Privacy Policy
Last updated: April 8, 2026
Sophie's House is operated by Ocean State Instrumentation LLC, Warwick, RI.
Sophie's House (sophieshouse.app) is operated by Ocean State Instrumentation LLC (“we,” “us,” or “our”), based in Warwick, Rhode Island. This Privacy Policy explains how we collect, use, store, and protect your information when you use Sophie's House (“the Service”).
By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
1. What Sophie's House Does
Sophie's House is a read-only metrics dashboard. It connects to your creator platform accounts (such as Twitch, YouTube, Patreon, Instagram, and Etsy) and displays your existing metrics — follower counts, subscriber counts, earnings, and engagement data — in a single unified view.
We do not post content, send messages, modify settings, or take any action on your behalf on any connected platform. All interactions with your platform accounts remain yours alone.
2. Information We Collect
Account information
When you create a Sophie's House account, we collect:
- Your email address
- A hashed password (if you use email/password sign-in)
- Your name (if you sign in with Google)
We do not store plain-text passwords. Passwords are hashed using bcrypt before storage.
Platform connection data
When you connect a platform account (Twitch, YouTube, Patreon, Instagram), we store:
- An OAuth access token and refresh token issued by that platform
- The scopes (permissions) you granted
- The date the connection was established and last synced
All OAuth tokens are encrypted at rest using AES-256 encryption before being stored in our database. The encryption key is never stored in the database — it is held separately in secure server-side environment variables.
Cached metrics
We periodically fetch and cache metrics from your connected platform accounts, including:
- Follower and subscriber counts
- Earnings and revenue data (where available via the platform's API)
- Engagement metrics such as views, impressions, and reach
- Stream or content status
This data is cached to reduce API calls and provide a fast dashboard experience. We fetch only what each platform's API makes available to authorized applications.
Log and usage data
We may collect standard server log data including IP addresses, browser type, pages visited, and timestamps. This data is used for security monitoring and debugging. We do not use it for advertising or profiling.
3. How We Use Your Information
We use your information solely to provide and improve the Service:
- To authenticate you and maintain your session
- To connect to your platform accounts on your behalf
- To fetch and display your metrics in the dashboard
- To refresh expired OAuth tokens automatically
- To send transactional emails, such as password reset links, when requested by you
- To diagnose errors and improve reliability
We do not:
- Sell, rent, or share your personal data with third parties for advertising
- Use your data for any purpose other than operating the Service
- Display advertising of any kind
- Access your platform accounts for any purpose beyond reading metrics
4. Third-Party Platforms
Sophie's House connects to third-party platforms on your behalf. By connecting a platform account, you are also subject to that platform's own privacy policy and terms of service:
- Twitch: https://www.twitch.tv/p/legal/privacy-policy/
- YouTube / Google: https://policies.google.com/privacy
- Patreon: https://www.patreon.com/policy/privacy
- Instagram / Meta: https://privacycenter.instagram.com/policy/
- Etsy: https://www.etsy.com/legal/privacy/
- Pinterest: https://policy.pinterest.com/en/privacy-policy
- TikTok: https://www.tiktok.com/legal/page/us/privacy-policy/en
We request only the minimum permissions (OAuth scopes) necessary to read your metrics. We do not request permissions to post, delete, or modify content on any platform. The specific scopes we request are:
- Twitch:
moderator:read:followers,channel:read:subscriptions,analytics:read:extensions— read follower count, subscriber data, and channel analytics - YouTube:
youtube.readonly,yt-analytics.readonly— read channel info, subscriber count, and revenue analytics - Patreon:
identity,campaigns,campaigns.members— read creator profile, campaign stats, and patron counts - Instagram:
instagram_business_basic,instagram_business_manage_insights— read profile info, follower count, and engagement metrics (reach, views) - Etsy:
transactions_r,billing_r,shops_r— read order history, revenue data, fees, and shop details - Pinterest:
user_accounts:read,boards:read,pins:read— read follower count, board count, pin count, impressions, saves, and pin clicks (Business accounts only) - TikTok:
user.info.basic,user.info.profile,user.info.stats,video.list— read profile info, follower count, likes, video count, and recent video engagement metrics
5. Data Storage and Security
Your data is stored in a secured cloud database hosted on Neon (a Postgres database provider) via Vercel. We implement the following security measures:
- OAuth tokens encrypted at rest using AES-256
- Passwords hashed using bcrypt (never stored in plain text)
- All data transmitted over HTTPS/TLS
- Webhook requests validated using HMAC signatures before processing
- No sensitive credentials logged to application logs
While we take security seriously and implement industry-standard protections, no system is completely immune to breaches. We encourage you to use a strong, unique password for your Sophie's House account.
6. Data Retention
We retain your data for as long as your account is active.
If you delete your account, all of your data is permanently deleted, including:
- Your account information and credentials
- All platform connections and stored OAuth tokens
- All cached metric data
This deletion is immediate and cascading — removing your account removes everything associated with it. We do not retain backups of deleted user data beyond standard database backup windows (typically 7 days).
If you disconnect a platform (without deleting your account), all cached data for that platform is immediately deleted along with your stored OAuth tokens for that platform.
7. Your Rights
You have the right to:
- Access your data — contact us to request a copy of the data we hold about you
- Delete your account — you can delete your account and all associated data at any time from your account settings
- Disconnect platforms — you can disconnect any connected platform account at any time from your settings page, which immediately deletes the associated tokens and cached data
- Correct your information — contact us to correct inaccurate account information
Residents of the European Economic Area (EEA) and California may have additional rights under GDPR and CCPA respectively. Please contact us to exercise these rights.
8. Cookies and Local Storage
Sophie's House uses cookies solely for authentication purposes — to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
We do not use local storage to persist sensitive data.
9. Children's Privacy
Sophie's House is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify users via email or a notice on the Service.
Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:
Ocean State Instrumentation LLCWarwick, Rhode Island, USA
Email: privacy@sophieshouse.app