Yes. The Free plan is $0 forever and includes every core feature with no reply limits on YouTube, Twitch, and Kick — AI replies, real-time translation, 24/7 AI moderation, custom persona, AI Voice TTS, loyalty, and the full analytics dashboard. No credit card required. Only a promo-free chat and priority support require the $12.99/month Pro plan.

Which platforms does Alesha AI support?

YouTube, Twitch, and Kick — simultaneously, from a single dashboard.

What languages does Alesha AI speak?

14+ languages including English, Russian, Spanish, Portuguese, German, French, Italian, Japanese, Korean, Chinese, Arabic, and Hindi. Alesha auto-detects each viewer's language and replies in it, and translates live chat in real time.

How is Alesha AI different from Nightbot, Streamlabs, and StreamElements?

Those tools are command-based (!command response). Alesha generates AI replies in the streamer's persona with contextual understanding, translates chat in real time, moderates with AI, and works across 3 platforms at once — where competitors support 1-2.

How much does Alesha AI cost?

Free ($0 forever) on YouTube, Twitch, and Kick. Pro is $12.99/month and adds a promo-free chat and priority support. There is no Starter tier and there are no reply limits.

Privacy Policy

Last updated: June 2026

1. Data Controller

The data controller for the personal data processed via aleshaai.com is Online Commercial Systems LLC, a California limited liability company, located at 3400 Cottage Way, Sacramento, CA 95825, United States, operating under the brand name "Alesha AI".

For all data protection inquiries: [email protected].

2. What We Collect

Streamer data: When you register via Google, we store your Google user ID, display name, and email. When you connect YouTube, Twitch, or Kick, we store OAuth tokens necessary to read and post in your live chat. For payment processing, Stripe stores your billing details on our behalf — we never see your full card number.

Viewer data on connected channels: When a viewer interacts on a channel you've connected, we store: (a) live chat messages they post, (b) YouTube video comments they leave on your videos / Shorts / community posts, (c) their public platform display name and channel handle (e.g. @username), and (d) per- viewer aggregated history — counts of messages, levels reached, donations made — used to power AI engagement and dashboard analytics. We do not store real names, email addresses, IP addresses, or any data the platform itself hides. Everything stored is content the viewer chose to post publicly on YouTube / Twitch / Kick.

3. Legal Basis for Processing (GDPR Article 6)

Contractual necessity (Art. 6(1)(b)): processing your account data, OAuth tokens, and chat messages is necessary to provide the Alesha service you signed up for.
Legitimate interest (Art. 6(1)(f)): security monitoring, abuse detection, and aggregated analytics for service improvement.
Consent (Art. 6(1)(a)): for any marketing emails you explicitly opt in to receive (see our marketing-email opt-in form).
Legal obligation (Art. 6(1)(c)): tax records, sanctions screening, and complying with lawful government requests.

4. How We Use Your Data

Your data is used exclusively to provide the Alesha bot service: reading live chat, generating AI replies, translating messages, moderating content, and displaying analytics in your dashboard. We do not sell or share your data with third parties for marketing purposes.

Specifically, YouTube data obtained through Google APIs is used to: (1) detect your live streams via liveBroadcasts API, (2) read live chat messages via liveChatMessages API for AI reply generation, real-time translation, and content moderation, (3) post AI replies and translations to your live chat via liveChatMessages.insert, (4) moderate toxic messages via liveChatBans and message deletion, and (5) read and reply to comments on your videos / Shorts / community posts via the commentThreads and comments APIs. Comments and chat messages are stored together per viewer so the bot can recognize returning viewers across both surfaces (e.g. greet a chat viewer who left a comment on yesterday's video). This cross-surface viewer history powers personalized AI replies. None of this data is ever used for AI model training, ad targeting, or any purpose other than providing the Alesha bot service to the streamer who owns the channel.

