Privacy Policy

Data We Collect

• Account Data: When you sign up via Google, we collect your email address and profile name.
• Preferences: We store your selection of "Curated Channels" and reading history.
• Information from YouTube: Revuw uses YouTube API Services. We access your Subscription List (to build your feed) and Video Metadata (titles, descriptions, transcripts). Important: We do not write to your YouTube account (we do not like, comment, or subscribe on your behalf).
• Analytics: We use Google Analytics, PostHog, and NightWatch to understand user behavior.
• Cookies: We use cookies for authentication (keeping you logged in) and performance monitoring.

How We Use Your Data

• To Provide the Service: Refreshing your subscription feed and generating daily Issues.
• AI Processing: Video transcripts are sent to Google Gemini for processing. This data is used solely to generate the summary and is not used to train Google's public models.

Google User Data Policy

Revuw's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. You can revoke Revuw's access to your data at any time via the Google Security Settings page (myaccount.google.com).

Data Retention

• User Data: Your account details and personal "liked" channel lists are retained only as long as your account is active. If you delete your account, this personal association is erased.
• System Data: The AI-generated "Issues" (text summaries, code blocks) are retained by Revuw indefinitely to improve the platform for all users, as they are not personally identifiable to you.

Third-Party Processors

We share specific data with these trusted providers:

• Google (YouTube/Gemini): For content ingestion and AI generation.
• PostHog / Google Analytics / NightWatch: For usage analytics.

Data Security and Protection Mechanisms

We utilize enterprise-grade infrastructure and standardized authentication protocols to protect your data.

• **A. Encryption Mechanisms**
• In Transit (HTTPS): All communication between your device and our servers (including our API) is encrypted using TLS 1.2+ (HTTPS). This security is enforced at the infrastructure level via Laravel Cloud.
• At Rest (Database): Our databases are hosted on secure, managed infrastructure that enforces SSL connections for all data interactions. Sensitive data volumes are encrypted at the storage level.
• OAuth Token Security: We use the industry-standard Laravel Socialite library to handle Google authentication. This ensures strict adherence to OAuth 2.0 protocols. We do not store your Google password.
• **B. Access Control & Authentication**
• Strict OAuth Implementation: Access to your account is governed solely by Google's secure authentication tokens. We do not maintain separate, insecure password databases.
• Infrastructure Security: Our servers are protected by ephemeral environments and restricted network policies provided by our cloud platform, ensuring no unauthorized public access to our databases.
• **C. Breach Notification**
• In the event of a security breach affecting your personal data, we will notify you and the relevant authorities within 72 hours, in compliance with UK GDPR and Google's Data Protection requirements.

Your Rights (UK/GDPR)

You have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Withdraw consent at any time (by disconnecting your Google Account).

Contact

To exercise your rights, contact: [email protected]

Changes to This Policy

We may update this policy periodically. Significant changes will be notified via email or a prominent notice on the dashboard.