Privacy Policy

Last Updated: 22 May 2026

Lightman Streams respects your privacy and is committed to protecting any personal data that may be processed through the operation of our internet radio stream hosting services. This Privacy Policy outlines what data we handle, how we use it, and your rights under the General Data Protection Regulation (GDPR).

1. Data Collection

Lightman Streams does not actively collect or track personal information from listeners or visitors to hosted stream pages.

However, as part of operating and maintaining the streaming infrastructure, we may incidentally access certain technical data such as:

• IP addresses (used temporarily for routing connections)
• Listener counts and basic playback statistics (processed in real-time)
• Admin or DJ login credentials (only for authorized users)

This data is never used for profiling, marketing, or user tracking and is processed only to ensure the functionality and security of the platform.

2. Legal Basis for Processing

We process limited personal data (such as IP addresses or login credentials) only when necessary. The applicable GDPR legal bases include:

• Legitimate Interests (Article 6(1)(f)) – for ensuring the stability, functionality, and security of our streaming services.
• Contractual Necessity (Article 6(1)(b)) – for providing access to authorized users (e.g., station administrators or DJs).

3. Hosting and Data Processing

Our services are hosted on servers operated by OVH Groupe SAS, a cloud and infrastructure provider with data centers in:

• Strasbourg, France (within the European Economic Area)
• Beauharnois, Canada (outside the European Economic Area)
• Singapore (outside the European Economic Area)

All data is stored and processed on these servers depending on service configuration. We maintain a Data Processing Agreement (DPA) with OVH as required under GDPR Article 28. OVH implements strong security and compliance measures, including ISO/IEC 27001 certification.

Learn more about OVH's privacy practices: OVH Privacy Policy.

4. Backups and Security

We perform daily encrypted backups of server configurations and system data to maintain service reliability. These backups:

• Are encrypted using AES-256 encryption
• Are securely stored and inaccessible to unauthorized parties
• Are retained for up to 30 days before automatic deletion
• Are never used for data analysis or shared with third parties

5. Cookies and Session Data

We do not use tracking, advertising, or analytics cookies.

However, when authorized users (e.g., station administrators or DJs) log in to the control panel (AzuraCast), a session cookie is used. This cookie:

• Is essential to maintain the login session
• Contains no tracking elements
• Is used only during active authenticated sessions

This cookie is considered a strictly necessary cookie under GDPR and does not require user consent.

6. Data Retention

• Listener statistics and IP addresses are processed only in real time and are not stored after a session ends.
• Admin/DJ login data is stored only as necessary to provide service and is deleted upon account removal.
• Backups are retained as described in Section 4.

7. Children's Privacy

Our services are not directed at children under the age of 16, and we do not knowingly collect or process personal data from them. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

8. International Data Transfers

Because part of our infrastructure is located in Canada and Singapore, personal data may be transferred outside the European Economic Area (EEA).

• These transfers are protected under GDPR-compliant safeguards, including the use of Standard Contractual Clauses (SCCs) as approved by the European Commission.
• OVH ensures that such transfers meet the requirements of the GDPR and that data continues to be handled securely.

9. Data Breach Procedure

In the unlikely event of a personal data breach, we will:

• Notify affected users without undue delay if their rights and freedoms are at risk
• Inform the relevant supervisory authority within 72 hours, as required under GDPR Articles 33 and 34
• Take immediate action to contain and remediate the breach

10. User Rights Under GDPR

If any personal data is incidentally processed during your interaction with our services, you have the following rights under GDPR:

• Right of access – to know what data we may hold
• Right to rectification – to correct inaccurate information
• Right to erasure – to request deletion of data
• Right to restriction – to limit how your data is processed
• Right to object – to oppose processing under certain conditions
• Right to lodge a complaint – with your local Data Protection Authority

To exercise any of these rights or inquire about our privacy practices, please contact our Privacy Contact:

• Email: [email protected]
• Privacy Contact: Caine Lightman, Lightman Streams

11. No Third-Party Data Sharing

Lightman Streams does not sell, rent, or share any data with third parties. Any data access is limited to internal operations and trusted infrastructure providers (such as OVH), under strict contractual agreements.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect technical or legal changes. The current version is always available at https://lightmanstreams.com/en/privacy/.

If you have questions about this policy, contact us at [email protected].