Effective Date: May 10, 2026 · Version 3.7 · GDPR + CCPA + LGPD aligned
1. Introduction
This Privacy Policy explains how YTForge Inc. ("YTForge", "we", "us") collects, uses, shares, and protects your personal information when you use our website, applications, APIs, and related services (collectively, the "Service"). It applies to all users worldwide, with additional rights for residents of the European Economic Area (EEA), United Kingdom, California, Brazil, and other jurisdictions with comprehensive data-protection laws.
We've written this in plain English. If anything is unclear, email privacy@ytforge.app and we'll explain.
2. Data We Collect
You provide directly
- Account data: name, email, password (hashed), profile photo, billing address
- Payment data: processed by Stripe — we never store full card numbers, only the last 4 digits and expiration
- Content you submit: channel URLs, prompts, scripts, transcripts, uploaded images, and any other inputs to AI tools
- Newsletter sign-ups: the email address you enter in the footer newsletter form when you subscribe to the weekly creator newsletter
- Communications: support tickets, survey responses, community forum posts
Collected automatically
- Usage data: pages visited, features used, generation counts, click events, error logs
- Device data: IP address, browser type, OS, screen resolution, timezone, language
- Performance data: page load times, API latency, anonymized error stack traces
From third parties
- OAuth providers: if you sign in with Google or Apple, we receive your email and name from them
- YouTube public data: publicly available channel metadata when you paste a URL into a tool
- Payment processors: billing confirmation, dispute notifications, fraud signals
3. How We Use Your Data
We use your data only for the specific purposes below. We don't sell personal data, ever.
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Performance of contract |
| Process payments and prevent fraud | Performance of contract / Legal obligation |
| Improve features and infrastructure | Legitimate interests |
| Send service emails (security alerts, billing) | Performance of contract |
| Send the weekly creator newsletter (opt-in only) | Consent |
| Send marketing emails (opt-in only) | Consent |
| Comply with legal obligations | Legal obligation |
| Defend against fraud and abuse | Legitimate interests |
5. AI Training & Your Content
This is the most important section, so we're saying it twice: we never train our public AI models on your private content. Your scripts, channel data, prompts, and outputs are processed solely to deliver the Service to you.
How we actually train models
Our AI models are trained on a curated dataset of 4.2 million publicly accessible viral YouTube videos, plus licensed datasets from third-party data partners. We never include private user content in training data, even in aggregated or anonymized form.
Optional opt-in research
From time to time we invite Pro and Enterprise customers to opt-in to research programs where their content may be used to improve specific features. Participation is voluntary, fully transparent, and revocable at any time. The default is always "no thanks."
Output ownership
You own the AI Output you generate. We don't claim any rights to it beyond what's necessary to operate the Service.
4. Newsletter & Marketing Email
When you enter your email in the footer "Creator Newsletter" form and click Subscribe, we save only your email address (lowercased, deduplicated) in a dedicated subscribers store. We use it for one purpose: sending the weekly Sunday newsletter containing viral case studies, algorithm updates, and creator tactics.
What we store
- Email address — required to send the newsletter
- Subscription status —
subscribedorunsubscribed - Source — where you signed up (e.g.
footer-newsletter), for our records - Timestamps — when you subscribed and last updated
We do not link your newsletter sign-up to a YTForge account unless you use the same email to register. We never share, rent, or sell the subscriber list.
Consent & unsubscribing
Subscribing is explicit consent to receive the weekly newsletter. You can withdraw consent at any time — every email includes a one-click unsubscribe link, and we process opt-outs immediately. You can also email privacy@ytforge.app with "Unsubscribe" in the subject line.
Retention
We keep your email for as long as you're subscribed, plus 30 days after you unsubscribe (to honor opt-outs across systems), then it's permanently deleted.
6. How We Share Data
We share data only with:
- Service providers (sub-processors): AWS (hosting), Stripe (payments), Postmark (email), Sentry (error logs), Cloudflare (CDN/security), Datadog (monitoring). All bound by data-processing agreements.
- Integrations you authorize: when you connect Slack, Notion, Zapier, etc., data flows only to those integrations per your settings
- Legal authorities: when compelled by valid legal process, narrowly scoped to what's required
- Business transfers: in the event of merger, acquisition, or asset sale (you'll be notified, with the right to delete your account)
A live list of sub-processors is published at ytforge.app/sub-processors.
7. Cookies & Tracking
We use a minimal cookie set:
- Strictly necessary: session, CSRF, and load-balancing cookies — cannot be disabled
- Functional: remembers your preferences (theme, language, last-used tool)
- Analytics: first-party, anonymized — measures feature adoption (no cross-site tracking)
- Marketing: only if you accept the cookie banner; powers retargeting on Google and Meta
Manage preferences anytime via the cookie banner at the bottom of any page.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (active) | For the life of your account |
| Account data (after deletion) | Removed within 30 days |
| Generated outputs | Until you delete them, or 30 days after account closure |
| Billing records | 7 years (legal/tax requirement) |
| Server logs | 30 days, then aggregated/anonymized |
| Marketing data | Until you unsubscribe + 30 days |
9. Security Measures
YTForge is SOC 2 Type II certified, audited annually by an independent third party. Our security program includes:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication for all internal access
- Principle of least privilege across all roles
- Quarterly third-party penetration tests
- 24/7 intrusion detection and incident response team
- Encrypted, geo-redundant backups with 30-day point-in-time restore
If a security incident affects your data, we'll notify you within 72 hours of discovery as required by GDPR.
10. Your Privacy Rights
Depending on your jurisdiction, you have rights to:
- Access: request a copy of all data we hold about you
- Rectify: correct inaccurate or incomplete data
- Delete: request erasure ("right to be forgotten")
- Port: receive your data in a machine-readable format
- Restrict / Object: limit certain processing activities
- Withdraw consent: opt out of marketing or research participation
- Lodge a complaint: with your local data-protection authority
Most rights can be exercised in one click via your account dashboard. Otherwise, email privacy@ytforge.app — we respond within 30 days, free of charge.
Do Not Sell My Personal Information: we don't sell personal data. California residents can confirm this by emailing privacy@ytforge.app.
11. International Data Transfers
YTForge is headquartered in the United States. If you're outside the U.S., your data may be transferred and processed there. For EEA/UK transfers, we rely on the Standard Contractual Clauses approved by the European Commission, plus supplementary measures (encryption, pseudonymization, transparency reports). EU-U.S. Data Privacy Framework certification is in progress.
12. Children's Privacy
YTForge is not intended for children under 13 (or 16 in the EEA). We don't knowingly collect data from minors. If you believe a child has provided personal data, contact us and we'll delete it immediately.
13. Changes to This Policy
We'll notify you of material changes via email and a banner on the Service at least 30 days before they take effect. Non-material changes (typo fixes, clarifications) take effect on publication. The "Last updated" date at the top of this page reflects the most recent revision.
14. Contact & Data Protection Officer
For privacy questions or to exercise your rights:
- Privacy team: privacy@ytforge.app
- Data Protection Officer: dpo@ytforge.app
- EU Representative: EuroDataRep B.V., Stationsplein 45, Rotterdam, Netherlands
- Mail: YTForge Inc., Attn: Privacy, 548 Market St #65512, San Francisco, CA 94104
We collect what we need to run the Service, store it encrypted, never sell it, never train our public models on it, and let you delete it anytime. Questions? privacy@ytforge.app.