As part of our project, we want to store some historical data from the Twitch API for our users. I noticed the Twitch Developer TOS says the following:
Do not store copies of Twitch Content or Program Materials, unless you: (a) obtain prior written authorization from Twitch (through these terms or otherwise); (b) control the rights associated with such content; or (c) cache such information for only a twenty-four hour time period without further sharing it with third parties.
So is it against the rules of the API to store data beyond 24 hours? There are multiple websites that can be found on Google that handle those scenarios. I want to ensure that my data storage correctly compiles with what’s allowed under the Twitch TOS.
In my opinion: store what is logical to store when you have permission from the broadcaster to retain the broadcasters data.
This is covered under (b) control the rights associated with such content; when you have permission of the broadcaster that is the relevant rights associated with the content.
Doesn’t matter what those do/don’t do, we don’t know what permissions/rights those have
I saw the same line in the TOS but I think it’s still unclear if that’s what that means. I would hope it means what you state - that by the user granting us permission (with OAuth scopes and maybe our own TOS) that we are given permission to retrieve and store the data for them. But it’s not called out in that way in the TOS explicitly, and therefore seems like it’s forbidden.
This question seems to go way back. I’m surprised we haven’t been given more clarity. I want to follow the Twitch TOS but it seems like it’s cutting off data storage, and a lot of capability in doing so.
Found a related thread from 2016 with similar questions that were never fully answered:
well how else do you get permission to read private data?
Under (b)
Doing oAuth is how you get permission to access private data and it’s a form of the user signin up to your service, and conversely leaving it if/when they revoke access.
As a developer I agree, the user is giving me permission to access this data, so I can now access it.
But it seems like the TOS treats “Twitch Content” as something owned by Twitch. So while the user may own the video content they create, things like viewer or subscriber count data would still be Twitch owned. Can the user give permission for us to store that in relation to (b)? It still seems like an assumption in some way and I would expect that interpreting it in that way would leave our project open to some issues from Twitch.
It seems like it would benefit from an explicit callout.
Thanks for the question, @ChrisHelmsC. Although we do not change the Developer Services Agreement often, we’ll note this feedback for further clarity.
Generally, your approach is correct. If you implement an OAuth flow to get permission from a Twitch user to access their data, you are compliant with our Developer Services Agreement to store and present this information longer than the 24-hour period mentioned in statement (c).
I preface the above with “generally” as, of course, all other statements of the DSA apply. From the information you have included in this forum conversation, it sounds like historical data is foundational to your service and therefore you are compliant to store this information for your users’ benefit with their OAuth permission.
Hey @BarryCarlyon and @jbulava, really appreciate the responses from both of you. Thanks for clairifying how to remain compliant with the DSA, we didn’t want to break any rules.
Just for my understanding - because we’re taking the user through the oAuth flow, that’s where (b) is being applied, and so then we can store the info for longer than the 24 hours mentioned as long as we’re otherwise compliant.
So if we obtain data through something like the /streams endpoint with an app token (not a user access token) and what comes back is data on the top 100 streams currently live on Twitch, we shouldn’t store anything like that for more than 24 hours?
