	Authentication
refresh_token	Essential	7 days	Session maintenance
theme	Preference	1 year	Dark/light mode
i18n	Preference	1 year	Language

6. Data Retention Periods

Data Type	Duration	Justification
Account data	Until account deletion	Contract execution
TikTok viewer data	Until streamer account deletion	Legitimate interest
Technical logs	30 days	Security
Audit logs	90 days	Security, traceability
Invoices and transactions	10 years	Legal accounting obligation
TTS audio cache	24 hours	Performance

7. Minimum Age

The Islandium service is reserved for users aged at least 18 years, in accordance with TikTok LIVE terms of service. No data concerning minors is intentionally collected. If you are a parent and believe your child has provided us with data, contact us immediately.

8. Data Deletion

You may request the deletion of your account and all your data at any time.

Deletion delays:

Account data : Within 72 hours
TikTok viewer data : Within 72 hours (cascade deletion)
Configurations and profiles : Within 72 hours
Technical logs : Within 30 days
Invoices : Retained 10 years (legal obligation)

Deletion request: privacy@islandium.com

9. Your Rights (GDPR)

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

Right of access: view the data we hold about you
Right to rectification: correct your inaccurate data
Right to erasure: request deletion of your data
Right to data portability: retrieve your data in a readable format (JSON)
Right to object: refuse certain data processing
Right to restriction: limit the processing of your data

To exercise these rights: privacy@islandium.com
Response within 30 days maximum.

10. Data Security

Islandium implements appropriate technical and organizational measures:

Encrypted communications (HTTPS/TLS)
Hashed passwords (bcrypt)
JWT tokens with short expiration
Internal access limitations
Regular encrypted backups
Security monitoring and alerts

11. International Transfers

Islandium aims to keep data within the European Union. However, some providers (OpenAI, Google, Stripe) may have global infrastructure. In this case, transfers are governed by Standard Contractual Clauses (SCC) and subcontractor contractual commitments.

12. Policy Modifications

Islandium may update this policy at any time. Any significant changes will be communicated by email or platform notification. The last update date is indicated at the top of this page.

13. Contact

For any questions regarding data protection or your rights:

DPO Email: privacy@islandium.com
General support: support@islandium.com