How We Protect Your Twitch Credentials
Your Twitch API credentials are essential for the dashboard widgets to function, and we take their security seriously.
🔐 AES-256 Encryption
Your Client ID and Client Secret are encrypted using AES-256-CBC encryption before being stored in our database. Even if someone gained access to the database, they would see only encrypted data.
🚫 What We Don't Do
- We never store credentials in plain text
- We never share your credentials with third parties
- We never access your Twitch account for purposes other than displaying your stream data
- We never log your Client Secret in any system logs
✅ What We Do
- Encrypt all credentials at rest
- Use secure HTTPS for all data transmission
- Implement session-based authentication
- Log all account activity for security auditing
- Allow you to update your credentials at any time
📋 Best Practices
We recommend creating a dedicated Twitch application just for this service. You can do this at dev.twitch.tv/console.