Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account registration data: name, email address, profile photo (via Google Sign-In / OAuth).
• Subscription and billing information (processed via our payment processor; we do not store full card numbers).
• Support communications: messages you send us via email or in-app feedback.

1.2 Information from Third-Party Platforms

When you connect social media platforms (YouTube, Instagram, TikTok), we collect analytics data from those platforms via their official APIs, including:

• Channel/profile identifiers and usernames.
• Performance metrics: views, watch time, subscriber/follower counts, engagement rates, impressions.
• Content metadata: video/post titles, publish dates, duration, and thumbnails.
• Audience demographic data (aggregated, as provided by platform APIs).
• OAuth access and refresh tokens (stored encrypted; used solely to retrieve analytics on your behalf).

We access only the data scopes you explicitly authorize during the OAuth connection flow. We do not access direct messages, contact lists, or private content.

1.3 Automatically Collected Information

• Device information: device model, operating system, unique device identifiers, app version.
• Usage data: features accessed, session duration, error logs, crash reports.
• Firebase Analytics data (anonymized usage patterns and performance metrics).

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including syncing and displaying your analytics dashboards.
• Process transactions and manage your subscription.
• Authenticate your identity and maintain the security of your account.
• Communicate with you about your account, service updates, and support requests.
• Analyze usage patterns to improve the Service's features and performance.
• Detect, investigate, and prevent fraudulent transactions and other illegal activities.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your content creator analytics data for advertising targeting.

Legal Bases for Processing (GDPR)

• Performance of a contract: processing necessary to provide the Service you requested.
• Legitimate interests: fraud prevention, security, service improvement (where not overridden by your rights).
• Legal obligation: compliance with applicable laws.
• Consent: where explicitly obtained (e.g., optional communications).

3. How We Share Your Information

We do not sell your personal data. We may share information with:

Service Providers

We engage trusted third-party vendors to assist in operating the Service. These providers have access to personal data only as necessary to perform services on our behalf and are contractually obligated to maintain confidentiality. They include:

• Google Firebase (authentication, cloud storage, analytics).
• Payment processors (billing and subscription management).
• Cloud infrastructure providers (secure hosting and data storage).
• Error monitoring tools (crash reporting; data is anonymized where possible).

Legal Requirements

We may disclose your information if required to do so by law, regulation, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of our company, users, or the public.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or substantially all assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the app before your data is transferred and becomes subject to a different privacy policy.

4. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this Policy, unless a longer retention period is required by law.

• Account data: retained for the duration of your account plus 90 days after deletion, to allow for account recovery.
• Analytics data synced from third-party platforms: retained while your account is active. Disconnecting a platform removes its OAuth credentials; historical analytics may be retained for up to 12 months for trend analysis.
• Billing records: retained for 7 years as required by financial regulations.
• Usage logs: retained for up to 12 months for security and debugging purposes.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of sensitive data at rest (including OAuth tokens) using AES-256.
• Secure storage of authentication credentials via Firebase Authentication.
• Access controls limiting employee access to personal data on a need-to-know basis.
• Regular security assessments and vulnerability scanning.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We will notify affected users and authorities as required by applicable law in the event of a data breach.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Rights Under GDPR (EEA/UK Residents)

• Right of Access: obtain a copy of the personal data we hold about you.
• Right to Rectification: correct inaccurate or incomplete personal data.
• Right to Erasure ('Right to be Forgotten'): request deletion of your personal data under certain circumstances.
• Right to Restriction: request that we limit how we use your data in certain circumstances.
• Right to Data Portability: receive your data in a structured, machine-readable format.
• Right to Object: object to processing based on legitimate interests or for direct marketing.
• Rights related to automated decision-making and profiling.

To exercise these rights, contact our Data Protection Officer at the email below. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

Rights Under CCPA (California Residents)

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt-Out of Sale: we do not sell your personal information.
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

California residents may submit requests by contacting us at the email below. We will verify your identity before processing your request.

7. YouTube API Services

Statsessed uses YouTube API Services. By connecting your YouTube account, you agree to be bound by the YouTube Terms of Service in addition to this Privacy Policy.

Google's Privacy Policy applies to information collected by Google. You can revoke our access to your YouTube data at any time via the Google security settings page or through the platform disconnect feature in our app.

We use YouTube API data solely to display analytics within the Service. We do not use YouTube data for advertising, profiling, or resale to third parties.

8. Children's Privacy

Statsessed is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13 without parental consent, we will take steps to delete such information promptly.

If you believe we may have collected information from a child under 13, please contact us immediately at the address below.

9. International Data Transfers

We are based in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the European Economic Area (EEA) or United Kingdom to the United States, we rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) as lawful transfer mechanisms. A copy of the applicable SCCs can be provided upon request.

10. Cookies and Tracking Technologies

As a mobile application, we do not use traditional browser cookies. We do use the following tracking technologies:

• Firebase Analytics SDK: collects anonymized usage data to help us understand feature adoption and improve the Service. You can opt out via your device's privacy settings.
• Expo Secure Store: used to securely store authentication tokens locally on your device. This data does not leave your device.
• AsyncStorage: used to store non-sensitive preferences such as onboarding status and theme selection.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the 'Last Updated' date at the top of this Policy.
• Notify you via email (to the address associated with your account) at least 15 days before the changes take effect.
• Display a prominent notice within the app.

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance. If you do not agree to the revised Policy, please discontinue use and delete your account.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

We aim to respond to all privacy requests within 30 days. For complaints that we are unable to resolve, you have the right to escalate to the relevant data protection supervisory authority in your jurisdiction.