Privacy Policy

1. Introduction

TubeScout ("we," "our," "us," or "Company") is committed to protecting your privacy and ensuring transparency in how we collect, use, store, and share your personal information. This Privacy Policy explains our practices regarding your data when you access or use our website at tubescout.app (the "Site") and our email digest service (the "Service").

This Privacy Policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, and other applicable privacy regulations.

By accessing or using our Site or Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site or Service.

2. Information We Collect

2.1 Information You Provide

We collect the following categories of personal information that you voluntarily provide:

• Account Information: Email address, name (if provided via Google OAuth), password (encrypted)
• Profile Information: Display name, communication preferences
• Payment Information: Billing details processed by our payment processor Stripe (we do not store full credit card numbers)
• Communication Data: Content of messages you send us, including support requests and feedback
• YouTube Account Data: When you connect your YouTube account, we access your subscription list and basic channel information

2.2 Information Collected Automatically

When you access our Site or Service, we automatically collect certain information:

• Usage Data: Pages visited, time spent, click patterns, features used, search queries
• Device Information: Browser type and version, operating system, device identifiers, screen resolution
• Network Information: IP address, approximate geographic location (city/country level), internet service provider
• Cookies and Similar Technologies: Session identifiers, analytics cookies, preference cookies
• Performance Data: Page load times, error logs, crash reports

2.3 Information from Third Parties

• Google/YouTube: Profile information, subscription data, channel preferences when you authorize our access
• Analytics Providers: PostHog provides us with aggregated usage statistics and user behavior insights
• Payment Processors: Stripe shares transaction status and payment method information

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

• Create and maintain your account
• Provide daily email digests with AI-generated video summaries
• Process your subscription payments
• Respond to your support requests and inquiries
• Deliver transactional emails (confirmations, receipts, service updates)

3.2 Service Improvement

• Analyze usage patterns to improve user experience
• Develop new features based on user behavior
• Test and optimize our AI summarization algorithms
• Monitor and improve email deliverability
• Debug technical issues and enhance performance

3.3 Communication

• Send you updates about new features and service changes
• Notify you of important account or subscription changes
• Send marketing communications (with your consent where required)
• Conduct surveys and gather feedback

3.4 Legal and Security

• Comply with legal obligations and respond to lawful requests
• Enforce our Terms of Service and protect our rights
• Prevent fraud, abuse, and unauthorized access
• Protect the safety and security of our users and Service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing required to provide our Service per our Terms of Service
• Consent: You have given explicit permission for specific processing activities
• Legitimate Interests: Processing necessary for our business operations (service improvement, fraud prevention)
• Legal Compliance: Processing required to comply with legal obligations

5. Data Sharing and Disclosure

We share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party companies to perform services on our behalf:

• Firebase (Google Cloud): Cloud infrastructure, database hosting, authentication
  Data shared: Account information, usage data | Location: United States
• Stripe: Payment processing
  Data shared: Billing information, transaction history | Location: United States
• Resend: Email delivery service
  Data shared: Email address, name, email content | Location: United States
• PostHog: Analytics and product insights
  Data shared: Usage data, device information | Location: European Union
• Google Gemini AI: Video content summarization
  Data shared: YouTube video metadata, transcripts | Location: United States

Important Clarification on AI Usage:

We send YouTube video metadata and transcripts to Google Gemini AI solely to generate summaries for your daily email digests. This data is NOT used to train AI models or for any purpose other than providing you with the Service features you requested. All AI processing complies with Google's Limited Use requirements.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our Site before your information becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Governmental or regulatory requests
• Enforcement of our Terms of Service
• Protection of rights, property, or safety of TubeScout, our users, or the public

5.4 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing.

We do NOT sell your personal information to third parties for monetary consideration.

