[INSERT LEGAL COMPANY NAME] ("we", "us", or "our") is committed to protecting your personal data and ensuring transparent compliance under global frameworks, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and the Children's Online Privacy Protection Act (COPPA).
1. Payment Processing and PCI-DSS Compliance
1.1 Zero Card Data Storage: TubeScope operates under a strict Zero Raw Storage configuration. We do not ingest, handle, view, or maintain your Primary Account Number (PAN), credit card expiration dates, or CVV/CVC codes on our infrastructure. All checkout procedures are processed through tokenized secure iFrame systems or sandboxed web widgets maintained directly by our PCI-DSS compliant processor, Airwallex.
2. Mandatory Google API Services Limited Use Disclosure
2.1 Google Data Compliance Affirmation: TubeScope's use and transfer to any other app of information received from Google APIs will strictly adhere to the Google API Services User Data Policy, including its stringent Limited Use requirements.
2.2 Data Isolation: User information or analytics profiles derived from the YouTube Data API are processed exclusively to compile your interactive dashboard reports. Under no circumstances will data obtained via Google API interfaces be transferred, sold, leased, or exposed to third-party data networks, advertising platforms, data brokers, or speculative information brokers.
3. Third-Party Infrastructure Transfers and Data Posture
We transmit specific processing assets to our vetted service partners to maintain core application features:
- OpenAI API Data Terms: Channel metrics and textual transcripts are processed via secure enterprise endpoints hosted by OpenAI (USA) to generate specialized reports (e.g., Content DNA analysis). Data sent via these endpoints is retained by OpenAI for a standard maximum window of thirty (30) days solely for abuse tracking and security audit purposes, after which it is permanently purged. This data is completely isolated and is never used to train machine learning models.
- Transactional Email Delivery: System verifications, invoice confirmations, and monitoring alerts are distributed via Resend Inc. (USA), which operates strictly as our authenticated transactional email API service partner.
- Automated Profiling (GDPR Article 22): TubeScope generates mathematical models and competitive grades based on the automated evaluation of public channel indices. These automated outputs are designed to provide operational data visibility and do not produce adverse legal consequences or alter your civil status. You maintain the right to request human intervention, submit your position, or challenge analytical baselines by messaging our team.
4. International Data Transfers and Fallback Frameworks
4.1 Cross-Border Transfer Mechanisms: TubeScope maintains a globally distributed server framework. Consequently, information collected from you may be processed and stored outside your home country, including within the United States. For data transfers targeting entities within the USA, we rely on the EU-U.S. Data Privacy Framework (DPF). Where the DPF is legally unavailable or under administrative review, the Company implements Standard Contractual Clauses (SCCs) ratified by the European Commission as our binding fallback framework to guarantee an identical posture of data security.
5. Structured Data Retention Matrix
| Information / Table Category | Retention Window | Automated Action / Trigger |
|---|---|---|
| Free Tier Analysis Records | 5 most recent records per profile | Celery cleanup daily at 03:30 UTC |
| Pro Tier Analysis Records | 30 calendar days | Celery cleanup daily at 03:30 UTC |
| Business Tier Analysis Records | 90 calendar days | Celery cleanup daily at 03:30 UTC |
| Parsed Video Identifiers | 90 calendar days | Celery cleanup daily at 03:00 UTC |
| Anomaly Scan Findings | 180 calendar days | Celery cleanup daily at 03:00 UTC |
| Verification Identifiers | 24 hours TTL | Celery cleanup daily at 04:00 UTC |
| Core Financial Billing Invoices | 7 years minimum | Retained permanently under corporate tax obligations |
6. Cookie Inventory
TubeScope utilizes local browser storage and HTTP session cookies exclusively to preserve core session states, authenticate Telegram logins, and run Airwallex fraud mitigation reviews. We do not deploy third-party advertising tracking scripts. Our inventory comprises:
- Essential Cookies: Deployed to preserve login sessions, shield endpoints from CSRF exploits, and validate transaction parameters inside the Airwallex checkout widget.
- Functional Cookies: Deployed to save your localized dashboard adjustments, dark/light theme choices, and preferred sorting filters.
7. Minor Safety Framework (COPPA & GDPR-K)
7.1 Age Verification Enforcement: TubeScope does not intentionally request, collect, or store personal identifiers from individuals under the age of 18 (or the standard threshold of minor age within your local jurisdiction). If we discover that a minor has circumvented onboarding filters and provided personal info, we will immediately execute hard deletions of that data profile from our active database partitions.
8. Your Statutory Rights and Legal Representation
8.1 GDPR and Regional Data Freedoms: Depending on your jurisdiction of residence, you possess clear rights to access, rectify, delete, restrict, port, or object to the processing of your personal data. You have the right to file an official grievance with a data protection supervisory authority if you believe our data processing operations breach regional statutes.
8.2 Legal Representation & Data Desk Contact:
- Data Protection Team Email: support@tubescope.app
- Article 27 EU Representative: [INSERT NAME/FIRM OF EU REPRESENTATIVE, ADDRESS, EMAIL]
- Article 27 UK Representative: [INSERT NAME/FIRM OF UK REPRESENTATIVE, ADDRESS, EMAIL]
9. California Privacy Rights (CCPA / CPRA Disclosure)
This section applies exclusively to residents of the State of California.
9.1 Categories of Data Collected and Shared: During the past 12 months, we have collected and shared for standard business processing purposes the following categories of personal information: Identifiers (emails, Telegram IDs, IP addresses), Commercial Information (billing histories via tokenized records), Internet/Network Activity (session timestamps, browser configurations), and Inferences (computed analytical trends).
9.2 No Sale or Sharing Attestation: TubeScope does not "sell" or "share" your personal information to third parties for cross-context behavioral advertising purposes under the definitions set by the CCPA/CPRA.
9.3 Consumer Rights Execution: California residents have the right to request access to specific categories of collected data, request hard deletions of personal data profiles, opt-out of potential commercial data parsing matrices, and remain entirely free from discriminatory service adjustments for exercising their privacy rights. To invoke your rights, submit a validated demand to our compliance desk at support@tubescope.app featuring the phrase "CCPA Rights Demand" in the header.
10. Information Collection and Lawful Bases
| Collected Category | Technical Items Included | GDPR Article 6 Lawful Basis |
|---|---|---|
| Account Records | Email address, Telegram handle, password hashes | Performance of Contract |
| Billing Indicators | Transaction timestamps, invoice histories, tokenized secure keys | Performance of Contract / Legal Obligation |
| Usage Metadata | IP addresses, browser variants, application entry timestamps | Legitimate Interests |
| User Inputs | Channel URLs, search tags, competitive niche parameters | Performance of Contract |
| Authentication Keys | Telegram User ID, init data encryption signatures | Performance of Contract |
11. Technical Security and Data Protection Measures
11.1 Enterprise Security Architecture: TubeScope implements advanced defensive measures to insulate user information from unauthorized access, loss, or leakage. All data transfers across the platform utilize TLS 1.3 encryption protocols in transit, and database backups are secured utilizing AES-256 standards at rest. Internal database servers are isolated within a private Virtual Private Cloud (VPC) with strict network access controls.
11.2 Statutory Data Breach Procedures: In the event of an infrastructure failure or unauthorized security intrusion that compromises user data, the Company pledges to fulfill its statutory commitments under global privacy laws. We will notify relevant data protection supervisory authorities and affected users within seventy-two (72) hours of confirming the breach event.