Back

Privacy Policy

Türkçe

Privacy Policy

1) Data Controller and Contact

Data controller: AUTOTUBE.VIP LTD
Company number: 17136127
Registered office: 83 St. Marks Road, Enfield, England, EN1 1BJ
Email: info@autotube.vip
Phone: +44 7783 905391

2) Data Categories Processed

  • Account data: name, email, profile information, and login records
  • Product usage: channel, video, text content, preferences, and settings
  • Payment data: plan, invoice records, payment results, and subscription status
  • Technical data: IP, device, session, and security logs

3) Processing Purposes

  • To create accounts, provide the service, and offer support
  • To process payments, subscriptions, and invoicing
  • To ensure security, prevent abuse, and maintain system logs
  • To conduct analytics and marketing measurements with explicit consent

4) Retention Period

Account and invoice records are retained for as long as necessary for legal obligations and service provision. Security and system logs are kept for reasonable operational periods and deleted or anonymized when required.

5) Data Transfers and Subprocessors

The following providers or category providers may be used to deliver the service:

  • Stripe (payment and subscription processing)
  • Google (OAuth, YouTube connections, and related services)
  • OpenAI and other AI providers (content production workflows)
  • Email and notification providers
  • S3 or MinIO-compatible storage services

6) Cookies

Essential cookies are required for the service to function. Analytics cookies are only activated based on user preference. Cookie preferences can be managed via banner or preference interface.

7) User Rights

For access, correction, deletion, objection to processing, and other applicable data protection rights, please contact us at info@autotube.vip or +44 7783 905391.

8) Payment Note

Card information is not stored on AutoTube.Vip servers. Payment and subscription processing is handled by Stripe.

For cancellation and refund processes, please see the Refund & Cancellation Policy page.

9) Google OAuth Scopes

AutoTube requests the following Google OAuth scopes for sign-in and YouTube channel connection. Each scope has been selected under the minimum necessary principle: there is no lower-privileged alternative that can deliver the same user-facing capability.

Scope (OAuth)API endpoint / methodWhy it is necessary (purpose)Data minimization
openidOIDC token (id_token.sub)Google's stable per-user ID. Required for user matching and account merging; no lower-privilege alternative exists.Only the opaque sub is read; no profile/email.
emailid_token.email, id_token.email_verifiedAccount matching, password reset, verified-email signup.Only the verified email is used; never shared externally.
profileid_token.name, id_token.picture, id_token.localeDisplay the member's name and avatar inside the dashboard.Display-only; never transferred to third parties.
userinfo.emailoauth2/v2/userinfo (email)Email confirmation in the YouTube-connect popup (a flow that is separate from sign-in). Returns the same data as openid email; we request only one path.Only the member's own email is fetched.
userinfo.profileoauth2/v2/userinfo (name, picture)Render the member's name and avatar on the channel card after YouTube connect.Display-only; never transferred to third parties.
youtube.readonlyyoutube/v3/channels.list (id, snippet, statistics, brandingSettings), videos.listRefresh the connected channel's snippet/title/thumbnail/subscriber/view counts after sign-in and after YouTube connect.Read-only; no writes. Only the member's own channel.
yt-analytics.readonlyyoutubeanalytics.googleapis.com/v2/reportsDisplay the member's own channel performance metrics (watch time, CTR, estimatedMinutesWatched, averageViewDuration, subscribersGained, estimatedRevenue) in the Analytics dashboard. YouTube Data API v3 (youtube.readonly) does not expose these metrics; it only returns surface-level statistics such as subscriber/view counts. YouTube Analytics API v2 plus yt-analytics.readonly is therefore required; no lower-privilege alternative exists.Read-only; only the member's own channel. No writes, no third-party channel access.
youtube (admin branding write)youtube/v3/channels.update?part=brandingSettingsAdmin-only path: update channel description from the admin panel. Performed using the connect-popup token's youtube.force-ssl scope (the sign-in token no longer requests the full youtube scope).Triggered only by admin; not requested from the member during sign-in.
youtube.uploadupload/youtube/v3/videos.insert, upload/youtube/v3/thumbnails.setLet the member upload videos and custom thumbnails to their own channel from inside AutoTube. No lower-privilege alternative exists; insert requires write.Only media submitted by the member through AutoTube is uploaded; no writes to third-party channels.
youtube.force-sslyoutube/v3/commentThreads.insert, commentThreads.listLet the member post and reply to comments on their own videos, and read community comments. No lower-privilege alternative exists.Only comments on the member's own videos; no writes to third-party channels.
userinfo.profileoauth2/v2/userinfo (name, picture)Render the member's name and avatar on the channel card after YouTube connect. The Connect popup explicitly requests this userinfo scope; sign-in already covers openid profile.Display-only; never transferred.

