delayed Get delayed →
Legal

Privacy Policy.

delayed is a local-first tool. Your stream stays on your PC. This page lists what little data does cross the wire, why, and your rights over it.

EFFECTIVE 2026-05-08 · LAST UPDATED 2026-05-08

1. Who runs delayed

delayed is operated by Yusuf Dede as an individual, based in Turkey. For privacy questions, data-access requests, or anything in this policy, write to support@delayed.stream.

Under EU GDPR Article 4(7) and Turkish KVKK Article 3, this is the data controller for the personal data described below.

2. What "personal data" we actually have

Everything in this section is the complete list. If something isn't here, we don't have it.

From your purchase (via Polar.sh)

Polar.sh handles checkout as our Merchant of Record. They share with us:

  • Email address (so we can email your license key and contact you about your subscription)
  • First and last name (as you entered at checkout)
  • Country (used for invoice generation and VAT, not stored beyond what Polar already retains)
  • Subscription / lifetime status and renewal dates

Polar processes your full billing details (payment method, billing address) under their own privacy policy at polar.sh/legal/privacy. We never see your card or full billing address.

From the desktop app, while it's running

The app makes outbound network calls to two endpoints only:

  • Polar.sh license API: sends your license key plus a stable per-machine identifier (MachineGuid from Windows registry) so Polar can validate the activation. Runs on launch and once every 6 hours while the app is open. No user data is sent beyond this.
  • api.delayed.stream/dl: checks for app updates. Sends nothing about you; just a GET request for the latest manifest. Logged on our side with a generic web-server access log (IP + user-agent), retained 30 days, then rotated.

Outside those two calls, the app makes no network requests we initiate. Your stream goes from the app directly to your destinations (Twitch, YouTube, Kick, TikTok, custom RTMP) over RTMP; that traffic does not pass through us.

What stays on your device

  • Stream destinations and stream keys (encrypted by Windows Credential Manager / DPAPI, never written to a plain file, never sent anywhere by the app)
  • Your delay and protective-buffer settings
  • Your license key (encrypted in the same Credential Manager store)
  • Your video and audio stream content while delayed

3. What we explicitly do not collect

  • No analytics, no telemetry, no event tracking
  • No crash reporting
  • No "anonymous usage statistics"
  • No behavioural data (which buttons you click, how long you stream, etc.)
  • No cookies on this website beyond what's strictly necessary (currently: none)
  • None of your stream content; your video and audio never reach our servers

This is enforced by code, not policy: the app simply does not contain analytics, error reporting, or telemetry libraries. You can verify by capturing its outbound traffic.

4. Why we hold what we do

  • Email + name: to deliver your license, send refund/billing emails, and respond if you contact support. Legal basis: contract (Art. 6(1)(b) GDPR / KVKK Art. 5(2)(c)).
  • Country: to generate compliant invoices via Polar. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • License key + machine ID: to enforce one active install per license. Legal basis: contract.
  • Update-check IP/UA logs: to keep the update endpoint running and detect abuse. Legal basis: legitimate interest. Retained 30 days.

5. How long we keep it

  • Active subscribers / lifetime customers: as long as your account is active.
  • After cancellation or refund: we retain email + license-issue record for 2 years for tax / accounting purposes, then delete. Polar.sh has its own retention rules for the same data.
  • Server-side update-check logs: rotated after 30 days.

6. Your rights

If you live in the EU/UK (GDPR) or Turkey (KVKK), you can ask us to:

  • Tell you what we hold about you
  • Correct anything that's wrong
  • Delete your account and personal data
  • Export your data in a machine-readable format
  • Object to processing or restrict it

Email support@delayed.stream with the subject "Data Request" and we will respond within 30 days as required by GDPR Art. 12, or 30 days as required by KVKK Art. 13. Some data sits in Polar's systems too; we'll forward those requests to them where applicable.

If you believe we've mishandled your data, you have the right to complain to your local supervisory authority (in Turkey: KVKK; in the EU, your national DPA).

7. Data transfers

Polar.sh is incorporated in the United States. Their use of your billing data is governed by their own privacy policy and the relevant cross-border transfer mechanisms (typically Standard Contractual Clauses for EU customers).

Our update server (api.delayed.stream) is hosted in the EU. Your update-check logs do not leave the EU.

8. Children

delayed is intended for streaming professionals and is not directed at children under 16. We do not knowingly collect data from children. If you're a parent and believe we have, email us and we'll delete it.

9. Changes to this policy

If we change this policy, we'll update the "last updated" date at the top and, for material changes, email subscribers with the diff. Trivial wording fixes don't trigger a notification.

Plain summary: we have your email and name (because Polar gave them to us), the app talks to Polar to validate your license and to our update endpoint to check for new versions, and that's it. No telemetry, no analytics, your stream never touches us.