Privacy Policy
Privacy Policy for VidsGenius - How we collect, use, and protect your information when you use our Service.
Last updated: September 28, 2025
Overview
VidsGenius ("we," "our," or "us") operates a video analytics platform that helps users analyze YouTube channel and video performance using publicly available data.
This Privacy Policy describes how we collect, use, and protect your information when you use our Service.
Information We Collect
YouTube Data (Public Information Only)
- Channel Information: Public channel names, descriptions, subscriber counts
- Video Data: Public video titles, descriptions, view counts, upload dates
- Transcripts: Publicly available video transcripts
- Public Metrics: Engagement statistics and other publicly visible data
We only access publicly available YouTube data that anyone can view without logging in.
Account Information
- Email address (for account creation and communication)
- Name and profile information you provide
- Payment information (processed by our payment provider)
Usage Information
- How you interact with our Service
- Features you use and analyses you perform
- Technical information necessary for Service operation
How We Use Your Information
We use the collected information to:
- Provide YouTube analytics and insights
- Generate reports and visualizations
- Process payments and manage subscriptions
- Improve our Service and develop new features
- Communicate with you about your account
- Send optional product updates (with your consent where required)
- Ensure security and prevent fraud
Legal Bases (EU Users)
For users in the European Union, we process your data based on:
- Contract Performance: To provide the services you sign up for
- Legitimate Interests: To improve our product and analyze usage patterns
- Consent: For optional communications and certain analytics where required
- Legal Obligations: For record-keeping and compliance requirements
YouTube API Services
Our Service uses YouTube's API Services. By using our Service, you are also bound by the YouTube Terms of Service.
YouTube Data Handling
- We access only publicly available YouTube data
- No YouTube login credentials are required or stored
- You provide YouTube channel URLs for analysis
- All data we access is already publicly visible on YouTube
Data Retention
We retain your information for the following periods:
- Account data: Until you delete your account or after 24 months of inactivity
- Analysis results: While your account exists, unless manually deleted
- Payment records: As required by law (typically 7 years)
- YouTube data cache: Refreshed regularly for accuracy and compliance
- System logs: Up to 12 months for security and troubleshooting
Data Sharing and Disclosure
We do not sell your personal information. We share information only:
- With your explicit consent
- To comply with legal obligations
- To protect our rights and safety
- With service providers who help us operate our Service
Service Providers
We work with trusted third-party providers for:
- Payment processing
- Email delivery
- Website hosting and infrastructure
- Analytics and product improvement
- AI content generation
All providers are bound by confidentiality agreements and data protection requirements.
Data Security
We implement appropriate security measures including:
- Encryption of data in transit and at rest
- Regular security updates and monitoring
- Access controls and authentication
- Regular backups and disaster recovery procedures
No system is completely secure, but we take reasonable steps to protect your information.
Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Portability: Receive your data in a machine-readable format
- Restriction: Request temporary restriction of processing
- Objection: Object to certain types of processing
EU Users Additional Rights
You also have the right to lodge a complaint with your local data protection authority.
To exercise any rights, email us at: admin@vidsgenius.com
Cookies and Tracking
We use cookies and similar technologies for:
- Essential functions: Authentication and security (required for Service operation)
- Analytics: Understanding how our Service is used (PostHog for A/B testing)
- Preferences: Remembering your settings
You can control cookies through your browser settings. Blocking essential cookies may affect Service functionality.
Analytics and A/B Testing
We conduct experiments to improve our Service using anonymized data. This may include testing different page layouts, button text, or feature arrangements. Data captured includes variant assignments, page views, and basic interaction events. This helps us optimize user experience and measure feature effectiveness.
Advertising & Conversion Tracking
We measure the performance of our marketing campaigns (Google Ads, etc.) by tracking conversion events like signups and purchases. This includes UTM parameters, referrer information, and pseudonymous identifiers for attribution purposes. We do not engage in behavioral retargeting or cross-site tracking.
International Users
Your information may be processed in countries other than your own. When we transfer data internationally, we use appropriate safeguards to protect your information.
International Transfers & Safeguards
Where personal data is transferred outside the EEA/UK to a country without an adequacy decision, we implement Standard Contractual Clauses (SCCs) or equivalent safeguards with our processors.
Data Processing Addendum (DPA)
If you are a business customer requiring a DPA for compliance purposes, contact us at admin@vidsgenius.com and we will provide a signed DPA incorporating appropriate safeguards where applicable.
Children's Privacy
Our Service is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our Service.
Contact Us
For questions about this Privacy Policy, contact us at:
- Email: admin@vidsgenius.com
- Address: 58-12 Queens Blvd, Suite 2, #1034, Queens, NY 11377, USA
California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
Categories of Personal Information
We collect the following categories of personal information:
- Identifiers: Email address, name, account ID
- Commercial Information: Subscription details, payment history, usage records
- Internet Activity: Website interactions, feature usage, analysis requests
- Professional Information: Business use of analytics data (if applicable)
Your California Rights
- Right to Know: Request details about personal information we collect, use, or disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so no opt-out is needed
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
How to Exercise Your Rights
To exercise your California rights, email us at: admin@vidsgenius.com with "California Privacy Request" in the subject line. We may verify your identity before processing your request.
VidsGenius is an independent platform and is not affiliated with YouTube or Google.
YouTube API Services
Our Service uses YouTube's API Services. By using our Service, you are also bound by the YouTube Terms of Service and Google Privacy Policy.
YouTube Data Handling
- We access only publicly available YouTube data (no private or personal information)
- No YouTube login credentials are stored
- You provide YouTube channel URLs or IDs for analysis
- All data we access is already publicly visible on YouTube
- No authentication with your YouTube account is required
Data Retention
We cache public YouTube data (such as video metadata, transcripts, scoring metrics, and analysis outputs) for performance and reliability. Because YouTube content changes, and to comply with YouTube API requirements regarding freshness and permissible storage of derived data, we periodically refresh or remove cached records. We do not store private YouTube data.
Retention guidelines:
- Account & profile data: Retained until you delete your account or 24 months of inactivity (whichever comes first).
- Email & transactional logs: Up to 12 months (fraud/security/audit) then purged.
- Cached YouTube metadata & transcripts: Refreshed or re-fetched regularly; stale entries may be pruned at any time and are not guaranteed to persist beyond operational usefulness.
- Analysis outputs: Retained while your account exists unless you manually delete an analysis.
- Backups: Encrypted rolling backups (30–45 days) after which they are overwritten.
- Aggregated / anonymized statistics: May be retained indefinitely (cannot identify you).
If we delete or refresh metadata under these rules, your personal account data is not affected. You may request deletion of your account at any time (see “Your Rights”).
Data Sharing and Disclosure
We do not sell or rent personal information. We share information only in these circumstances:
- With your explicit consent
- To comply with legal obligations
- To protect our rights and safety
- With service providers who assist in operating our Service (under strict confidentiality agreements)
Sub‑Processors (Service Providers)
We use vetted third‑party infrastructure providers under data processing or confidentiality agreements. Core providers:
| Provider | Purpose | Notes |
|---|---|---|
| Vercel | Hosting / edge delivery | Application + static assets |
| Stripe | Payments / billing | No raw card data stored by us |
| Resend | Transactional email delivery | System & notification emails |
| PostHog | Product analytics & feature flags | Pseudonymous event data; analytics only |
| Supadata | Transcript & metadata retrieval utility | Public transcript extraction pipeline |
| Neon (Postgres) | Primary database storage | Encrypted at rest; role-based access |
| Google Cloud (Cloud Run / Jobs) | Background processing / workers | Regional job execution & scaling |
| Redis / Queue provider | Caching & background jobs | Ephemeral operational data |
| OpenAI | AI content generation | Transient processing of analysis context; not used to train public models (per provider policy) |
| Google / YouTube APIs | Public video & channel data | Public-only, refreshed periodically |
We may update this list; material changes will appear in an updated policy.
Data Security
We implement layered safeguards proportionate to risk, including:
- TLS encryption in transit; encrypted storage for primary databases and backups
- Principle of least privilege & role-based access for production access
- Secrets managed via environment variable controls; periodic rotation
- Regular dependency patching and vulnerability monitoring
- Logging & anomaly detection for abuse and fraud patterns
- Segregated background job processing to isolate workload spikes No internet-facing system is perfectly secure; if we detect a breach impacting your personal data, we will notify you consistent with applicable law.
Your Rights
Depending on your jurisdiction you may have some or all of the following rights regarding personal data we process about you:
- Access – Obtain a copy of personal data we hold about you
- Rectification – Request correction of inaccurate or incomplete data
- Deletion – Request deletion of your account and associated personal data
- Restriction – Request temporary restriction of certain processing (e.g., dispute accuracy)
- Portability – Receive your account / analysis metadata you provided in a machine‑readable format
- Objection – Object to analytics or product-improvement processing where based on legitimate interest
To exercise any right, email: admin@vidsgenius.com from your account email. We may request verification. We do not discriminate for exercising privacy rights. We do not sell personal data.
Additional Rights (EEA/UK)
You also have the right to lodge a complaint with your local data protection supervisory authority. A list of EU authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users: Information Commissioner's Office (https://ico.org.uk/). We encourage contacting us first so we can address your concerns directly.
