Sumdown

Privacy Policy

Last Updated: January 2025

Introduction

Sumdown is operated by browser s.r.o., Kvacalova 14, 821 08 Bratislava, Slovakia, European Union ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use sumdown.com and the Sumdown application (the "Service"). For EU users, we act as the data controller for your personal information. Contact: support@sumdown.com.

Information We Collect

Information You Provide: Account information (email address, name); optional profile details; payment information if you subscribe to a paid plan (processed by our payment provider); messages you send to support.

Information from Google: When you connect your Google account, we request read-only access via the youtube.readonly scope. This allows us to: view your YouTube subscriptions; access public channel metadata (names, thumbnails, descriptions); access video metadata (titles, thumbnails, durations, publish dates). We cannot and do not: post content on your behalf; modify your subscriptions or playlists; access private or unlisted videos; access your watch history; delete any of your content.

Information We Generate: AI-generated summaries of videos you request; usage data (which videos you've summarized, channels you follow); service logs for debugging and security.

Automatically Collected: Device information (browser type, operating system, device type); log data (IP address, access times, pages viewed, referring URL); essential cookies for authentication and preferences.

How We Use Your Information

We use your information to: create and manage your account (contract); display your YouTube subscriptions (contract); generate video summaries (contract); process payments (contract); send service-related communications (contract); respond to support requests (legitimate interest); improve and optimize the Service (legitimate interest); ensure security and prevent fraud (legitimate interest); comply with legal obligations (legal obligation).

Sumdown's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google data only to provide the features described in this policy; do not transfer it to third parties except as necessary to provide the Service; do not use it for advertising; do not use it to train AI/ML models beyond your personal use; allow you to revoke access at any time.

What We Do Not Do

We do not sell your data to third parties; do not share your data with advertisers; do not use your data for targeted advertising; do not store YouTube video content (only metadata and generated summaries); do not train general AI models on your personal data; do not access your YouTube watch history; do not access your private or unlisted videos; do not modify any of your YouTube data.

Data Storage and Security

Your data is stored on secure servers provided by Cloudflare (D1 for database, R2 for transcript and summary storage, Workers for application processing), located in the European Union and other regions. We implement encryption in transit (HTTPS/TLS); encryption at rest; access controls limited to authorized personnel; regular security audits; OAuth 2.0 for Google account connection.

Retention: Account information is kept until you delete your account; YouTube connection tokens until you disconnect or delete account; video summaries until you delete them or your account; support communications for 2 years after resolution; server logs for 90 days. When you delete your account, we permanently delete your data within 30 days, except where legally required to retain it.

Data Sharing

We do not sell your personal information. We share data only with service providers necessary to operate Sumdown: Cloudflare (hosting, CDN, database - all service data); Supadata (YouTube transcript retrieval - video IDs only); Google Gemini (AI summary generation - video transcripts, not linked to you); Polar (payment processing and Merchant of Record - handles all payment information and international tax compliance); Plunk (transactional emails - email address only). These providers are contractually obligated to protect your data and use it only for specified purposes.

We may disclose information if required to comply with legal obligations; protect our rights or property; prevent wrongdoing; protect personal safety of users or the public. If Sumdown is involved in a merger, acquisition, or sale of assets, your data may be transferred with prior notification.

Your Rights

All Users: Access (request a copy of your personal data); correction (update or correct inaccurate data); deletion (delete your account and associated data); portability (export your data in a standard format); withdraw consent (revoke Google access at any time).

EU/EEA Users (GDPR): Additionally: restriction (limit how we process your data); object (object to processing based on legitimate interest); complaint (lodge a complaint with your supervisory authority).

California Users (CCPA): Right to know what personal information we collect; request deletion; non-discrimination for exercising rights. We do not sell personal information as defined by the CCPA.

Exercising Your Rights

Delete Account: Log into Sumdown; go to Settings, then Account; click "Delete Account"; confirm. All data permanently deleted within 30 days.

Revoke Google Access: Visit Google Account Permissions; find "Sumdown"; click "Remove Access". This immediately revokes our access to your YouTube data.

Data Export: Log into Sumdown; go to Settings, then Privacy; click "Export My Data". You'll receive a download link within 24 hours.

For any privacy-related requests, email support@sumdown.com. Response time: within 30 days as required by GDPR.

Cookies

We use essential cookies: session (maintain login state, session duration); auth_token (authentication, 30 days); preferences (remember settings, 1 year). We do not use third-party advertising cookies; social media tracking pixels; cross-site analytics; fingerprinting techniques. You can control cookies through browser settings; disabling essential cookies will prevent Service use.

Additional Information

Children: Sumdown is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact support@sumdown.com.

International Transfers: If you are outside the EU, your data may be transferred to countries with different data protection laws. We ensure appropriate safeguards via Standard Contractual Clauses and data processing agreements with all service providers.

Changes: We may update this Privacy Policy. Material changes will be notified by posting on this page; updating the "Last Updated" date; email notification for significant changes.

Contact

browser s.r.o., Kvacalova 14, 821 08 Bratislava, Slovakia, European Union. Email: support@sumdown.com. For EU users, you may also contact your local data protection authority.