Privacy Policy

Vidstew ("we", "us", "our") is operated by Camp Gagnon (insert legal entity here). You can reach us at privacy@vidstew.com.

• Account info — your Google account email, display name, and profile photo, supplied via Google sign-in.
• YouTube channel data — when you connect a channel, we pull public metadata (channel name, handle, thumbnail, recent uploads, view counts) via the YouTube Data API. We never request scopes that let us upload, edit, or delete content on your behalf.
• Content you create — projects, scripts, notes, packaging concepts, recording timestamps, QA notes, A/B test logs, performance insights, and any other text or files you save inside Vidstew.
• Billing info — handled entirely by Stripe. We never see your card number or CVV. We store your Stripe Customer ID and subscription status to gate paid features.
• Usage analytics — basic page views, feature interactions, and AI request counts to help us improve the product. No third-party analytics resold to advertisers.

• To run the Vidstew product and the features you signed up for.
• To process payments via Stripe.
• To send transactional emails (invites, billing receipts, project notifications). We use Resend as our delivery provider.
• To improve the product — debug issues, understand which features are useful, fix what isn't.
• To comply with legal obligations (tax records, lawful requests).

We do not sell your data. We do not share it with advertisers. We do not use your private project content to train any AI model.

When you use AI surfaces (Audience Fit, Packaging Analyzer, Topics fact-check, Audience Insights, Guest Suggester, Performance Insights, Brainstorm), we send the relevant context — your channel's public metadata + the project text you've authored — to our AI subprocessor. The subprocessor processes the request to produce the response and returns it to us. Per their terms, this data is not used to train their public models when accessed via the developer API as we use it.

Vidstew uses Google APIs to read public information about the YouTube channels you connect. Specifically:

• YouTube Data API v3 — read-only access to public channel metadata (channel name, handle, thumbnail, description, subscriber count, video count) and public uploads (titles, thumbnails, view counts, publish dates, durations). We never request scopes that allow us to upload, edit, delete, or modify content on your behalf.
• Google OAuth (sign-in) — your basic profile (name, email, photo) so you can sign into Vidstew with your Google account.

The data we receive from Google APIs is used only to power the Vidstew dashboard for you — to display your channel's baseline metrics, surface recent uploads in the planner, and ground the AI features in your channel's actual context. We don't share this data with third parties beyond the sub-processors listed in the next section, and we don't use it to train any AI model.

Limited Use disclosure:Vidstew's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Vidstew processes data — including data classified as sensitive under Google's OAuth verification policy (your YouTube channel data accessed via the YouTube Data API) — using the following technical and organisational measures.

6.1 Encryption in transit

All traffic to and from Vidstew is encrypted with TLS 1.2 or higher. HTTP requests are upgraded to HTTPS at the edge (Vercel) before reaching application servers. Connections to all sub-processors (Firebase, Google Gemini API, YouTube Data API, Stripe, Resend, Sentry) use TLS 1.2+ exclusively.

6.2 Encryption at rest

User content stored in Firestore is encrypted at rest with Google-managed keys (AES-256), inheriting Google Cloud's default encryption posture. Files in Cloud Storage (thumbnail uploads, audience-context screenshots, video review assets) are also encrypted with AES-256 at rest. Database backups (daily Firestore exports to a private GCS bucket) are encrypted with the same standard and retained for 30 days.

6.3 Authentication

We use Firebase Authentication with Google sign-in for all user accounts. We do not store passwords ourselves. Session tokens (Firebase ID tokens) are short-lived (1 hour) and refresh automatically. Sensitive admin actions verify the token server-side on every request.

6.4 Access controls

Reads and writes to user data are gated by Firebase Security Rules (Firestore + Cloud Storage). Per-channel data is locked to that channel's members; private user data is locked to the owning user's uid. All cross-customer aggregate operations go through admin endpoints that re-verify the caller's admin allowlist membership server-side. The Vidstew team has minimum-necessary access to production data — administrative access is restricted to a short, named allowlist enforced by code (lib/admin/auth.ts) and verified on every admin API request.

