Privacy Policy

Introduction

Short Shorts AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our service at shortshorts.ai.

Information We Collect

When you use Short Shorts AI, we collect:

• Account Information: When you sign in with Google, we collect your name, email address, and Google profile information.
• YouTube Channel Data: When you connect your YouTube account, we access your YouTube channel name, channel ID, channel thumbnail, and subscriber/view analytics. We use these solely to display your channel information and to upload short-form videos on your behalf.
• YouTube Analytics Data: We access view counts, watch time, likes, comments, and shares via the YouTube Analytics API. This data is used only to display your channel performance within the Short Shorts AI dashboard.
• OAuth Access Tokens: We store encrypted OAuth tokens (access token and refresh token) to authenticate API calls to YouTube on your behalf. These tokens are encrypted using AES-256-CBC before storage and are never transmitted to third parties.
• X (Twitter) Account Information: If you connect your X account, we collect your X username and display name, and store encrypted OAuth tokens to post videos on your behalf.
• Usage Data: We collect information about how you use our service, including videos processed and uploads scheduled, to improve our service.

How We Use Google User Data

Short Shorts AI's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we use Google user data only for the following purposes:

• YouTube Uploads: We use your YouTube OAuth credentials exclusively to upload short-form video clips to your YouTube channel on your behalf, using the youtube.upload scope.
• Channel Information: We use the youtube.readonly scope to read your channel name, ID, and thumbnail to display your account information in the dashboard.
• Analytics Display: We use the yt-analytics.readonly scope to read your channel analytics (views, watch time, likes, comments, shares) and display them in your dashboard. This data is never stored long-term or shared.
• Authentication: We use your Google account email address to identify your account. We do not use your Google data for advertising, market research, or any purpose unrelated to providing this service.

We do not use Google user data to serve advertisements, train AI models, sell to third parties, or for any purpose other than providing and improving the Short Shorts AI service.

How We Use Your Information

• To provide our video processing and automated distribution service
• To upload short-form video clips to your connected YouTube channel and X account on your behalf
• To authenticate your identity and manage your account session
• To communicate with you about your account and our services
• To ensure the security and integrity of our service

Data Storage and Security

We store your data using industry-standard security measures:

• OAuth token encryption: All OAuth access tokens and refresh tokens are encrypted with AES-256-CBC before being stored in our database. The encryption keys are never stored alongside the encrypted data.
• Database security: Your data is stored in Supabase (hosted on AWS in EU North 1 - Stockholm) with access restricted to authorized service accounts only.
• Session security: User sessions are managed via short-lived JWT tokens stored in httpOnly cookies, preventing client-side access.
• No video data in cloud storage: Video files are processed on secure worker machines and are not stored in cloud databases or object storage.

Data Sharing and Third Parties

We integrate with the following third-party services to provide our service:

• Google/YouTube API: We transmit video files and metadata to YouTube on your behalf when you use our upload feature. Google's privacy policy applies to data handled by YouTube.
• X (Twitter) API: We transmit video files and post text to X on your behalf. X's privacy policy applies to data handled by X.
• Supabase: We use Supabase for encrypted data storage and management. Supabase's privacy policy applies.

We do not sell, rent, or share your personal data or Google user data with any third parties for marketing, advertising, or any other commercial purpose.

Your Rights

You have the right to:

• Access your personal data held by us
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Revoke access to your YouTube account at any time via Google Account Permissions
• Revoke access to your X account at any time via X account settings
• Export your data via our data export feature

To request account deletion or a data export, contact us at privacy@shortshorts.ai. We will process your request within 30 days.

Data Retention

• Account data: Retained for as long as your account is active.
• OAuth tokens: Retained until you disconnect the platform or delete your account. Tokens are invalidated upon disconnection.
• Analytics data: YouTube analytics data is fetched live from the YouTube API on demand and is not stored long-term in our database.
• Video processing data: Metadata about processed clips (titles, timestamps) is retained for your account history. Video files themselves are deleted from our worker machines after upload is complete.
• Upon account deletion: All personal data, OAuth credentials, and account history are permanently deleted within 30 days of your request.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date below. Your continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: privacy@shortshorts.ai