Privacy Policy

Last Updated: August 12, 2025

Ysum ("we", "us", "our") operates a website, APIs, and a browser extension that provide AI‑based summaries of video content with scoring and actionable insights (collectively, the "Service"). This Privacy Policy explains what we collect, how we use it, and your rights.

Scope. This Policy covers: ysum.app (and subdomains), our public APIs, and the Ysum Chrome extension.

1. Information We Collect

A. Information you provide

  • Account & Profile: email, display name (if provided).
  • Content & Usage Inputs: video URLs/IDs, prompts, tags/notes you choose to add, feedback forms, support requests.
  • Subscription & Billing (when enabled): handled by a third‑party payment processor (e.g., Stripe). We receive limited billing metadata (e.g., plan, status) but do not receive or store full card details.
  • Third‑party Login (optional, when enabled): identifiers from OAuth providers (e.g., email) to authenticate your account.

B. Information collected automatically

  • Service Logs: IP address, device/browser type, pages viewed, timestamps, referral URL, feature usage, error/diagnostic events.
  • Cookies & Local Storage (website): to keep you signed in, remember preferences, and measure basic usage.
  • Extension Storage: the Chrome extension uses chrome.storage.local to cache per‑video scores/metadata and your local settings. Cached scores may be kept up to 12 hours. The extension is designed to operate only on supported pages (e.g., youtube.com and ysum.app) and does not read your browsing history outside its declared scope.

C. Information from third parties

  • Payments: payment processors (e.g., Stripe) process your payment details and share limited billing metadata with us.
  • Auth/Database: identity and profile data via our authentication/database provider (e.g., Supabase) when you sign in.
  • AI Processing: prompts and relevant inputs are sent to our AI provider to generate summaries/scores.

2. How We Use Information (and GDPR Legal Bases)

  • Provide the Service (create/maintain your account, generate summaries/scores, respond to support) — Art. 6(1)(b) contract.
  • Maintain & improve the Service, prevent abuse, ensure security, and measure basic usage — Art. 6(1)(f) legitimate interests.
  • Communicate administrative notices, feature updates, and—where permitted—product news; you can opt out of marketing at any time — Art. 6(1)(f) legitimate interests / Art. 6(1)(a) consent (for marketing where required).
  • Process payments & subscriptionsArt. 6(1)(b) contract.
  • Comply with law and enforce our Terms — Art. 6(1)(c) legal obligation / Art. 6(1)(f) legitimate interests.

AI & Training. We store scores/metrics for service functionality. We do not use your content to train our own models. Our AI vendor(s) process your inputs to provide results; we configure vendor settings to prevent training on your data where contractually supported.

No Sale. We do not sell personal data.

3. Cookies & Similar Technologies

  • Website: cookies/local storage for sign‑in, preferences, and basic analytics.
  • Extension: uses chrome.storage.local for settings and short‑term score cache. You can control cookies through your browser settings; some features may not work without them.

4. Sharing & Disclosure

  • Service Providers acting under contract, such as hosting/CDN (e.g., Vercel), database/auth (e.g., Supabase), AI processing (e.g., OpenAI), payments (e.g., Stripe), and analytics.
  • Legal & Safety: if required by law or to protect rights, security, and integrity of the Service.
  • Business Transfers: in connection with a merger, acquisition, or asset sale. We require processors to protect data and use it only on our instructions.

5. International Data Transfers

We may transfer data outside your country (including outside the EEA/UK). Where we do, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and vendor certifications.

6. Data Retention

We keep personal data for as long as your account is active and as needed to provide the Service. After account closure, we aim to delete or anonymize within 24 months unless law requires longer. Security logs may be kept up to 12 months. The extension cache auto‑expires (typically within 12 hours).

7. Your Rights (EEA/UK & similar jurisdictions)

Subject to law, you can access, rectify, erase, restrict, object to processing, and port your data, and withdraw consent where processing is based on consent. To exercise rights, email brevladisuno@gmail.com. You may also lodge a complaint with your local supervisory authority.

8. Security

We use reasonable technical and organizational measures appropriate to the risk. No system is 100% secure; we cannot guarantee absolute security.

9. Children’s Privacy

The Service is not directed to children under 13 (or a higher age as required by local law). We do not knowingly collect personal data from children.

10. Third‑Party Links

Our Service may link to third‑party sites. Their privacy practices are governed by their own policies.

11. Changes to this Policy

We may update this Policy. We will post the updated version with a new "Last Updated" date. Material changes may also be communicated by email or in‑product notice.

12. Contact

Questions or requests: brevladisuno@gmail.com.