TubeAnalytics GDPR Policy — Your Data Rights

Your Data Protection Rights

Under GDPR, you have specific rights regarding your personal data. We are committed to upholding these rights.

Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to organizations that process personal data of individuals within the European Union (EU). TubeAnalytics is committed to complying with GDPR and ensuring the protection of your personal data.

1. Right to Access

You have the right to request access to your personal data and obtain information about how we process it. This includes:

The categories of personal data we hold about you
The purposes of processing
The recipients or categories of recipients
The retention period or criteria for determining retention
The source of the data (if not collected directly from you)

2. Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your account information at any time through your profile settings.

3. Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data when:

The data is no longer necessary for the purpose it was collected
You withdraw your consent (where processing was based on consent)
The personal data has been unlawfully processed
The personal data must be erased to comply with a legal obligation

4. Right to Restriction of Processing

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful.

5. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

6. Right to Object

You have the right to object to processing based on legitimate interests or public interest processing. We will stop processing unless we have compelling legitimate grounds.

7. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not make automated decisions that significantly impact users.

Data We Collect

We collect and process the following categories of personal data:

Account Data

Email, name, and profile picture from Google OAuth.

YouTube Data

Channel information, video analytics, and audience data.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide our services
Consent: Where you have given explicit consent
Legitimate Interest: For security, fraud prevention, and service improvement
Legal Obligation: Where required by applicable law

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it:

Account Data: Retained while account is active, deleted within 30 days of account closure
Analytics Data: Retained according to your subscription plan (90 days to 5 years)
Log Data: Retained for 12 months for security and analytics purposes
Marketing Data: Retained until consent is withdrawn

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Additional security measures for data protection

Our primary data centers are located in the United States, which has an adequacy decision from the EU Commission.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this policy. If you have any questions about this GDPR policy or how we handle your personal data, please contact us.

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Update your account settings in your dashboard
Use the data export feature in your account
Contact our support team
Email us directly

We will respond to your request within one month. In certain circumstances, this period may be extended by up to two additional months.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact the Data Protection Authority in your country of residence.

Changes to This Policy

We may update this GDPR policy from time to time. Any changes will be posted on this page with an updated revision date. We will notify you of any material changes via email or in-app notification.

Last updated: March 28, 2026

Frequently Asked Questions

How do I export my data?

You can export all your data at any time from your account settings. Navigate to Settings → Data Management → Export Data to download a complete copy of your analytics data in JSON or CSV format. The export includes all channel data, video metrics, audience insights, and report configurations. Processing typically completes within 24 hours, and you'll receive an email notification when your export is ready for download.

Where is my data stored?

Your data is stored in secure data centers located in the United States, which has an adequacy decision from the EU Commission under GDPR. We also maintain backup facilities in European data centers for disaster recovery purposes. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Our infrastructure complies with SOC 2 Type II and ISO 27001 certifications.

How long does data deletion take?

Under GDPR, we must complete deletion requests within 30 days. Upon account closure or data deletion request, we delete all personal data within 30 days. This includes account information, analytics history, and any stored preferences. Some aggregated anonymized data may be retained for analytical purposes but cannot be linked to your identity. Once deletion is complete, you'll receive a confirmation email.

Can I request access to my personal data?

Yes, you have the right to access all personal data we hold about you. Use the data export feature in your account settings or contact our support team to request a data subject access request (DSAR). We'll provide a comprehensive report including all personal data, processing activities, and third-party sharing within 30 days. This service is free of charge for the first request each month.

Do you share my data with third parties?

We do not sell your personal data to third parties. We only share data with service providers who help us operate our platform (such as cloud hosting and support tools) and when required by law. All third-party processors are contractually bound by GDPR data processing agreements and can only use your data for the specific services they provide to us. You can review all third-party integrations in your account settings.

What happens to my data if I cancel my subscription?

Upon subscription cancellation, your account enters a grace period where you can reactivate. If you do not reactivate within 30 days, your account is closed and all personal data is deleted within 30 days of closure, in compliance with GDPR requirements. You can download your data before cancellation using the export feature. After deletion, data cannot be recovered. Analytics data beyond the retention period of your subscription tier is also deleted at this time.

How do I withdraw consent for data processing?

You can withdraw consent at any time through your account settings under Privacy Preferences. For marketing communications, use the unsubscribe link in any email. Withdrawal of consent does not affect processing that occurred before the withdrawal. If you withdraw consent for core service processing, we may no longer be able to provide our services, and your account may need to be closed. We'll explain any impacts before processing your withdrawal request.

Contact Us

If you have any questions about this GDPR policy or wish to exercise your data protection rights, please contact us:

Contact Support View Privacy Policy

GDPR Compliance Policy

Your Data Protection Rights

Introduction

Your Rights Under GDPR

1. Right to Access

2. Right to Rectification

3. Right to Erasure ("Right to be Forgotten")

4. Right to Restriction of Processing

5. Right to Data Portability

6. Right to Object

7. Rights Related to Automated Decision-Making

Data We Collect

Account Data

YouTube Data

Legal Basis for Processing

Data Retention

International Data Transfers

Data Protection Officer

Exercising Your Rights

Right to Lodge a Complaint

Changes to This Policy

Frequently Asked Questions

How do I export my data?

Where is my data stored?

How long does data deletion take?

Can I request access to my personal data?

Do you share my data with third parties?

What happens to my data if I cancel my subscription?

How do I withdraw consent for data processing?

Contact Us

GDPR Compliance Policy

Your Data Protection Rights

Introduction

Your Rights Under GDPR

1. Right to Access

2. Right to Rectification

3. Right to Erasure ("Right to be Forgotten")

4. Right to Restriction of Processing

5. Right to Data Portability

6. Right to Object

7. Rights Related to Automated Decision-Making

Data We Collect

Account Data

YouTube Data

Legal Basis for Processing

Data Retention

International Data Transfers

Data Protection Officer

Exercising Your Rights

Right to Lodge a Complaint

Changes to This Policy

Frequently Asked Questions

How do I export my data?

Where is my data stored?

How long does data deletion take?

Can I request access to my personal data?

Do you share my data with third parties?

What happens to my data if I cancel my subscription?

How do I withdraw consent for data processing?

Contact Us