These scopes are used exclusively on the user's own YouTube channel; we never access third-party channels. The following scopes are intentionally not requested: youtubepartner (YPP partner APIs), yt-analytics-monetary.readonly (revenue/earnings data), youtube.channel-memberships (memberships/super-chat data).

Access and refresh tokens are stored AES-256-encrypted at rest. The user can revoke the connection at any time from Settings or via Google Account > Third-party apps with account access. On revocation AutoTube deletes the associated tokens and the user's channel is set to DISCONNECTED; any AutoTube-side draft or scheduled publish for that channel is cancelled.

10) Data security and protection mechanisms

The confidentiality, integrity, and availability of member data are protected by the technical and organizational controls below. These controls are implemented to satisfy the "sensitive data protection" requirement of the Google OAuth verification review.

  • Encryption at rest: Google OAuth access and refresh tokens are stored encrypted in the database using AES-256-GCM (via lib/crypto.ts). The encryption key (USER_TOKEN_ENCRYPTION_KEY) is held in isolation in the application runtime and never appears in plaintext in database dumps.
  • Encryption in transit: All client–server communication is over HTTPS / TLS 1.3. NextAuth cookies are set with Secure + HttpOnly + SameSite=Lax. Communication between internal services (web, worker, db, redis, storage) is also TLS-encrypted or isolated on private network segments.
  • Authorization and access control: Only authorized worker processes (BullMQ queues ai-worker and video-worker) call the YouTube and OpenAI APIs. Admin actions are gated by role=ADMIN and a granular permission matrix (lib/admin-permissions.ts). Regular members can only access their own userId's data.
  • Audit logging: All external API calls (Google, OpenAI, Stripe, Meta, TikTok) are recorded via lib/logger.ts as JSON-structured logs (request ID, user ID, video ID, timestamp, outcome). These logs are used for abuse detection and incident response.
  • Data retention and destruction: Encrypted tokens and channel metadata are stored while the membership is active. When the member calls DELETE /api/user/delete-account or revokes access from Google Account > Third-party apps, all associated PII and tokens are hard-deleted; rows are removed with DELETE statements (no soft-delete). Invoice records that must be retained for legal reasons live in a separate isolated table for the minimum period required and are purged automatically once the retention period expires.
  • Backup and disaster recovery: Periodic database backups are taken (scripts/backup-db.sh). Backups are protected by the same encryption standard. Restore operations are performed only by the authorized operations team.
  • Hosting region: Application servers and storage infrastructure are located in the European Union / EEA region. S3-compatible object storage is held in the eu-north-1 (Stockholm) region. Google API requests are served from Google's own regions; AutoTube does not transfer member data outside the EU/EEA.
  • GDPR / KVKK compliance: Data-controller contact details are listed in section 1. Members can exercise the rights of access, rectification, erasure, objection, and data portability by contacting info@autotube.vip; responses are provided within the statutory maximum periods (30 days under KVKK, 1 month under GDPR).

The effectiveness of these controls is verified through an internal security review at least once a year. In the event of a critical incident, affected members are notified within 72 hours.