Last updated May 10, 2026

Privacy Policy

How we collect, use, and protect your data. No dark patterns, no fine-print traps β€” just plain-English commitments.

Encrypted everywhere
TLS 1.3 in transit, AES-256 at rest
Never trained on your content
Your scripts, channels, and prompts stay yours
You're in control
Export, edit, or delete your data anytime
GDPR + CCPA compliant
Full data rights for EU and California residents

Effective Date: May 10, 2026 Β· Version 3.7 Β· GDPR + CCPA + LGPD aligned

1. Introduction

This Privacy Policy explains how YTForge Inc. ("YTForge", "we", "us") collects, uses, shares, and protects your personal information when you use our website, applications, APIs, and related services (collectively, the "Service"). It applies to all users worldwide, with additional rights for residents of the European Economic Area (EEA), United Kingdom, California, Brazil, and other jurisdictions with comprehensive data-protection laws.

We've written this in plain English. If anything is unclear, email privacy@ytforge.app and we'll explain.

2. Data We Collect

You provide directly

  • Account data: name, email, password (hashed), profile photo, billing address
  • Payment data: processed by Stripe β€” we never store full card numbers, only the last 4 digits and expiration
  • Content you submit: channel URLs, prompts, scripts, transcripts, uploaded images, and any other inputs to AI tools
  • Newsletter sign-ups: the email address you enter in the footer newsletter form when you subscribe to the weekly creator newsletter
  • Communications: support tickets, survey responses, community forum posts

Collected automatically

  • Usage data: pages visited, features used, generation counts, click events, error logs
  • Device data: IP address, browser type, OS, screen resolution, timezone, language
  • Performance data: page load times, API latency, anonymized error stack traces

From third parties

  • OAuth providers: if you sign in with Google or Apple, we receive your email and name from them
  • YouTube public data: publicly available channel metadata when you paste a URL into a tool
  • Payment processors: billing confirmation, dispute notifications, fraud signals

3. How We Use Your Data

We use your data only for the specific purposes below. We don't sell personal data, ever.

PurposeLegal Basis (GDPR)
Provide and operate the ServicePerformance of contract
Process payments and prevent fraudPerformance of contract / Legal obligation
Improve features and infrastructureLegitimate interests
Send service emails (security alerts, billing)Performance of contract
Send the weekly creator newsletter (opt-in only)Consent
Send marketing emails (opt-in only)Consent
Comply with legal obligationsLegal obligation
Defend against fraud and abuseLegitimate interests

5. AI Training & Your Content

This is the most important section, so we're saying it twice: we never train our public AI models on your private content. Your scripts, channel data, prompts, and outputs are processed solely to deliver the Service to you.

How we actually train models

Our AI models are trained on a curated dataset of 4.2 million publicly accessible viral YouTube videos, plus licensed datasets from third-party data partners. We never include private user content in training data, even in aggregated or anonymized form.

Optional opt-in research

From time to time we invite Pro and Enterprise customers to opt-in to research programs where their content may be used to improve specific features. Participation is voluntary, fully transparent, and revocable at any time. The default is always "no thanks."

Output ownership

You own the AI Output you generate. We don't claim any rights to it beyond what's necessary to operate the Service.

4. Newsletter & Marketing Email

When you enter your email in the footer "Creator Newsletter" form and click Subscribe, we save only your email address (lowercased, deduplicated) in a dedicated subscribers store. We use it for one purpose: sending the weekly Sunday newsletter containing viral case studies, algorithm updates, and creator tactics.

What we store

  • Email address β€” required to send the newsletter
  • Subscription status β€” subscribed or unsubscribed
  • Source β€” where you signed up (e.g. footer-newsletter), for our records
  • Timestamps β€” when you subscribed and last updated

We do not link your newsletter sign-up to a YTForge account unless you use the same email to register. We never share, rent, or sell the subscriber list.

Consent & unsubscribing

Subscribing is explicit consent to receive the weekly newsletter. You can withdraw consent at any time β€” every email includes a one-click unsubscribe link, and we process opt-outs immediately. You can also email privacy@ytforge.app with "Unsubscribe" in the subject line.

