Privacy Policy

Last updated: 12 May 2026

This Privacy Policy describes how AllTranscripts ("we", "our", "the extension") collects, uses, and discloses information when you use our Chrome extension and the backend service at alltranscripts.app ("the Service").

1. Information we collect

1.1 Information you provide via Google sign-in

We use Google OAuth 2.0 to authenticate you. With your explicit consent, Google shares the following with us:

• Email address — used as your account identifier.
• Basic profile — your name and profile picture (used to display who is signed in inside the extension panel).
• Google account ID (sub claim) — stable identifier we use to link your activity and quota.

We request only the openid, email and profile scopes. We do not access your Gmail, Drive, YouTube history, watch later, subscriptions or any other Google service.

1.2 Information generated while you use the extension

• YouTube video URLs and IDs you open while the extension is active and request transcripts/summaries/audio for.
• Target language selected in the panel.
• Usage counters (number of transcripts, summaries, audio downloads) — used to enforce the free-tier quota and report your remaining quota in the UI.
• Server-side logs: request timestamps, IP address, user-agent, and error traces. Retained for up to 30 days for abuse prevention and debugging.

1.3 Information stored locally

The extension stores in your browser's localStorage and Chrome storage.local:

• your preferred target language;
• OAuth session tokens issued by Google (never sent to any third party other than Google and our backend);
• UI preferences (e.g. whether the subtitle overlay is enabled).

1.4 Information collected by our payment processor

Paid plans are processed by Paddle.com Market Limited ("Paddle"), our Merchant of Record. When you purchase a subscription, Paddle collects your billing details (name, billing address, country, payment method) directly. We do not receive or store your full payment card details. We receive from Paddle only: your email, country, subscription status, plan, renewal date, and a Paddle customer/subscription ID. See Paddle's Privacy Policy.

2. How we use information

• To provide the core service: fetch the audio of a YouTube video, transcribe it, translate it into your chosen language, generate AI summaries, and stream audio downloads.
• To authenticate you and bind quota to your account.
• To enforce the free-tier quota and process paid plans.
• To debug, secure, and improve the Service.
• To communicate service-critical messages (e.g. billing receipts, security notices). We do not send marketing email.

3. Sub-processors and third parties

We share the minimum information necessary with these processors:

• Google LLC — OAuth identity verification.
• YouTube / Google LLC — to fetch the public audio and metadata of videos you request (we do not log into your YouTube account; we fetch public data only).
• Paddle.com Market Limited — Merchant of Record for paid subscriptions (collects billing PII, handles VAT/sales tax).
• OpenAI, L.L.C. and/or other LLM providers — transcript text is sent for translation and summarization. Providers are configured to not use submitted data to train their models.
• Hosting provider (cloud infrastructure where our backend runs) — processes data in transit and at rest under standard data-processing terms.

We do not sell your personal information. We do not share it with advertisers. There is no advertising network embedded in the extension.

4. Data retention

• Account record (email, Google ID, quota counters): retained while your account is active. Deleted within 30 days of account deletion.
• Cached transcripts, summaries and audio artifacts: cached keyed by (video_id, language) to speed up repeat requests for everyone. Cache entries are evicted by TTL and watermark policy. They are not tied to a specific user's identity once produced.
• Server logs: 30 days.
• Billing records: retained by Paddle as required by tax law (typically 7–10 years).

5. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, etc.) you may have the right to:

• access the personal data we hold about you;
• correct inaccurate data;
• delete your account and associated data;
• export your data in a portable format;
• object to or restrict certain processing;
• lodge a complaint with your local data-protection authority.

Email privacy@alltranscripts.app to exercise any of these. We respond within 30 days.

6. Children

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

7. International transfers

The Service is operated from servers that may be located outside your country. By using the Service you consent to the transfer of your data to those jurisdictions. Where required, we rely on the appropriate transfer mechanisms (e.g. Standard Contractual Clauses).

8. Security

We use HTTPS for all traffic between the extension and our backend, hash and rotate session tokens, and apply principle-of-least-privilege to internal access. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

9. Changes to this policy

We will update this page when we change how we handle data. Material changes will be announced in the extension UI. Continued use of the Service after the effective date constitutes acceptance.

10. Data controller and contact

The data controller for the Service is Individual Entrepreneur Mikhnevich Vitaliy Leonidovich, established in Kazakhstan. Registered address available on request.

• Privacy / GDPR / CCPA requests: privacy@alltranscripts.app
• General questions: hello@alltranscripts.app

AllTranscripts is not affiliated with YouTube, Google LLC or Alphabet Inc.