Privacy Policy

Last updated: 2026-01-17

This Privacy Policy describes how Devins ("we", "us", or "our") collects, uses, and shares information about you when you use our YTForge service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

• Company: Bartlomiej Filipiuk Devins
• Address: ul. Stacyjna 1, 53-613 Wroclaw, Poland
• NIP (Tax ID): 5961589901
• Email: filipiuk.bartek@gmail.com

2. Information We Collect

We collect information you provide directly to us, including:

• Account information: Name, email address, and profile picture obtained via Google OAuth
• YouTube URLs: Video URLs you submit for article generation
• Generated content: Articles created from your requests and their metadata
• Transaction data: Credit purchases, usage history, and payment information (processed by Stripe)
• Usage data: Log files, device information, and analytics data

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our article generation services
• Process your requests and manage your account
• Process payments and maintain transaction records
• Send you technical notices, updates, and support messages
• Monitor and analyze usage trends to improve user experience
• Detect, prevent, and address fraud and abuse

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract performance: To provide our services and fulfill our contractual obligations
• Legitimate interests: To improve our services, prevent fraud, and ensure security
• Consent: For analytics cookies and marketing communications (where applicable)
• Legal obligation: To comply with applicable laws and regulations

5. Third-Party Services

We share your information with the following third-party service providers:

• Google (OAuth): For user authentication. See Google Privacy Policy
• Stripe: For payment processing. See Stripe Privacy Policy
• Resend: For transactional emails. See Resend Privacy Policy
• Google Analytics: For website analytics (with your consent). See Google Privacy Policy

6. Data Retention

We retain your personal data for the following periods:

• Account data: Until you delete your account or request deletion
• Generated articles: Until you delete them or delete your account
• Transaction records: 7 years (required for tax/legal purposes)
• Analytics data: 26 months (Google Analytics default)
• Server logs: 90 days

7. Cookies and Tracking

We use cookies and similar technologies. You can manage your cookie preferences through our cookie consent banner (powered by Klaro). We use the following types of cookies:

• Essential cookies: Required for the website to function (authentication, security)
• Analytics cookies: Help us understand how visitors use our site (requires consent)

Essential cookies we use:

• payload-token: Authentication session token
• google-profile: Cached user profile information
• google_oauth_state: CSRF protection during OAuth login
• klaro: Cookie consent preferences

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, you can:

• Delete your account and all data from the Settings page
• Export your articles in various formats (JSON, Markdown, HTML)
• Contact us at filipiuk.bartek@gmail.com for other requests

You also have the right to lodge a complaint with your local data protection authority. In Poland, this is the UODO (Urzad Ochrony Danych Osobowych).

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

• HTTPS encryption for all data transmission
• Secure authentication via OAuth 2.0 with PKCE
• Encrypted database storage
• Regular security updates and monitoring

10. International Data Transfers

Some of our third-party service providers may be located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: filipiuk.bartek@gmail.com
• Address: ul. Stacyjna 1, 53-613 Wroclaw, Poland