GDPR Compliance Policy
How we comply with the General Data Protection Regulation (GDPR) and protect your personal data.
Your Data Protection Rights
Under GDPR, you have specific rights regarding your personal data. We are committed to upholding these rights.
Introduction
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to organizations that process personal data of individuals within the European Union (EU). TubeAnalytics is committed to complying with GDPR and ensuring the protection of your personal data.
Your Rights Under GDPR
1. Right to Access
You have the right to request access to your personal data and obtain information about how we process it. This includes:
- The categories of personal data we hold about you
- The purposes of processing
- The recipients or categories of recipients
- The retention period or criteria for determining retention
- The source of the data (if not collected directly from you)
2. Right to Rectification
You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your account information at any time through your profile settings.
3. Right to Erasure ("Right to be Forgotten")
You have the right to request the deletion of your personal data when:
- The data is no longer necessary for the purpose it was collected
- You withdraw your consent (where processing was based on consent)
- The personal data has been unlawfully processed
- The personal data must be erased to comply with a legal obligation
4. Right to Restriction of Processing
You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful.
5. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
6. Right to Object
You have the right to object to processing based on legitimate interests or public interest processing. We will stop processing unless we have compelling legitimate grounds.
7. Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not make automated decisions that significantly impact users.
Data We Collect
We collect and process the following categories of personal data:
Account Data
Email, name, profile picture from Google OAuth
YouTube Data
Channel information, video analytics, audience data
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services
- Consent: Where you have given explicit consent
- Legitimate Interest: For security, fraud prevention, and service improvement
- Legal Obligation: Where required by applicable law
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which we collected it:
- Account Data: Retained while account is active, deleted within 30 days of account closure
- Analytics Data: Retained according to your subscription plan (90 days to 5 years)
- Log Data: Retained for 12 months for security and analytics purposes
- Marketing Data: Retained until consent is withdrawn
International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional security measures for data protection
Our primary data centers are located in the United States, which has an adequacy decision from the EU Commission.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this policy. If you have any questions about this GDPR policy or how we handle your personal data, please contact us.
Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Update your account settings in your dashboard
- Use the data export feature in your account
- Contact our support team
- Email us directly
We will respond to your request within one month. In certain circumstances, this period may be extended by up to two additional months.
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact the Data Protection Authority in your country of residence.
Changes to This Policy
We may update this GDPR policy from time to time. Any changes will be posted on this page with an updated revision date. We will notify you of any material changes via email or in-app notification.
Last updated: March 28, 2026
Frequently Asked Questions
How do I export my data?
You can export all your data at any time from your account settings. Navigate to Settings → Data Management → Export Data to download a complete copy of your analytics data in JSON or CSV format. The export includes all channel data, video metrics, audience insights, and report configurations. Processing typically completes within 24 hours, and you'll receive an email notification when your export is ready for download.
Where is my data stored?
Your data is stored in secure data centers located in the United States, which has an adequacy decision from the EU Commission under GDPR. We also maintain backup facilities in European data centers for disaster recovery purposes. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Our infrastructure complies with SOC 2 Type II and ISO 27001 certifications.
How long does data deletion take?
Under GDPR, we must complete deletion requests within 30 days. Upon account closure or data deletion request, we delete all personal data within 30 days. This includes account information, analytics history, and any stored preferences. Some aggregated anonymized data may be retained for analytical purposes but cannot be linked to your identity. Once deletion is complete, you'll receive a confirmation email.
Can I request access to my personal data?
Yes, you have the right to access all personal data we hold about you. Use the data export feature in your account settings or contact our support team to request a data subject access request (DSAR). We'll provide a comprehensive report including all personal data, processing activities, and third-party sharing within 30 days. This service is free of charge for the first request each month.
Do you share my data with third parties?
We do not sell your personal data to third parties. We only share data with service providers who help us operate our platform (such as cloud hosting and support tools) and when required by law. All third-party processors are contractually bound by GDPR data processing agreements and can only use your data for the specific services they provide to us. You can review all third-party integrations in your account settings.
What happens to my data if I cancel my subscription?
Upon subscription cancellation, your account enters a grace period where you can reactivate. If you do not reactivate within 30 days, your account is closed and all personal data is deleted within 30 days of closure, in compliance with GDPR requirements. You can download your data before cancellation using the export feature. After deletion, data cannot be recovered. Analytics data beyond the retention period of your subscription tier is also deleted at this time.
How do I withdraw consent for data processing?
You can withdraw consent at any time through your account settings under Privacy Preferences. For marketing communications, use the unsubscribe link in any email. Withdrawal of consent does not affect processing that occurred before the withdrawal. If you withdraw consent for core service processing, we may no longer be able to provide our services, and your account may need to be closed. We'll explain any impacts before processing your withdrawal request.
Contact Us
If you have any questions about this GDPR policy or wish to exercise your data protection rights, please contact us: