Data controller: AUTOTUBE.VIP LTD
Company number: 17136127
Registered office: 83 St. Marks Road, Enfield, England, EN1 1BJ
Email: info@autotube.vip
Phone: +44 7783 905391
Account and invoice records are retained for as long as necessary for legal obligations and service provision. Security and system logs are kept for reasonable operational periods and deleted or anonymized when required.
The following providers or category providers may be used to deliver the service:
Essential cookies are required for the service to function. Analytics cookies are only activated based on user preference. Cookie preferences can be managed via banner or preference interface.
For access, correction, deletion, objection to processing, and other applicable data protection rights, please contact us at info@autotube.vip or +44 7783 905391.
Card information is not stored on AutoTube.Vip servers. Payment and subscription processing is handled by Stripe.
For cancellation and refund processes, please see the Refund & Cancellation Policy page.
AutoTube requests the following Google OAuth scopes for sign-in and YouTube channel connection. Each scope has been selected under the minimum necessary principle: there is no lower-privileged alternative that can deliver the same user-facing capability.
| Scope (OAuth) | API endpoint / method | Why it is necessary (purpose) | Data minimization |
|---|---|---|---|
openid | OIDC token (id_token.sub) | Google's stable per-user ID. Required for user matching and account merging; no lower-privilege alternative exists. | Only the opaque sub is read; no profile/email. |
email | id_token.email, id_token.email_verified | Account matching, password reset, verified-email signup. | Only the verified email is used; never shared externally. |
profile | id_token.name, id_token.picture, id_token.locale | Display the member's name and avatar inside the dashboard. | Display-only; never transferred to third parties. |
userinfo.email | oauth2/v2/userinfo (email) | Email confirmation in the YouTube-connect popup (a flow that is separate from sign-in). Returns the same data as openid email; we request only one path. | Only the member's own email is fetched. |
userinfo.profile | oauth2/v2/userinfo (name, picture) | Render the member's name and avatar on the channel card after YouTube connect. | Display-only; never transferred to third parties. |
youtube.readonly | youtube/v3/channels.list (id, snippet, statistics, brandingSettings), videos.list | Refresh the connected channel's snippet/title/thumbnail/subscriber/view counts after sign-in and after YouTube connect. | Read-only; no writes. Only the member's own channel. |
yt-analytics.readonly | youtubeanalytics.googleapis.com/v2/reports | Display the member's own channel performance metrics (watch time, CTR, estimatedMinutesWatched, averageViewDuration, subscribersGained, estimatedRevenue) in the Analytics dashboard. YouTube Data API v3 (youtube.readonly) does not expose these metrics; it only returns surface-level statistics such as subscriber/view counts. YouTube Analytics API v2 plus yt-analytics.readonly is therefore required; no lower-privilege alternative exists. | Read-only; only the member's own channel. No writes, no third-party channel access. |
youtube (admin branding write) | youtube/v3/channels.update?part=brandingSettings | Admin-only path: update channel description from the admin panel. Performed using the connect-popup token's youtube.force-ssl scope (the sign-in token no longer requests the full youtube scope). | Triggered only by admin; not requested from the member during sign-in. |
youtube.upload | upload/youtube/v3/videos.insert, upload/youtube/v3/thumbnails.set | Let the member upload videos and custom thumbnails to their own channel from inside AutoTube. No lower-privilege alternative exists; insert requires write. | Only media submitted by the member through AutoTube is uploaded; no writes to third-party channels. |
youtube.force-ssl | youtube/v3/commentThreads.insert, commentThreads.list | Let the member post and reply to comments on their own videos, and read community comments. No lower-privilege alternative exists. | Only comments on the member's own videos; no writes to third-party channels. |
userinfo.profile | oauth2/v2/userinfo (name, picture) | Render the member's name and avatar on the channel card after YouTube connect. The Connect popup explicitly requests this userinfo scope; sign-in already covers openid profile. | Display-only; never transferred. |
These scopes are used exclusively on the user's own YouTube channel; we never access third-party channels. The following scopes are intentionally not requested: youtubepartner (YPP partner APIs), yt-analytics-monetary.readonly (revenue/earnings data), youtube.channel-memberships (memberships/super-chat data).
Access and refresh tokens are stored AES-256-encrypted at rest. The user can revoke the connection at any time from Settings or via Google Account > Third-party apps with account access. On revocation AutoTube deletes the associated tokens and the user's channel is set to DISCONNECTED; any AutoTube-side draft or scheduled publish for that channel is cancelled.
The confidentiality, integrity, and availability of member data are protected by the technical and organizational controls below. These controls are implemented to satisfy the "sensitive data protection" requirement of the Google OAuth verification review.
lib/crypto.ts). The encryption key (USER_TOKEN_ENCRYPTION_KEY) is held in isolation in the application runtime and never appears in plaintext in database dumps.Secure + HttpOnly + SameSite=Lax. Communication between internal services (web, worker, db, redis, storage) is also TLS-encrypted or isolated on private network segments.ai-worker and video-worker) call the YouTube and OpenAI APIs. Admin actions are gated by role=ADMIN and a granular permission matrix (lib/admin-permissions.ts). Regular members can only access their own userId's data.lib/logger.ts as JSON-structured logs (request ID, user ID, video ID, timestamp, outcome). These logs are used for abuse detection and incident response.DELETE /api/user/delete-account or revokes access from Google Account > Third-party apps, all associated PII and tokens are hard-deleted; rows are removed with DELETE statements (no soft-delete). Invoice records that must be retained for legal reasons live in a separate isolated table for the minimum period required and are purged automatically once the retention period expires.scripts/backup-db.sh). Backups are protected by the same encryption standard. Restore operations are performed only by the authorized operations team.eu-north-1 (Stockholm) region. Google API requests are served from Google's own regions; AutoTube does not transfer member data outside the EU/EEA.The effectiveness of these controls is verified through an internal security review at least once a year. In the event of a critical incident, affected members are notified within 72 hours.