Privacy Policy for StayTubed

1. Introduction

Welcome to StayTubed ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application (the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

This Service is operated by StayTubed.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

• Personal Data: When you register or log in using Google Sign-In (Firebase Authentication), we collect basic profile information provided by Google, such as your name, email address, and Google Account user ID (UID). We use this solely for account creation, authentication, and management within StayTubed.
• YouTube Data (via Google OAuth): If you choose to connect your YouTube account to StayTubed (optional feature on the /channels page), we will request your authorization via Google OAuth using the https://www.googleapis.com/auth/youtube.readonly scope. If you grant permission, we will access:
  • Your list of YouTube channel subscriptions.
  • Associated channel details for those subscriptions (e.g., Channel ID, Title, Thumbnail URL).
  • (See Section 4 below for detailed information on how Google User Data is handled).
• Configuration Data: Information you provide directly within the Service settings, such as:
  • Telegram Bot Token and Chat ID (if using the manual setup option).
  • Selected plan details and credit balance.
• Usage Data: Information automatically collected when you access and use the Service, such as your IP address, browser type, operating system, access times, pages viewed, interactions with features, and error logs. This may be collected using server logs or analytics tools (e.g., Vercel Analytics).
• Summary Data: The summaries generated by our AI based on the video transcripts from the channels you monitor. These are associated with your user account.

3. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

• Create and manage your StayTubed account.
• Authenticate you when you log in.
• Provide the core Service functionality: monitoring selected YouTube channels, fetching transcripts (via our backend), generating AI summaries, and storing them.
• Display your YouTube subscriptions (if connected): Allow you to easily view and select channels from your YouTube subscription list on the /channels page to add them to StayTubed monitoring.
• Deliver notifications (e.g., summaries, low credit warnings) via Telegram if you have configured it.
• Process transactions and manage your plan/credits (if applicable payment features are implemented).
• Monitor and analyze usage and trends to improve the Service and user experience.
• Diagnose and fix technical problems.
• Respond to your comments, questions, and provide customer support.
• Communicate with you about your account or use of the Service.
• Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
• Enforce our Terms of Service.

4. Google User Data (YouTube API Services)

This section specifically details our handling of data accessed via the YouTube API Services through Google OAuth.

• Scope Requested: We request access using the https://www.googleapis.com/auth/youtube.readonly scope. This allows us read-only access to view your YouTube account's subscriptions list and associated channel details.
• Purpose of Use: The sole purpose of accessing this data is to display your YouTube channel subscriptions list within the StayTubed application (specifically on the /channels page). This allows you, the user, to conveniently view your existing subscriptions and select which ones you wish to monitor using the StayTubed service.
• Data Caching: To improve performance and user experience, we may cache the list of your subscribed channel IDs and their basic details (title, thumbnail) within our secure database (Firestore) associated with your user ID (userYoutubeSubscriptions/{userId}). This cached data is refreshed when you explicitly trigger a sync via the /api/youtube/sync endpoint.
• Limited Use Compliance: StayTubed's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• No Sharing or Selling: We do not share your YouTube subscription data obtained via the Google API with any third parties, except as strictly necessary for providing the core functionality (e.g., storing the cached list in our secured Firebase/GCP infrastructure) or as required by law. We do not sell this data.
• No Use for Advertising: We do not use your YouTube subscription data for serving advertisements.
• Revoking Access: You can revoke StayTubed's access to your YouTube data at any time via your Google Account security settings page: https://myaccount.google.com/permissions. Revoking access will prevent future syncing of your subscription list.

5. Disclosure of Your Information

We do not share, sell, rent, or trade your Personal Data or Google User Data with third parties for their marketing purposes. We may share information we have collected about you in certain situations:

• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
• Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf, including:
  • Cloud hosting and database providers (e.g., Google Cloud Platform / Firebase).
  • AI service providers (e.g., OpenAI / OpenRouter, used by our backend to generate summaries from transcripts).
  • Analytics providers (e.g., Vercel Analytics, for aggregated usage analysis).

  These service providers will have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

6. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information and Google User Data. We store sensitive information like YouTube API refresh tokens securely within Firestore, leveraging Google Cloud's security infrastructure. While we have taken reasonable steps to secure the information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

7. Data Retention

We will retain your Personal Data, YouTube Data cache (if applicable), configuration data, and summary data for as long as your account is active or as needed to provide you the Service. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Upon deletion of your account (see Section 8), we will take steps to delete your information as described therein.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include the right to:

• Access and Update: You can review and update your basic account information (managed via your Google Account) and specific StayTubed settings (like Telegram configuration) through the /settings page in the application.
• Deletion: You have the right to delete your StayTubed account and associated data. You can initiate this process via the "Delete My Account" option on the /settings page. This action will trigger the deletion of your StayTubed user record, settings, cached YouTube subscription data, monitored channel list, generated summaries, and stored YouTube API tokens from our systems, subject to necessary retention for legal or operational purposes. Account deletion in StayTubed does not automatically revoke permissions granted via your Google Account; you must do that separately (see Section 4).
• Revoke Consent (YouTube): As mentioned in Section 4, you can revoke StayTubed's access to your YouTube data at any time via your Google Account security settings page.
• Disconnect Telegram: You can disconnect the StayTubed Telegram bot connection via the /settings page.

9. Children's Privacy

Our Service is not intended for use by children under the age of 13 (or relevant age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. For significant changes, we may provide more prominent notice (e.g., via email or in-app notification).