Mixchat is designed to function without a server-side database. No messages, emails, or account credentials are stored on any server. Data processing occurs locally in the visitor's browser. Once the user logs out or clears their cache, session data is removed.
When connecting a Twitch or YouTube account, the browser gets "keys" (OAuth tokens) from those services.
httpOnly cookies. This helps block outside scripts from seeing them.
localStorage so the app remembers
who you are on refresh.
Mixchat is a real-time client. Chat messages flow from Twitch or YouTube directly to the screen. They are kept in the browser's memory during a session and are not archived.
By linking a YouTube channel, Mixchat uses the official YouTube Data API. It only requests public info to show live status and stream metadata properly.
To make everything work smoothly, Mixchat talks to a few core services:
Mixchat's server/API is "stateless." This means it doesn't remember sessions from one second to the next without the browser sending its security key. There's no backend database where history or personal info could be stored.
Since no data is stored, "deleting an account" is straightforward. Clicking Logout wipes the cookies and session info from the browser. Closing the tab clears the memory usage. For total assurance, clear the site data in the browser settings.
Login tokens are managed using secure HTTP-only cookies. It is recommended to use strong passwords and two-factor authentication (2FA) on Twitch and YouTube accounts.
Mixchat changes fast. The date at the top will be updated if there are ever changes to how info is handled (like adding a new feature that needs a different API).
If you have questions about any of this, open an issue on the GitHub repository.