5. Data Retention

Account data: kept while account is active, deleted within 30 days of account closure.
OAuth tokens: kept while account is active, revoked and deleted within 7 days of disconnection.
Twitch chat messages: 24 hours, per the Twitch Developer Agreement.
YouTube / Kick chat messages and YouTube video comments: 30 days, per the YouTube Data API Developer Policy. Streamers and viewers can request immediate deletion via [email protected].
Viewer records (display name, channel handle, message counts, levels, donation totals): automatically deleted after 90 days of viewer inactivity, and also within 30 days of either (a) the streamer closing their account, or (b) a viewer requesting deletion via [email protected].
Payment records: retained 7 years per US tax law requirements.
Moderation events: retained 30 days, then automatically deleted.
Unsubscribe records: retained indefinitely to honor opt-out preference (CAN-SPAM requirement).

6. Third-Party Services (Sub-Processors)

Alesha uses the following third-party services to operate:

OpenAI (USA) — AI reply generation, content moderation classification
DeepL (Germany) — message translation
Google / YouTube API (USA) — YouTube chat access
Twitch / Kick APIs — respective platform integrations
Supabase (USA) — database hosting with encryption at rest
Railway (USA) — application hosting
Stripe (USA) — payment processing
Resend (USA) — transactional & opt-in email delivery
Cloudflare (USA) — DNS, edge caching

Each service has its own privacy policy. Full Data Processing Agreement available at /dpa.

7. International Data Transfers

Our servers and most sub-processors are located in the United States. If you are accessing Alesha from outside the US (including the EU/EEA, UK, Switzerland, Canada, Brazil, or elsewhere), your data will be transferred to the United States. For transfers from the EU/EEA and UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and implement additional safeguards including encryption in transit (TLS 1.2+) and at rest.

8. Data Storage & Security

Data is stored in Supabase (encryption at rest) with role-level security policies. OAuth tokens are stored securely and used only for API access. Session tokens are HMAC-signed and expire after 7 days. We use TLS 1.2+ for all data in transit.

9. Google API Limited Use Disclosure

Alesha AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only use Google data to provide user-facing features (AI chat replies, translation, moderation, analytics).
We do not transfer Google data to third parties except as necessary to provide the service (OpenAI, DeepL), with the user's consent.
We do not use Google data for advertising, retargeting, or interest-based purposes.
We do not use Google data to train generalized AI/ML models. OpenAI API calls are made with data usage opt-out.
Humans do not read Google data unless required for security or legal compliance.
We do not sell Google user data to data brokers or advertising platforms.

By using Alesha's YouTube integration, you also agree to the YouTube Terms of Service and the Google Privacy Policy. You can revoke Alesha's access to your Google / YouTube account at any time via Google Account permissions; we delete the corresponding OAuth tokens within 24 hours of revocation.

9.0 What the YouTube permissions actually mean

When you connect YouTube, Google asks you to grant Alesha two OAuth scopes. The consent screen describes them in technical language; below is what each one is actually used for, and what Alesha does NOT do with it.

youtube.readonly — read your channel info

Lets Alesha see basic channel info (channel ID, title, current live stream status) so it knows where to join and when you go live.

Used for: detecting when you go live · finding your active live chat · displaying your channel name in the dashboard.

youtube.force-ssl — manage your live chat

Google's consent screen calls this "manage your YouTube account" — which sounds far broader than what Alesha actually does. In practice, this scope is the only one YouTube provides that allows posting messages to live chat, which the bot needs to function. Alesha uses it for exactly three things:

Reading live-chat messages during your stream (so it can respond)
Posting bot replies and translations into live chat (only while the bot is turned ON)
Moderation actions on live chat — delete a toxic message, time-out / ban a viewer (only when you have moderation enabled)

What Alesha does NOT do with these scopes

Does not upload, edit, delete, or modify your videos
Does not change your channel name, description, thumbnail, or any channel settings
Does not post anything to your channel feed or community tab on its own (Alesha may reply to comments under your videos, but only after you opt in)
Does not access your email, private messages, monetization settings, or analytics dashboard
Does not access any data from channels you have not connected
Does not share, sell, or transfer your data to advertisers or data brokers

You can revoke Alesha's YouTube access at any time via Google Account permissions. Tokens are deleted within 24 hours of revocation.

