Privacy Policy

1. Introduction

This Privacy Policy describes how Subtube ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our Service at https://subtube.app (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. By using the Service, you consent to the data practices described in this Privacy Policy.

Personal Information means any information relating to an identified or identifiable individual.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service, including:

• Account Information: Name, email address, password (encrypted), and authentication credentials when you create an account
• Payment Information: Billing details and payment card information (processed securely by our payment processor - we do not store credit card numbers, CVV codes, or full payment card details)
• Communication Data: Messages, feedback, and support inquiries you send to us
• Waiting List Data: Email address if you join our pre-launch waiting list
• API Usage Data: YouTube video IDs, video URLs, API requests, request parameters, and response metadata

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

• Usage Data: API endpoint calls, request frequency, response times, error logs, and feature usage patterns
• Device Information: IP address, browser type, operating system, device identifiers, and user agent strings
• Location Data: Approximate geographic location derived from your IP address
• Cookies and Tracking Technologies: Data collected through cookies, web beacons, and similar technologies (see Section 7)
• Browser Fingerprints: Device characteristics collected for abuse prevention on public endpoints (does not track users across sites)

2.3 Information from Third Parties

We may receive information about you from third-party services, including:

• Authentication Providers: Profile information when you sign in through Google OAuth
• Payment Processors: Transaction confirmations and payment status
• Analytics Services: Aggregated usage statistics and demographic information

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Process your API requests and deliver transcript data
• Create and manage your user account
• Authenticate and authorize access to the Service
• Process payments and maintain billing records
• Monitor and enforce usage limits based on your subscription plan

3.2 Service Improvement

• Analyze usage patterns to improve Service performance and reliability
• Identify and fix technical issues and bugs
• Develop new features and enhance existing functionality
• Conduct research and analytics using anonymized, aggregated data

Important: We do not use your video URLs, API requests, or any content you submit through the Service to train or improve AI models. The transcripts and subtitles we provide are extracted from YouTube's existing data and are not used by us for machine learning purposes.

3.3 Communication

• Send transactional emails about your account, billing, and Service updates
• Respond to your inquiries and support requests
• Send marketing communications about new features and promotions (with opt-out options)
• Notify you of important changes to our Terms of Service or Privacy Policy

3.4 Security and Compliance

• Detect, prevent, and respond to fraud, abuse, and security incidents
• Enforce our Terms of Service and other policies
• Comply with legal obligations and respond to lawful requests from authorities
• Protect the rights, property, and safety of Subtube, our users, and the public

3.5 Waiting List

If you join our pre-launch waiting list, we collect your email address to notify you when the Service launches or becomes available. You can request removal from the waiting list at any time by contacting [email protected].

3.6 No Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Infrastructure: Hosting and infrastructure providers for data storage and service delivery
• Payment Processing: Paddle to handle transactions as our Merchant of Record
• Monitoring Services: Third-party services for error tracking and performance monitoring

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (e.g., subpoenas, court orders, warrants)
• Government or regulatory requests
• Investigations of potential violations of our Terms of Service
• Circumstances requiring protection of rights, property, or safety

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you with third parties for research, marketing, analytics, or other purposes.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Active Accounts

For active accounts, we retain your account information and usage data for the duration of your subscription and for a reasonable period thereafter to facilitate reactivation. Active sessions expire after 30 days of inactivity.

5.2 Closed Accounts

After you close your account, we retain data for the following periods:

• Account Information: Deleted via manual request to [email protected]
• Usage Logs (API requests, video IDs): Retained for 1 year for fraud prevention and compliance, then automatically deleted
• Payment Records: Retained for 7 years to comply with tax and accounting regulations
• Support Communications: Retained for 2 years for legal and customer service purposes
• Backup Systems: Data in backups is purged according to our backup retention schedule (typically 30-90 days)

We may retain certain data longer where required for legal obligations, fraud prevention, dispute resolution, or enforcing our agreements.

5.3 API Request Data

API request logs and associated metadata (including YouTube video IDs, timestamps, and response status) are retained for up to 1 year for debugging, analytics, and security purposes, after which they are automatically deleted or anonymized.

5.4 Cached Data

Transcript data may be temporarily cached for performance optimization purposes. Cached data is automatically purged within 90 days.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to access your personal information and request a copy of your data in a structured, machine-readable format.

6.2 Correction

You have the right to correct inaccurate or incomplete personal information. You can update most account information through your account settings.

6.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention). To request account deletion, contact us at [email protected].

6.4 Objection and Restriction

You may object to or request restriction of certain processing of your personal information, such as direct marketing.

6.5 Withdraw Consent

Where we process your information based on consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

6.6 Marketing Opt-Out

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings. Note that you will still receive transactional emails necessary for the Service.

6.7 Exercising Your Rights

To exercise any of these rights, you can:

• Update most account information directly through your account settings
• Contact us at [email protected] with your request
• Use our online support form at https://subtube.app

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to protect your privacy and security.

6.8 Complaints

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Service. We use cookies and similar tracking technologies to provide, secure, and improve the Service.

7.2 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the Service to function, including authentication and security features. These cannot be disabled.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
• Analytics Cookies: Help us understand how users interact with the Service, identify popular features, and diagnose technical issues.
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (with your consent).

7.3 CAPTCHA and Bot Prevention

We use Cloudflare Turnstile CAPTCHA on certain public endpoints to prevent abuse and bot activity. This may collect device and browser information to verify that requests are made by humans, not bots.

7.4 Managing Cookies

You can control cookies through your browser settings. Note that blocking certain cookies may affect Service functionality. Most browsers accept cookies by default, but you can modify your browser settings to decline cookies if you prefer.

7.5 Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. We do not currently respond to DNT signals because there is no industry standard for how to interpret them.

8. Data Security

We implement reasonable physical, administrative, and technical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

8.1 Security Measures

Our security measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure authentication and authorization mechanisms
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal information
• Monitoring and logging of security events

8.2 Limitations

Despite our security measures, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activities under your account.

8.3 Security Incidents

If we become aware of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

9. International Data Transfers

The Service is operated from and hosted in various countries. If you are located outside these countries, your information may be transferred to, stored, and processed in countries with different data protection laws than your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the applicable age of legal majority in your jurisdiction). We do not knowingly collect personal information from minors.

If you believe we have inadvertently collected information from a minor under 18, please contact us at [email protected], and we will promptly delete such information.

11. Regional Privacy Rights

11.1 California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected, used, disclosed, and sold
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at [email protected] or call us toll-free (if we provide a phone number).

11.2 European Economic Area, UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have rights under the GDPR, including:

• Right of access, rectification, erasure, and data portability
• Right to restrict or object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

For enterprise customers requiring a Data Processing Addendum (DPA) for GDPR compliance, please contact us at [email protected]. We can provide Standard Contractual Clauses as approved by the European Commission.

11.3 Legal Basis for Processing (GDPR)

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service under our Terms of Service
• Consent: Processing based on your explicit consent (e.g., marketing communications)
• Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention, security, and service improvement
• Legal Obligations: Processing required to comply with applicable laws

12. Third-Party Services

The Service may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with your information.

Our Service integrates with YouTube to extract transcript data. Your use of YouTube content is subject to YouTube's Terms of Service and Privacy Policy. We are not responsible for YouTube's data practices.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on the Service with a new "Last updated" date
• Sending you an email notification (if you have an account)
• Displaying a prominent notice on the Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Service.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: [email protected]
• Support Email: [email protected]
• Website: https://subtube.app

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.