We only collect what’s necessary to provide the service. We use Google OAuth for login, store your YouTube refresh token securely, and send your comment data to OpenAI for AI replies. We never sell your data. You can delete your account anytime.
1. Information We Collect
1.1 Information You Provide
• Google Account Information: When you sign up via Google OAuth, we receive your name, email, profile picture, and YouTube channel ID. • YouTube Data: Comments from your YouTube videos and community posts (read-only access via YouTube API). • Payment Information: Collected and processed by Stripe. We store transaction IDs and subscription status, but never your credit card details. • User-Generated Content: Edited AI replies, settings, and preferences.
1.2 Automatically Collected Information
• Usage Data: Pages visited, features used, time spent in the app. • Device Information: Browser type, operating system, IP address. • Cookies: We use essential cookies for authentication (JWT token). No tracking/advertising cookies.
2. How We Use Your Information
We use your data to:
• Provide the Service: Fetch YouTube comments, generate AI replies via OpenAI, translate comments via Google Cloud Translation. • Authentication: Verify your identity and manage your session. • Billing: Process payments and manage subscriptions via Stripe. • Communication: Send service updates, billing notifications, and support responses. • Improvement: Analyze usage patterns to improve features (aggregated, anonymized data only). • Compliance: Maintain audit logs to comply with YouTube API Terms of Service.
We DO NOT:
❌ Sell your data to third parties ❌ Use your data for advertising ❌ Share your comments or content publicly ❌ Access your YouTube account without your permission
3. Third-Party Services
We share data with these services to operate:
3.1 Google (YouTube Data API & OAuth)
• Data Shared: Your YouTube channel ID, OAuth tokens, video IDs, comment IDs. • Purpose: Authenticate users and fetch/post comments. • Privacy Policy: https://policies.google.com/privacy • YouTube API Terms: https://developers.google.com/youtube/terms/api-services-terms-of-service
3.2 OpenAI (GPT-4 API)
• Data Shared: YouTube comment text, video titles (to generate contextual replies). • Purpose: Generate AI-powered reply suggestions. • Privacy Policy: https://openai.com/policies/privacy-policy • Note: OpenAI does NOT use your data to train models (as of API terms).
3.3 Google Cloud Translation API
• Data Shared: Comment text in original language. • Purpose: Translate comments to/from English. • Privacy Policy: https://policies.google.com/privacy
3.4 Stripe
• Data Shared: Email, subscription plan, payment amount. • Purpose: Process payments and manage subscriptions. • Privacy Policy: https://stripe.com/privacy • Note: We never see your credit card information.
3.5 Hosting Providers
• Railway (Backend & Database): https://railway.app/legal/privacy • Vercel (Frontend): https://vercel.com/legal/privacy-policy
4. Data Security
How we protect your data:
• Encryption: All data transmitted via HTTPS (SSL/TLS). • Database Security: PostgreSQL hosted on Railway with encrypted connections. • Token Storage: YouTube refresh tokens stored encrypted in the database. • Access Control: JWT-based authentication, passwords hashed with bcrypt. • Audit Logs: All API actions logged for security monitoring.
Important: No system is 100% secure. While we use industry-standard security measures, we cannot guarantee absolute security. Use strong passwords and enable two-factor authentication on your Google account.
5. Data Retention
How long we keep your data:
• Account Data: Retained until you delete your account. • Comments & Replies: Retained for the duration of your subscription. • Activity Logs: Retained for 12 months for compliance and debugging. • Payment Records: Retained for 7 years for tax/accounting purposes.
After Account Deletion:
• Your account data is deleted within 30 days. • Anonymized usage analytics may be retained. • Payment records retained for legal compliance.
6. Your Rights (GDPR & CCPA Compliance)
You have the right to:
• Access: Request a copy of your data. • Correction: Update incorrect information in your account settings. • Deletion: Delete your account and associated data. • Portability: Export your data in JSON format. • Opt-Out: Unsubscribe from marketing emails (we don’t send many!). • Revoke Access: Disconnect YouTube integration via Google account settings.
To exercise your rights, email: support@brucelande.com with subject line: “Privacy Request”
We respond within 30 days.
7. Children’s Privacy
Our service is NOT intended for users under 18. We do not knowingly collect data from minors. If you believe a child under 18 has created an account, contact us immediately at support@brucelande.com.
8. International Users
Our servers are located in the United States. If you access the service from outside the US, your data will be transferred to and processed in the US. By using the service, you consent to this transfer.
GDPR (EU Users): We comply with GDPR. Your data is processed under the legal basis of “contract performance” (to provide the service) and “legitimate interest” (to improve the service).
9. Cookies & Tracking
We use only essential cookies:
• Authentication Cookie: JWT token stored in localStorage to keep you logged in. • Session Cookie: Temporary session management.
We DO NOT use:
❌ Google Analytics or similar tracking ❌ Advertising cookies ❌ Social media pixels
10. YouTube Data API Disclosure
Required by YouTube API Terms:
Comments Management System’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
What this means:
• We only access YouTube data you explicitly authorize. • We do not use YouTube data for any purpose other than providing this service. • We do not transfer YouTube data to third parties (except OpenAI for AI replies, Google for translation). • You can revoke access anytime via Google Account settings.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Continued use of the service after changes constitutes acceptance.
For significant changes, we will notify you via email.
12. Contact Us
Questions or concerns about this Privacy Policy?
Email: support@brucelande.com Website: brucelande.com
Comments Management System is an independent service and is not affiliated with, endorsed by, or sponsored by YouTube or Google. YouTube is a trademark of Google LLC
Bruce Lande Troubadour 