← ReadTube

Privacy Policy

Last updated: 2025-10-25

This Privacy Policy explains how ReadTube ("we", "our", or "us") collects, uses, and shares information when you use the ReadTube iOS application, the ReadTube share extension, our APIs, and related services (collectively, the "Service").

If you do not agree with this policy, please do not use the Service. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Note: ReadTube identifies devices rather than traditional user accounts. See “Device-based identification” below.

Scope

This policy covers information we process through:

  • The ReadTube iOS app and its share extension
  • Our backend APIs and background workers that process conversions
  • Our website and documentation (if and when applicable)

Device-based identification (no traditional accounts)

ReadTube uses a device identifier ("Device ID") to authenticate requests from your device to our backend. We do not require you to create a username/password. The Device ID is generated and stored on your device and is sent with requests. If you lose or reset your device, you may lose access to the conversion history associated with that Device ID.

Information we collect

We collect the following categories of information:

  1. Information you provide
    • URLs you submit for conversion (e.g., YouTube links)
    • Optional titles, notes, or settings you provide for a conversion
  2. Information collected automatically
    • Device ID used for authentication and device state
    • App telemetry necessary to operate the Service (e.g., response statuses)
    • Server logs (e.g., IP address, user agent, error logs)
    • Conversion artifacts generated by the Service (e.g., transcript, digest, slides)
  3. Information from third-party sources
    • Video metadata and transcripts retrieved via video-data providers, consistent with applicable terms

We do not intentionally collect sensitive categories of personal data.

How we use information

We use your information to:

  • Provide and operate the Service
  • Authenticate requests using Device ID
  • Store and deliver conversion artifacts (e.g., via secure URLs)
  • Maintain and improve performance, reliability, and security
  • Troubleshoot, debug, and prevent abuse
  • Comply with legal obligations

If we rely on your consent, we will request it separately.

AI/LLM processing

ReadTube may use third-party vendors, including large language models (LLMs), to transform text and generate outputs from content you submit. Where controls are available, we configure vendors to limit use of your data to providing the service to us, and we share only what is reasonably necessary to perform the requested function.

Generated Content: ownership and your license to use it

The Service produces conversion artifacts and other outputs from your inputs ("Generated Content," e.g., previews, transcripts, digests, slides). As between you and ReadTube, ReadTube owns the Generated Content. Subject to our Terms of Service and applicable third‑party rights, we grant you a worldwide, non‑exclusive, perpetual, irrevocable, royalty‑free, and sublicensable license to use, reproduce, modify, distribute, publicly display, and create derivative works of the Generated Content for any lawful purpose, including commercial use. See the Terms of Service for details, restrictions, and definitions.

De‑identified and aggregated use

We may de‑identify and/or aggregate information, including conversion artifacts generated by the Service (e.g., transcripts, digests, slides), and use such de‑identified or aggregated data for any lawful business purpose, such as improving and developing the Service, analytics, research, and quality assurance. We take steps to remove direct identifiers and avoid re‑identification. We will not publicly attribute de‑identified artifacts to you. We may reference the original source/channel where applicable.

Legal bases for processing (EEA/UK users)

Where the GDPR/UK GDPR applies, we process personal data under these legal bases:

  • Performance of a contract: To provide the Service you request
  • Legitimate interests: To secure, maintain, and improve the Service; to prevent fraud and misuse
  • Legal obligation: To comply with applicable laws and requests from authorities
  • Consent: For optional features such as analytics or marketing

Sharing and disclosures

We do not sell your personal information. We share information with service providers and other parties as needed to operate the Service, for example:

  • Hosting, storage, delivery, and operational support providers
  • Vendors that transform or generate outputs from submitted content
  • Video-data providers consistent with applicable terms
  • Payment processors (if purchases are offered). We do not receive or store your full payment card details.
  • Security, support, logging, or analytics providers (if enabled), subject to appropriate confidentiality obligations
  • Authorities or other parties when required by law or to protect rights, safety, and security

We may update or replace service providers over time. Where required by law, we will provide notice of material changes.

Data retention

We retain information only as long as reasonably necessary to provide the Service and for other legitimate and lawful purposes (such as security, fraud prevention, and legal compliance). We may delete or de‑identify information at our discretion when it is no longer needed.

  • Conversion artifacts: Kept to support your device’s history and downloads and may be deleted automatically after a period or when you delete them. Because ReadTube owns Generated Content (see above), deletion requests typically result in removal of association with your Device ID and/or de‑identification, rather than deletion of all copies of the Generated Content from our systems.
  • Device state and logs: Kept for a limited period for security and reliability, then deleted or de‑identified.
  • Account/payment records (if applicable): Kept as required by law.

You may request deletion of your data; see “Your rights & choices.” We may retain certain information as permitted or required by law (e.g., for security, fraud prevention, or compliance) and where deletion is not technically feasible.

Security

We implement technical and organizational measures to protect your information, including:

  • Transport encryption (HTTPS/TLS)
  • Access controls, least-privilege principles, and audit logging for infrastructure
  • Segregated storage of artifacts in object storage with time-limited, signed URLs for access
  • Queue-based background processing to avoid long-lived exposure of raw data

No system is 100% secure. If you suspect unauthorized access to your account or data, contact us immediately.

International data transfers

We may process and store information in countries different from where you reside (e.g., in the United States). Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses, and ensure our providers implement comparable protections.

Your rights & choices

Depending on where you live and subject to applicable law, you may have rights to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing
  • Port your data
  • Withdraw consent (where processing is based on consent)

Device-based identification: Because we do not use traditional accounts, requests to access or delete data generally require your Device ID (and, if requested, additional information) so we can locate data associated with your device. The app may include tools to delete local data; server‑side requests can be submitted to our privacy contact.

Verification and limitations: We will take reasonable steps to verify requests. We may deny or charge a reasonable fee for requests that are manifestly unfounded, repetitive, or excessive, as allowed by law. We may be unable to fulfill a request where we cannot reasonably verify your identity, where doing so would adversely affect the rights or freedoms of others, or where we are required or permitted by law to retain certain information. We will not discriminate against you for exercising your rights.

EEA/UK Supervisory Authority

You can lodge a complaint with your local data protection authority. We would appreciate the opportunity to address your concerns first.

Children’s privacy

The Service is not intended for children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take appropriate steps to delete it.

Do Not Track

We do not respond to Do Not Track (DNT) signals. We will update this policy if our position changes.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy with a new “Last updated” date. If changes materially affect your rights, we may provide additional notice in the app or via other appropriate channels.

Contact us

For questions or requests related to this policy (including privacy rights requests):

  • In-app: Use the “Send Feedback” option in the app