StreamFluentStreamFluent
Security

Your Security is Our Priority

StreamFluent is built with security at its core. We protect your account, your streams, and your data with industry-standard practices and a continuous improvement mindset.

Last updated: February 1, 2026

How We Protect Your Data

A layered security approach covering infrastructure, application, and operational practices.

Encryption in Transit

All data transmitted between your browser, OBS plugin, and our servers is encrypted using TLS 1.2+. We enforce HTTPS across all endpoints with HSTS headers.

Encryption at Rest

Sensitive data stored in our databases is encrypted at rest using AES-256. This includes account credentials, API keys, and payment metadata.

Authentication Security

Passwords are hashed using bcrypt with a high work factor. We support strong session management and plan to add TOTP-based two-factor authentication.

Principle of Least Privilege

Our team members only have access to the data they need to perform their jobs. Production database access is strictly controlled and audited.

Infrastructure

StreamFluent runs on enterprise-grade cloud infrastructure (Vercel and MongoDB Atlas) with automated backups, geo-redundancy, and a 99.9% uptime SLA.

Security Reviews

We conduct regular code reviews with a security focus, dependency audits, and periodic penetration tests by third-party security researchers.

Stream & Content Security

Your live stream content is sensitive. Here's how we handle it:

We follow the principle of data minimization — we only process what is necessary to deliver the Service and retain it no longer than required.

  • Audio processed for AI dubbing is handled in ephemeral, isolated sessions
  • Stream content is not persisted beyond the duration of a live session
  • Destination platform credentials (RTMP keys) are stored encrypted and never exposed in plaintext via our APIs
  • OBS plugin communicates with our servers over authenticated, encrypted WebSocket connections

Responsible Disclosure

We welcome security researchers. If you discover a vulnerability, please follow our responsible disclosure process.

01

Find a Vulnerability

Discover a security issue in StreamFluent — this includes our website, API, OBS plugin, or mobile apps.

02

Email Us Privately

Send details to support@streamfluent.ai. Please do not publicly disclose the vulnerability before we've had a chance to address it.

03

We Acknowledge

We'll confirm receipt of your report within 48 hours and keep you updated on our progress.

04

We Fix It

We aim to resolve critical issues within 7 days, high severity within 30 days, and lower severity within 90 days.

05

Recognition

We'll acknowledge your contribution publicly (with your permission) in our security acknowledgments. Bug bounty rewards may apply for critical findings.

In Scope

  • streamfluent.ai and subdomains
  • StreamFluent REST and WebSocket APIs
  • StreamFluent OBS plugin
  • Authentication and authorization systems
  • Data exposure and privacy vulnerabilities
  • Injection vulnerabilities (SQL, XSS, etc.)
  • SSRF, IDOR, and business logic issues

Out of Scope

  • Social engineering attacks
  • Physical security
  • Denial of Service (DoS/DDoS)
  • Vulnerabilities in third-party services we use
  • Issues requiring physical access to infrastructure
  • Reports from automated scanning without validation

Report a Vulnerability

Found a security issue? Please disclose it responsibly. We appreciate your help in keeping StreamFluent safe.

support@streamfluent.ai

Security Questions

Have questions about our security practices, compliance, or data handling? We're happy to discuss.

Contact Us
Read our Privacy Policy →