Privacy Policy

Effective Date: May 28, 2026

Last Updated: May 28, 2026

1. Introduction

SocialConductor ("we", "our", "us") provides AI automation services for YouTube channels via the YouTube Data API. We are committed to protecting your privacy and security.

2. Data We Collect

  • Channel Content: Comments, video titles, and descriptions (processed to generate context-aware AI replies).
  • Channel Information: Channel Name, ID, and public profile information.
  • Authentication Data: Secure OAuth tokens provided by Google.
  • Usage Data: Timestamps and interaction logs for debugging and billing.

3. How We Use Data

Data is processed solely for the purpose of generating automated AI responses via Google Vertex AI. We do not sell, trade, or transfer your data to third parties for advertising purposes.

4. Cookies, Device Storage & Tracking Technologies

SocialConductor stores, accesses, and collects information directly on and from users' devices using the following technologies:

  • Session Cookies: We place a secure, HTTP-only session cookie on your browser to maintain your authenticated login session. This cookie is required for the Service to function and is cleared when you sign out or when your session expires.
  • CSRF Token Cookies: A Cross-Site Request Forgery (CSRF) protection token is stored as a cookie to secure form submissions and API calls during your session.
  • Authentication State (Server-Side): Session state, including your encrypted YouTube OAuth tokens, is stored server-side in our PostgreSQL database and referenced via the session cookie. We do not store sensitive token data in browser-accessible storage such as localStorage or sessionStorage.
  • No Third-Party Advertising Cookies: We do not place, allow, or recognize third-party advertising or tracking cookies on your devices.

By using the Service, you consent to the placement of these strictly necessary cookies. You may disable cookies in your browser settings, but doing so will prevent you from logging in or using the Service.

5. YouTube API Data — Retention, Refresh & Deletion Schedule

As required by the YouTube API Services Developer Policies (Section III.E.4), the following schedule governs how we handle YouTube API data:

  • Comment & Activity Logs: Retained for a maximum of 30 days from the date of collection. Logs older than 30 days are automatically purged by a scheduled nightly database job.
  • AI Insight Cache: Analytics insight data derived from the YouTube API is cached and automatically refreshed every 12 hours (at 06:00 and 18:00 UTC) to ensure data freshness and minimize API quota consumption.
  • OAuth Access Tokens: Refreshed on-demand (automatically before each API call when the token has expired) using the stored refresh token. Tokens are never cached beyond the current request.
  • User-Initiated Deletion: You may delete all of your YouTube API data at any time by deleting your account from the Profile page or by submitting a request to [email protected]. Deletion is processed within 30 days.
  • Account Disconnection: If you revoke SocialConductor's access via your Google Account Permissions, we will delete all associated API data within 30 days of receiving notice of the revocation.

6. Security Measures

We implement industry-standard security measures designed to align with CASA Tier 2 standards, including:

  • End-to-end encryption (TLS 1.2+) of all data transmissions.
  • Secure OAuth token storage using Fernet symmetric encryption (AES-128-CBC + HMAC-SHA256) at rest in the database.
  • Regular security audits and vulnerability scanning.
  • HTTP-only, SameSite=Lax, Secure-flagged session cookies to prevent XSS and CSRF token theft.

7. Google API Services User Data Policy

SocialConductor's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8. Contact Us

For privacy-related questions, contact: [email protected]