6. Data Retention

We retain your personal information for specific periods based on the purpose:

• Active Account Data: Duration of your subscription plus 30 days after cancellation
• YouTube Data (Upon Access Revocation): Deleted within 7 days when you revoke TubeScout's access via Google security settings (separate from subscription cancellation)
• Billing Records: 7 years for tax and accounting compliance
• Usage Analytics: 2 years from collection date
• Support Communications: 3 years from last interaction
• Marketing Consent: Until you withdraw consent or 2 years of inactivity
• Legal Hold Data: Duration of legal obligation plus 1 year

After these periods, we securely delete or anonymize your information. You may request earlier deletion by contacting us (see Section 13).

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit is encrypted using TLS 1.3; data at rest uses AES-256 encryption
• Access Controls: Role-based access limits employee access to necessary data only
• Authentication: Multi-factor authentication for administrative access
• Monitoring: Continuous security monitoring and intrusion detection
• Regular Audits: Quarterly security assessments and penetration testing
• Secure Infrastructure: Firebase/Google Cloud Platform with enterprise-grade security
• Data Backup: Automated daily backups with encrypted storage

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Privacy Rights

8.1 Rights for All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing emails via the link in each email

8.2 Additional Rights for EEA Users (GDPR)

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict: Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent for consent-based processing at any time
• Right to Lodge Complaint: File a complaint with your local data protection authority

8.3 Additional Rights for California Residents (CCPA/CPRA)

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information we collected
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: We do not sell your data)
• Right to Limit Sensitive Data Use: Limit use of sensitive personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

8.4 How to Exercise Your Rights

To exercise any of these rights, please:

• Email us at: support@tubescout.app
• Include "Privacy Rights Request" in the subject line
• Provide your name, email address, and specific request

We will respond to verified requests within 30 days (or 45 days if we notify you of an extension). We may require additional information to verify your identity before processing your request.

9. International Data Transfers

TubeScout is based in [Your Jurisdiction]. If you access our Service from outside this jurisdiction, your information may be transferred to, stored, and processed in countries where our service providers operate, including the United States and European Union.

These countries may have data protection laws different from your country. However, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield Framework compliance (where applicable)
• Adequacy decisions by relevant data protection authorities
• Binding Corporate Rules for intra-group transfers

10. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

10.1 Essential Cookies

Required for basic site functionality and security. These cannot be disabled.

10.2 Analytics Cookies

Help us understand how visitors interact with our Site using PostHog analytics. These cookies collect aggregated, anonymized data about pages visited, time spent, and user actions.

10.3 Preference Cookies

Remember your settings and preferences (e.g., language, theme) to enhance your experience.

10.4 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect site functionality. Most browsers accept cookies automatically but allow you to adjust settings to decline cookies or alert you when cookies are being sent.

• Chrome Cookie Settings
• Firefox Cookie Settings
• Safari Cookie Settings

11. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. Because there is no common industry standard for DNT signals, we do not currently respond to DNT browser signals. However, you can manage cookies and tracking through your browser settings as described above.

12. Children's Privacy

Our Service is not directed to individuals under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@tubescout.app. We will delete such information promptly.

13. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach
• Provide details about the nature of the breach and data affected
• Outline steps we are taking to address the breach
• Recommend actions you can take to protect yourself
• Notify relevant data protection authorities as required by law

14. Third-Party Links and Services

Our Site may contain links to third-party websites, applications, or services (including YouTube, Google, and social media platforms). This Privacy Policy does not apply to these third parties. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party services before providing them with your information.

15. YouTube API Services

TubeScout uses YouTube API Services to access your YouTube subscription data. When you connect your YouTube account, we access your subscription list and basic channel information to provide daily email digests. By using our Service, you agree to be bound by the YouTube Terms of Service.

You can revoke TubeScout's access to your YouTube data at any time via the Google security settings page.

Please review Google's privacy policy at https://policies.google.com/privacy.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have an account with us
• Display a prominent notice on our Site for 30 days
• For material changes affecting your rights, obtain your consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: