Privacy Policy

1. Introduction

TubeMind ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and web application (collectively, the "Service").

TubeMind is operated by a company based in France and is subject to the European Union's General Data Protection Regulation (GDPR). We are committed to ensuring that your privacy is protected and that we process your personal data lawfully, fairly, and transparently.

Data Controller:
TubeMind
Email: contact@tubemind.eu

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Email address: Required for account creation and communication
• Name: Optional, for personalization
• Profile picture: Optional, from OAuth provider
• OAuth tokens: When signing in with Google, we store authentication tokens

2.2 Usage Data

We automatically collect:

• Video analysis history: YouTube videos you analyze (video IDs, titles, thumbnails)
• Chat conversations: Your interactions with our AI assistant about videos
• Notes: Timestamped notes you create on videos
• Quiz results: Quizzes generated and your performance
• Tags: Tags you create to organize your content
• Session data: IP address and user agent for security purposes

2.3 Payment Information

We use Stripe as our payment processor. We do not store your credit card details. We only store:

• Stripe Customer ID: To link your payments to your account
• Subscription status: Your current plan and billing period
• Credit transactions: History of credit purchases and usage

3. How We Use Your Information

We use the collected information for:

• Service delivery: To provide AI-powered video summaries, chat, quizzes, and notes
• Account management: To manage your account and subscriptions
• Communication: To send important service updates and respond to inquiries
• Improvement: To improve our Service based on usage patterns
• Security: To detect and prevent fraud or unauthorized access

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contractual necessity: Processing required to provide the Service you requested (account, subscriptions, core features)
• Legitimate interest: Processing for security, fraud prevention, and service improvement
• Consent: For optional features like Notion integration
• Legal obligation: When required by law

5. Third-Party Services

We share data with the following third-party processors:

5.1 Google Gemini AI

We use Google's Gemini AI to process video transcripts and generate summaries, chat responses, and quizzes. Video transcript content is sent to Google's servers in the United States for AI processing.

Google Privacy Policy

5.2 Stripe

We use Stripe for payment processing. Stripe processes your payment information securely. Stripe is certified under the EU-US Data Privacy Framework.

Stripe Privacy Policy

5.3 Notion (Optional)

If you choose to enable Notion integration, we export your summaries, notes, and quiz results to your Notion workspace. This requires you to provide your Notion API key.

Notion Privacy Policy

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, by our third-party service providers (Google, Stripe).

These transfers are protected by:

• EU-US Data Privacy Framework: For providers certified under this framework
• Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
• Supplementary measures: Additional technical and organizational measures where necessary

7. Data Retention

We retain your personal data as follows:

• Account data: Until you delete your account
• Video analysis history: Until you delete specific items or your account
• Chat conversations: Until you delete them or your account
• Session data: Automatically deleted after session expiration (typically 7 days)
• Payment records: Retained as required by law (typically 10 years for tax purposes)

8. Your Rights Under GDPR

As an EU resident, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate personal data
• Right to erasure: Request deletion of your personal data
• Right to restriction: Request limitation of processing
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at contact@tubemind.eu. You can also export or delete your data directly from your account settings.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL.

9. Cookies and Browser Storage

We use cookies and browser storage for essential functionality:

• Session cookies: HTTP-only cookies for authentication (essential)
• Extension storage: Browser local storage for preferences and session tokens

We do not use tracking cookies or third-party analytics. For more details, see our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing
• HTTP-only, secure cookies
• Regular security updates
• Access controls and authentication

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we discover that a child under 16 has provided us with personal data, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our Service. Your continued use of the Service after such modifications constitutes your acceptance of the updated policy.