9.1 Twitch / Kick Integrations

When you connect a Twitch or Kick account, Alesha reads public chat data to perform its AI co-host functions on your stream. We never access private messages, follower lists, or any data the platform hides from public scope.

Twitch: Terms of Service · Privacy Notice · revoke access at Twitch Connections
Kick: Terms of Service · Privacy Policy · revoke via Kick account settings

Revoking access on the platform side automatically prevents Alesha from reading new data from that account. We delete cached tokens within 24 hours of detecting the revocation.

9.2 SmartLink & Advertising Analytics

Some streamers publish a SmartLink “link-in-bio” page (at aleshaai.com/st/<name>) listing their own social and donation links, and — where applicable — clearly-labeled sponsor offers. These analytics are first-party only: when you click a link or offer on one of our pages, we record an aggregate click event on our own servers (which streamer’s page, which link, the time, and whether a sponsor conversion occurred).

We do not attach your name, account, or a persistent identifier to these events, and these analytics are not derived from any streaming platform’s API (YouTube, Twitch, or Kick API data is never collected, aggregated, or sold for advertising). We may share aggregate, de-identified performance statistics with advertisers. Sponsor offers are intended for an adult (18+) audience; our SmartLink and advertising features are not directed to children, and we do not knowingly collect data from, or target offers to, minors. Click logging uses no cross-site tracking cookies.

10. Your Rights Under GDPR & UK GDPR

If you reside in the EU/EEA, UK, or Switzerland, you have the following rights:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion (right to be forgotten)
Restriction — limit how we process your data
Portability — receive your data in machine-readable format
Objection — object to processing based on legitimate interest
Withdrawal of consent — withdraw any consent at any time
Complaint — lodge a complaint with your local data protection authority

To exercise any right, contact [email protected]. We will respond within 30 days. For complaints, EU users may contact their national supervisory authority (list at edpb.europa.eu); UK users may contact the Information Commissioner's Office (ICO).

11. California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect and how it is used
Delete your personal information
Correct inaccurate personal information
Opt out of the sale or sharing of personal information
Limit the use of sensitive personal information
Non-discrimination — we will not discriminate against you for exercising your CCPA rights

We do not sell or share personal information for cross-context behavioral advertising. The "Do Not Sell or Share My Personal Information" right does not apply because we don't engage in such activity. Even so, you may contact us at [email protected] to confirm or request additional information.

12. Brazilian Residents (LGPD)

If you reside in Brazil, you have the rights granted by Lei Geral de Proteção de Dados (LGPD), including access, rectification, erasure, portability, anonymization, and objection. The data controller's representative for Brazil is reachable at [email protected]. Complaints may be filed with the Autoridade Nacional de Proteção de Dados (ANPD).

13. Automated Decision-Making (GDPR Art. 22)

Alesha uses automated systems for:

Content moderation — AI classifies chat messages by severity (spam, sexual, harassment, violence). Severity 3+ may result in deletion, severity 4+ in timeout, severity 5+ in ban. These are reversible decisions controlled by the streamer.
Language detection — incoming messages are classified by language to enable translation.

Streamers have full control: they can disable moderation entirely, override any moderation decision via the dashboard, and adjust severity thresholds. No automated decision has legal or significant effect on viewers — bans are local to a single channel and reversible by the streamer. If you are affected by a moderation decision and wish to contest it, contact the streamer first; for systemic concerns, contact [email protected].

14. Children's Privacy

Alesha is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided personal data, contact us immediately at [email protected] and we will delete the data. In the US, we comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect data from children under 13.

15. Cookies & Local Storage

We store a single session token in your browser's localStorage for authentication. This token is strictly necessary for the service to function — without it, you cannot stay signed in. We do not use tracking cookies, third-party analytics scripts (Google Analytics, Facebook Pixel, etc.), or any persistent identifiers for advertising.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email to registered users at least 30 days before taking effect, and via a notice on the dashboard. The "Last updated" date at the top of this page indicates the current revision.

17. Contact

For privacy-related questions or to exercise your rights, contact:

Online Commercial Systems LLC (Alesha AI)
3400 Cottage Way
Sacramento, CA 95825
United States
Email: [email protected]