Legal

Privacy Policy

Last updated: April 10, 2026

YTGrowth is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights over it.

1. Data We Collect

When you connect your Google account we receive:

  • Google account email address, used to identify your account.
  • YouTube channel data, channel name, subscriber count, video list, view counts, and public metadata via the YouTube Data API.
  • YouTube Analytics data, impressions, CTR, watch time, and traffic source data via the YouTube Analytics API.
  • OAuth credentials, access and refresh tokens required to fetch your data. Stored encrypted in our database.
  • Usage data, which tools you run, token consumption, and timestamps.
  • Payment data, handled entirely by Lemon Squeezy. We only receive your plan type and Lemon Squeezy customer ID. We never store card details.

2. How We Use Your Data

  • To provide AI-powered analysis of your YouTube channel.
  • To enforce token limits and billing entitlements.
  • To send transactional emails (billing receipts, usage warnings). No marketing emails without consent.
  • To improve our AI using aggregated, anonymised patterns only, never your personal channel data.

3. Third-Party Services

  • Google / YouTube APIs, subject to Google's Privacy Policy and YouTube's Terms of Service.
  • Lemon Squeezy, our payment processor and Merchant of Record. Handles all payment data under their own privacy policy.
  • Anthropic (Claude API), we send anonymised channel data to generate AI insights. No personally identifiable information is included.

We do not sell your data to any third party, ever.

4. Google API Limited Use Disclosure

YTGrowth's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access scopes required to provide the Service and do not use your Google data to serve advertising or for any purpose beyond delivering the features described in this policy.

4a. OAuth Scopes We Request

When you sign in with Google, YTGrowth requests the following OAuth scopes. We request only what is necessary to provide the Service:

ScopeWhy we need it
openidConfirms your identity via Google Sign-In.
https://www.googleapis.com/auth/userinfo.emailRetrieves your email address to create and identify your YTGrowth account.
https://www.googleapis.com/auth/userinfo.profileRetrieves your name and profile picture to personalise your dashboard.
https://www.googleapis.com/auth/youtubeReads your YouTube channel data (videos, titles, descriptions, thumbnails) and allows updating video metadata (title, description, tags) when you use the SEO Studio editor.
https://www.googleapis.com/auth/yt-analytics.readonlyReads YouTube Analytics data (impressions, CTR, watch time, traffic sources) to power the growth insights on your dashboard. Read-only, we never modify analytics data.

You can revoke any of these permissions at any time via Google Account Permissions. Revoking access will disconnect your YouTube channel from YTGrowth.

5. Data Security & Protection Mechanisms

We take the following technical and organisational measures to protect your data, including sensitive information such as OAuth tokens and YouTube Analytics data:

  • Encryption in transit, all data transmitted between your browser, our servers, and third-party APIs is encrypted via TLS 1.2 or higher (HTTPS).
  • Encryption at rest, OAuth access tokens and refresh tokens are encrypted at rest in our database using AES-256 encryption. They are never stored or logged in plain text.
  • Minimal data retention, we store only the data required to operate the Service. YouTube Analytics data is fetched on-demand and not persisted beyond your session.
  • Access controls, access to the production database is restricted to authorised personnel only, using role-based access controls and strong authentication.
  • No third-party data sharing, your YouTube and analytics data is never sold, rented, or shared with third parties for advertising or any non-essential purpose.
  • Anthropic (Claude API), when generating AI insights, only anonymised channel metrics are sent. No personally identifiable information, OAuth tokens, or raw Analytics data is included in AI prompts.
  • Incident response, in the event of a data breach affecting your personal data, we will notify affected users in accordance with applicable data protection laws.

6. Your Rights

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (right to be forgotten).
  • Revoke Google OAuth access at any time via your Google account settings.

To exercise any of these rights, email [email protected].

7. Cookies

We use a single session cookie (ytg_session) to keep you logged in. We do not use advertising or tracking cookies.

8. Contact

Privacy questions? Email [email protected].