Cookies and Tracking
We use minimal cookies / local storage for:
- Essential authentication (session maintenance)
- Security (rate limiting / abuse prevention)
- Product analytics & A/B testing (PostHog) – pseudonymous event data only
You may block analytics via browser settings or script/cookie blockers; core functionality (logged-in use) requires essential cookies.
Cookie / Storage Categories
| Category | Examples | Purpose | EEA/UK Consent Basis |
|---|---|---|---|
| Essential | Session token, CSRF token, auth state | Log-in continuity, security | Not required (strictly necessary) |
| Security / Abuse | Rate limit token, temporary request counters | Protect service integrity | Legitimate interests (no consent) |
| Analytics & A/B Testing | PostHog distinct id (pseudonymous), experiment flag, variant key | Measure feature & copy performance; product improvement | Legitimate interests; disabled if user opts out where consent required |
| Conversion Tracking | Event name (signup, credit_purchase), timestamp, referrer, UTM params, campaign id | Attribute acquisitions; optimize spend | Legitimate interests / consent where national law requires |
| Email Engagement | Open pixel URL id, redirect link id | Aggregate engagement & deliverability | Legitimate interests (opt‑out via unsubscribe / image blocking) |
EEA/UK Cookie Note
Where local law treats analytics / conversion tracking as non-essential, we implement region-based gating or user opt-out preferences. We do not deploy third‑party retargeting scripts without a positive consent signal.
A/B Testing & Experimentation
We run controlled experiments (e.g., hero copy, button text, layout density, pricing disclosure order) using server-side variant assignment to avoid flicker and ensure consistent session experience. Data captured per event: variant key, anonymous or pseudonymous session identifier, event type (page_view, cta_click, signup_completed), timestamp, and basic attribution parameters (e.g., UTM campaign if present). We DO NOT: (a) record raw IP beyond transient transport; (b) store precise geolocation; (c) profile users across unrelated third‑party sites. Experiment analytics are aggregated to evaluate relative performance. Where regional rules require consent for non-essential analytics, collection is gated or suppressed.
Advertising & Conversion Tracking
We measure acquisition and conversion performance for marketing campaigns (e.g., Google Ads, Meta, LinkedIn, organic sources). Current data points captured at conversion or funnel events: UTM parameters, referrer domain, landing path, timestamp, event name (e.g., signup, analysis_created, upgrade_started), and pseudonymous session id. When enabled, client-side tags or server-to-server APIs may also receive hashed or truncated technical identifiers (such as IP region) strictly for deduplication and attribution. We do not enable behavioral retargeting or interest-based audience building without an explicit consent signal in jurisdictions that require it. Third‑party advertising scripts classified as non-essential are suppressed until consent (if applicable). We do not sell personal information.
Email Engagement Tracking
Digest and notification emails include a lightweight image pixel and redirect-based link tracking to measure opens, aggregate click-through rates, and anonymous engagement patterns. This supports: (a) improving content ordering and relevance, (b) deliverability monitoring, (c) abuse and bounce diagnostics. We do not embed cross‑site tracking beacons or attempt to fingerprint readers. You can reduce or block tracking by disabling remote images or unsubscribing from optional emails. Personalized behavioral modeling beyond aggregate metrics is not performed without updating this policy and—where required—obtaining consent.
User Choices & Controls
You can:
- Adjust browser / extension settings to block non-essential scripts.
- Unsubscribe from optional emails via in‑mail link.
- Request access / deletion (see “Your Rights”).
- Contact us to request a DPA (business customers) or clarification on experiment / tracking scope.
International Users
Infrastructure may process data in the United States or other regions where our providers operate. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.
International Transfers & Safeguards
Where personal data is transferred outside the EEA/UK to a country without an adequacy decision, we implement Standard Contractual Clauses (SCCs) or equivalent safeguards with our processors and conduct risk reviews.
Data Processing Addendum (DPA)
If you are a business customer requiring a DPA for compliance purposes, contact us at admin@vidsgenius.com and we will provide a signed DPA incorporating the SCCs where applicable.
Children's Privacy
Our Service is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify users of significant changes via email or through our Service.
Contact Us
For questions about this Privacy Policy or your data, contact us at:
- Email: admin@vidsgenius.com
- Address: 58-12 Queens Blvd, Suite 2, #1034, Queens, NY 11377, USA
This policy complies with GDPR, CCPA, and YouTube API Terms of Service requirements.
Not Affiliated: VidsGenius is an independent platform and is not affiliated with, endorsed by, or sponsored by YouTube or Google.