Privacy Policy
Tube Responder — https://tuberesponder.com
Last updated: March 2026
Data Controller:
Tube Responder, Chemin des Artisans 17, 1616 Attalens, Switzerland
Email: contact@tuberesponder.com
1. Introduction
This Privacy Policy explains how Tube Responder ("we", "us", "our") collects, uses, and protects personal data when you use our service at tuberesponder.com.
We comply with:
- EU General Data Protection Regulation (GDPR)
- Swiss Federal Act on Data Protection (revFADP)
Google API Services User Data Policy: Tube Responder's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. Our Roles (Controller vs Processor)
We act as:
Data Controller for:
- Account data
- Billing data
- Usage and analytics data
Data Processor for:
- YouTube data processed on your behalf
3. Data We Collect
3.1 Account Data
- Email address
- Name
- Password (securely hashed — never stored in plain text)
- Preferences and settings
3.2 YouTube Data
When you connect your YouTube account, we access the following data via the YouTube Data API:
- Channel metadata (ID, name, URL) — read only
- Video metadata (titles, IDs, publish dates) — read only
- Comments and replies (text, author names, engagement metrics) — read and post on your behalf
- Public commenter information
⚠️ Comments may include personal data of third parties (your viewers). This data is processed strictly on your behalf. Tube Responder processes YouTube data strictly on behalf of the channel owner, who is responsible for ensuring lawful use of such data.
Scope of API access: To enable comment reply functionality, Tube Responder uses the youtube.force-ssl OAuth scope, which grants broader technical access than read-only. However, we strictly limit our use of this access to:
- Reading channel, video, and comment data
- Posting replies to comments only when explicitly triggered by the user
We do not and will never use this access to: modify or delete videos, delete comments posted by others, perform any automated or scheduled actions, or take any action not directly and explicitly initiated by the user within the Service.
3.3 AI Processing Data
- Comment content submitted for analysis
- Generated reply suggestions
- Sentiment analysis results
- Your tone profile configurations
AI processing is performed solely to provide features explicitly requested by the user within the Service. It is never used for advertising, profiling, or any purpose beyond the features you interact with.
Sentiment analysis is an AI-generated classification applied to comment text solely for organizational and response assistance purposes within Tube Responder. It does not represent or replace YouTube metrics, is not derived from YouTube analytics data, and is not displayed as a YouTube measurement.
3.4 Usage Data
- AI usage (tokens consumed, operations, models)
- Logs and diagnostics
- Feature usage
3.5 Billing Data
Handled by LemonSqueezy:
- Subscription status
- Customer identifiers
We do not store full payment details.
4. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Provide the service | Contract (Art. 6(1)(b)) |
| Authentication & account management | Contract |
| YouTube data processing | Contract |
| AI features | Contract |
| Billing & subscriptions | Contract |
| Security & fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement (analytics) | Legitimate interest |
| Marketing emails | Consent (Art. 6(1)(a)) |
5. How We Use Data
We use data to:
- Provide and operate the service
- Authenticate users and manage sessions
- Fetch and display your YouTube data
- Generate AI-powered reply suggestions
- Process payments and manage subscriptions
- Ensure security and prevent abuse
We do not use, retain, or share Google user data for any purpose other than providing and improving the Service's user-facing features. We do not use such data for advertising, profiling, or resale.
5.1 Anonymized Data
We may use anonymized and aggregated data for analytics and product improvement. Any anonymized data does not include personally identifiable information and cannot be used to identify individual users or commenters.
6. Data Retention
| Data Type | Retention |
|---|---|
| Account data | Until deletion + 30 days |
| YouTube data (any revocation or disconnection) | Any YouTube data cached on our servers automatically deleted within 7 calendar days |
| AI data | While account active + 30 days |
| Usage data | Up to 24 months |
| Logs | Up to 90 days |
| Billing data | Up to 10 years (Swiss legal requirement) |
We may anonymize data instead of deleting it where permitted by law.
7. YouTube Data & Your Responsibilities
You authorize us to process YouTube data on your behalf. You are responsible for ensuring your use complies with:
- YouTube Terms of Service
- YouTube API Services Terms of Service
- Applicable data protection laws with respect to your audience
We do not use YouTube data for any independent purpose beyond providing the service to you.
You may revoke our access to your YouTube account at any time via Google Account Security settings.
8. Third-Party Providers (Subprocessors)
All subprocessors only process data to provide their specific services and are contractually prohibited from using the data for any other purpose.
| Provider | Role | Location | Privacy Policy |
|---|---|---|---|
| Google / YouTube | API & data source | US | Link |
| Groq | AI processing | US | Link |
| LemonSqueezy | Payments | US | Link |
| Brevo | Email delivery | EU/US | Link |
| Vercel | Hosting | US | Link |
| MongoDB Atlas | Database | US | Link |
9. International Data Transfers
Data may be transferred outside the EU/Switzerland (including to the US). We rely on:
- Standard Contractual Clauses (SCCs) — EU Commission decision 2021/914
- Equivalent safeguards under Swiss law (revFADP / FDPIC guidance)
10. Cookies & Local Storage
We use strictly necessary cookies only:
- Authentication (NextAuth session cookies)
- Security (CSRF protection)
We do not use tracking, analytics, or marketing cookies.
We may use local storage to save your UI preferences (e.g., filters, display settings). This data stays in your browser and is not transmitted to our servers.
11. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Restrict processing
- Object to processing based on legitimate interest
- Portability — receive your data in a machine-readable format
- Withdraw consent at any time (e.g., for marketing emails)
To exercise any right, contact us at contact@tuberesponder.com. We will respond within 30 days.
You may also lodge a complaint with:
- Your local EU Data Protection Authority (DPA)
- The Swiss Federal Data Protection and Information Commissioner (FDPIC) — fdpic.ch
12. Data Security
We implement appropriate measures including:
- Password hashing (bcrypt or equivalent)
- Encryption of OAuth tokens at rest
- HTTPS/TLS for all data in transit
- Role-based access controls
No system is 100% secure. To report a security issue: contact@tuberesponder.com
13. Children
The service is intended for users aged 13 and older. We do not knowingly collect data from children under 13. If you believe we have inadvertently done so, please contact us immediately.
Users aged 13–16 in the EU may require parental consent under applicable national law.
14. YouTube API Compliance
Our use of YouTube data complies with the YouTube API Services Terms of Service and the Google API Services User Data Policy. In particular:
Access scope: Tube Responder uses the youtube.force-ssl OAuth scope. This scope is required to enable comment reply functionality. Although this scope grants broad technical capabilities, our actual use is strictly limited to reading channel, video, and comment data, and posting replies only upon explicit user action.
User control — no automation: Tube Responder is a decision-support tool, not an automation tool. Replies are posted to YouTube only when the user explicitly clicks the "Send" button. The Service does not automatically post, schedule, or bulk-send replies. Every action taken on YouTube is directly and intentionally initiated by the user.
Strict use limits — what we never do:
- We do not modify, delete, or take any action on videos
- We do not delete comments posted by other users
- We do not perform any background, automated, or scheduled posting
- We do not take any account-level actions outside of comment management
- We do not sell, share, or transfer YouTube data to third parties for any independent use
Deletion: We automatically detect access revocation and delete any YouTube data cached on our servers within a maximum of 7 calendar days, whether revoked within Tube Responder or via Google Account Security settings. This refers to data we have stored on our infrastructure — it does not affect content on YouTube itself.
Revocation: Users may revoke access at any time via Google Account Security settings.
15. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or via a notice on the site. Continued use of the service constitutes acceptance.
16. Contact
Questions or data requests: contact@tuberesponder.com