6.5 Sensitive scope handling (YouTube Data API)

The YouTube data we read is the public metadata exposed by the YouTube Data API v3 (channel name, handle, thumbnail, subscriber count, video count, public uploads with titles, thumbnails, view counts, durations, publish dates). We specifically do notrequest or hold any scope that allows write access (uploads, edits, deletions, channel modification). Channel data is stored against the connecting user's account, encrypted at rest, gated by Firestore rules so only the owning user and their explicitly invited channel members can read it.

Vidstew's use of YouTube data conforms to the Google API Services User Data Policy, including the Limited Use requirements:

• We only use the data to power user-facing Vidstew features — channel insights, audience-fit analysis, packaging analysis, performance baselines.
• We do notsell, transfer, or use the data for advertising, retargeting, or building a generalised user profile outside of the user's own Vidstew account.
• We do not use the data to train, improve, or fine-tune any AI / ML model — generalised or otherwise. Inputs to our AI subprocessor (Gemini API) are processed for a single response and not retained for training.
• Humans only access this data when (a) the user explicitly requests support or troubleshooting, (b) we're required to by applicable law, (c) it is necessary for security purposes (incident response), or (d) it is aggregated and de-identified for product analytics.

6.6 Sub-processor security posture

Sub-processors are selected partly on the strength of their security posture. Current sub-processors and their published compliance certifications:

• Google Cloud / Firebase — SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018.
• Google Gemini API — Google Cloud security posture; per-request data is not retained for model training.
• Vercel — SOC 2 Type II.
• Stripe — PCI DSS Level 1, SOC 1, SOC 2.
• Resend — SOC 2 Type II.
• Sentry — SOC 2 Type II (used for error-monitoring; PII is filtered before it reaches Sentry).

6.7 Monitoring & incident response

Application errors are monitored via Sentry; abnormal patterns trigger alerts to the Vidstew team. In the event of a security incident affecting personal data, we will notify affected users without undue delay and, where required by law (GDPR, UK GDPR, applicable US state laws), within 72 hours of becoming aware of the breach. We will additionally notify the relevant supervisory authority where required.

6.8 Data minimisation

We collect the minimum data required to operate the product. Google sign-in requests only basic profile fields (email, name, photo). Channel-connection requests only the YouTube read scope. We do not request access to your Google Drive, Gmail, Calendar, Contacts, or any other Google service.

6.9 Backups & restoration

Daily Firestore exports run to a private Google Cloud Storage bucket with a 30-day retention lifecycle. Cloud Storage objects are protected with object-versioning, also retained for 30 days, so accidental overwrite or deletion is recoverable. The backup runbook is documented internally (docs/backup-runbook.md) and exercised quarterly.

We use the following providers:

• Google Cloud / Firebase — authentication, database, file storage, hosting (data primarily processed in US regions).
• Google Gemini API — AI subprocessor for the surfaces listed in section 4.
• YouTube Data API v3 — public channel metadata lookups.
• Vercel — application hosting and edge routing.
• Stripe — payment processing and billing portal.
• Resend — transactional email delivery.
• MailerLite — newsletter (only if you opted in).
• Sentry — error monitoring (PII-scrubbed).
• PostHog — product analytics (only with explicit consent).

We retain your data while your account is active. When you delete your account from the Danger Zone in dashboard settings:

• Your profile is immediately marked deleted and you are signed out (soft-delete).
• A scheduled hard-purge job removes your profile, channels, projects, uploaded content, and YouTube channel snapshots from production within 30 days.
• Backups containing your data age out of the 30-day backup window naturally.
• Some records (Stripe invoices, tax-relevant billing records) may be retained for up to 7 years where required by law, stored in pseudonymised form where feasible.

You can also request manual deletion at any time by emailing privacy@vidstew.com from the address on your account; we honour requests within 30 days.

Depending on where you live (GDPR, CCPA, etc.), you may have the right to access, correct, export, or delete the data we hold about you, and to object to certain processing. Email privacy@vidstew.com and we'll respond within 30 days.

Vidstew uses cookies and similar storage to keep you signed in, remember your preferences, and track basic session state. We do not use third-party advertising cookies.

Vidstew is not intended for children under 13 (or 16 in the EU). We don't knowingly collect data from minors. If you believe a child has signed up, contact us and we'll delete the account.

We'll update this policy from time to time. When we make material changes, we'll email registered users and post a notice in the dashboard. The "Last updated" date at the top reflects the current revision.

Privacy questions: privacy@vidstew.com
General contact: hello@vidstew.com