Retention

We keep your email for as long as you're subscribed, plus 30 days after you unsubscribe (to honor opt-outs across systems), then it's permanently deleted.

6. How We Share Data

We share data only with:

  • Service providers (sub-processors): AWS (hosting), Stripe (payments), Postmark (email), Sentry (error logs), Cloudflare (CDN/security), Datadog (monitoring). All bound by data-processing agreements.
  • Integrations you authorize: when you connect Slack, Notion, Zapier, etc., data flows only to those integrations per your settings
  • Legal authorities: when compelled by valid legal process, narrowly scoped to what's required
  • Business transfers: in the event of merger, acquisition, or asset sale (you'll be notified, with the right to delete your account)

A live list of sub-processors is published at ytforge.app/sub-processors.

7. Cookies & Tracking

We use a minimal cookie set:

  • Strictly necessary: session, CSRF, and load-balancing cookies β€” cannot be disabled
  • Functional: remembers your preferences (theme, language, last-used tool)
  • Analytics: first-party, anonymized β€” measures feature adoption (no cross-site tracking)
  • Marketing: only if you accept the cookie banner; powers retargeting on Google and Meta

Manage preferences anytime via the cookie banner at the bottom of any page.

8. Data Retention

Data CategoryRetention Period
Account data (active)For the life of your account
Account data (after deletion)Removed within 30 days
Generated outputsUntil you delete them, or 30 days after account closure
Billing records7 years (legal/tax requirement)
Server logs30 days, then aggregated/anonymized
Marketing dataUntil you unsubscribe + 30 days

9. Security Measures

YTForge is SOC 2 Type II certified, audited annually by an independent third party. Our security program includes:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication for all internal access
  • Principle of least privilege across all roles
  • Quarterly third-party penetration tests
  • 24/7 intrusion detection and incident response team
  • Encrypted, geo-redundant backups with 30-day point-in-time restore

If a security incident affects your data, we'll notify you within 72 hours of discovery as required by GDPR.

10. Your Privacy Rights

Depending on your jurisdiction, you have rights to:

  • Access: request a copy of all data we hold about you
  • Rectify: correct inaccurate or incomplete data
  • Delete: request erasure ("right to be forgotten")
  • Port: receive your data in a machine-readable format
  • Restrict / Object: limit certain processing activities
  • Withdraw consent: opt out of marketing or research participation
  • Lodge a complaint: with your local data-protection authority

Most rights can be exercised in one click via your account dashboard. Otherwise, email privacy@ytforge.app β€” we respond within 30 days, free of charge.

Do Not Sell My Personal Information: we don't sell personal data. California residents can confirm this by emailing privacy@ytforge.app.

11. International Data Transfers

YTForge is headquartered in the United States. If you're outside the U.S., your data may be transferred and processed there. For EEA/UK transfers, we rely on the Standard Contractual Clauses approved by the European Commission, plus supplementary measures (encryption, pseudonymization, transparency reports). EU-U.S. Data Privacy Framework certification is in progress.

12. Children's Privacy

YTForge is not intended for children under 13 (or 16 in the EEA). We don't knowingly collect data from minors. If you believe a child has provided personal data, contact us and we'll delete it immediately.

13. Changes to This Policy

We'll notify you of material changes via email and a banner on the Service at least 30 days before they take effect. Non-material changes (typo fixes, clarifications) take effect on publication. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact & Data Protection Officer

For privacy questions or to exercise your rights:

  • Privacy team: privacy@ytforge.app
  • Data Protection Officer: dpo@ytforge.app
  • EU Representative: EuroDataRep B.V., Stationsplein 45, Rotterdam, Netherlands
  • Mail: YTForge Inc., Attn: Privacy, 548 Market St #65512, San Francisco, CA 94104
The 30-second summary

We collect what we need to run the Service, store it encrypted, never sell it, never train our public models on it, and let you delete it anytime. Questions? privacy@ytforge.app.

Want to exercise a right?

Most actions are one click in your dashboard. Or email privacy@ytforge.app β€” we reply within 30 days, free.

Terms of Service