TL;DR SUMMARY
NanoAds collects Google user data (email, name, profile picture) and YouTube account data (channel info, OAuth tokens) exclusively to provide authentication and YouTube video publishing functionality. We store this data securely, share it only with Google services necessary for our functionality, and delete it when you disconnect your account or delete your profile.
1. OVERVIEW
NanoAds is a Chrome extension and web application that helps users generate AI-powered advertisements and publish them to YouTube. We are committed to protecting your privacy and being transparent about our data practices.
2. GOOGLE USER DATA DISCLOSURE
This section specifically addresses how NanoAds accesses, uses, stores, and shares Google user data in compliance with Google's API Services User Data Policy.
What Google User Data We Collect
GOOGLE OAUTH AUTHENTICATION DATA
When you sign in with Google, we collect:
- Email Address: Used for account identification and communication
- Full Name: Used to personalize your account experience
- Profile Picture: Displayed in your account dashboard
- Google User ID: Used to link your Google account with your NanoAds account
YOUTUBE API DATA
When you connect your YouTube account, we collect and store:
- YouTube Channel ID: Unique identifier for your YouTube channel
- YouTube Channel Username/Custom URL: Your channel's custom URL (if set)
- YouTube Channel Display Name: Your channel's public display name
- YouTube Channel Avatar: Your channel's profile picture URL
- OAuth Access Tokens: Secure tokens that allow us to upload videos and manage your YouTube content
- OAuth Refresh Tokens: Used to obtain new access tokens when they expire
- OAuth Scopes Granted: Record of which YouTube API permissions you've authorized
- Video Metadata: When uploading videos, we temporarily store title, description, tags, category, and privacy settings
How We Use Google User Data
We use Google user data exclusively to provide our application's core functionality:
GOOGLE OAUTH DATA USAGE
- Account Creation & Authentication: Your email, name, and profile picture are used to create and maintain your NanoAds account
- User Identification: Your Google User ID links your Google account to your NanoAds account for seamless login
- Account Personalization: Your name and profile picture are displayed in your dashboard
YOUTUBE API DATA USAGE
- Channel Verification: We retrieve your YouTube channel information to verify account connection
- Video Upload: We use OAuth tokens to upload videos you create directly to your YouTube channel
- Video Management: We use OAuth tokens to update video metadata and delete videos when you request it
- Token Management: We automatically refresh expired access tokens to maintain service continuity
WE DO NOT USE GOOGLE USER DATA FOR:
- Advertising or marketing purposes
- Data analytics beyond usage metrics for plan enforcement
- Training AI models
- Any purpose other than providing or improving our application's functionality
How We Store Google User Data
STORAGE LOCATIONS:
- Supabase Database: Your Google OAuth data and YouTube account data are stored in our secure Supabase database
- Chrome Extension Local Storage: For extension users, authentication tokens are stored locally using Chrome's secure storage API
DATA PROTECTION MECHANISMS:
- Encryption in Transit: All data transmission uses HTTPS/TLS encryption
- Encryption at Rest: Sensitive data including OAuth tokens are encrypted in our database
- Row Level Security (RLS): Database access is restricted - users can only access their own data
- Secure Token Storage: OAuth tokens are stored securely and never exposed in client-side code
- Token Expiration: Access tokens automatically expire and are refreshed securely
With Whom We Share Google User Data
We share Google user data only with the following third parties, and only to provide or improve our application's functionality:
GOOGLE SERVICES
- Google OAuth API: We exchange authentication credentials with Google to verify your identity
- YouTube Data API: We send OAuth tokens to YouTube's API to upload videos and manage content on your behalf
- Google Gemini API: We send product images (not Google user data) for AI-powered ad generation
All interactions with Google services are governed by Google's Privacy Policy and YouTube API Terms of Service.
SERVICE PROVIDERS
- Supabase: Our database hosting provider stores your Google user data securely. See Supabase Privacy Policy.
- Stripe: For payment processing. We share your email address with Stripe for payment receipts. Stripe never receives your Google user data. See Stripe's Privacy Policy.
WE DO NOT:
- Sell Google user data to third parties
- Share Google user data with third parties for advertising purposes
- Transfer Google user data to third parties except as necessary to provide our service
Data Retention and Deletion
RETENTION PERIOD:
- Active Accounts: Google user data is retained while your NanoAds account is active
- YouTube Connection: YouTube account data and tokens are retained until you disconnect your YouTube account or delete your NanoAds account
- Video Metadata: Scheduled post metadata is retained until the post is published or cancelled, then deleted
DELETION RIGHTS:
- Disconnect YouTube Account: You can disconnect your YouTube account at any time through your dashboard. This immediately deletes all YouTube-related data
- Delete Account: You can delete your entire NanoAds account, which will permanently delete all Google user data
- Data Deletion Request: Contact us at [email protected] to request deletion
- Revoke Access: You can revoke Google OAuth permissions through your Google Account settings
3. GENERAL DATA COLLECTION
What We Store Locally (In Your Browser - Chrome Extension)
- User Account Info: Email, name, profile picture (from Google OAuth)
- Product Images: Temporarily stored in browser memory during ad generation
- User Preferences: Extension settings stored locally
- Authentication Token: Secure session token for API access
What We Store on Our Servers
- User Account: Email, name, profile picture, Google ID, subscription plan, usage statistics
- Usage Metrics: Number of ads generated (for plan limit enforcement)
- Payment Information: Managed securely by Stripe (we never see your card details)
- Generated Content: URLs to generated ad images stored in cloud storage
What We Do NOT Collect or Store
- Your uploaded product images (processed in memory only, never saved)
- Browsing history
- Cookies or tracking data beyond authentication
4. TECHNICAL INFORMATION
When you use NanoAds, we may automatically collect certain technical information:
- IP Address: Used for security monitoring and fraud prevention
- Browser Type: To ensure compatibility and troubleshoot issues
- Device Information: Operating system and device type for service optimization
- Access Times: Timestamps of when you access our service
- Error Logs: Technical errors for debugging and improving our service
This technical data is used solely for maintaining service quality, security, and troubleshooting. It is not used for advertising or sold to third parties.
6. HOW YOUR DATA IS USED
- Account Information: Used for authentication and subscription management
- Product Images: Sent to our secure backend, processed by Google's Gemini API, then immediately discarded
- Generated Ads: Stored in cloud storage and displayed in your dashboard
- Usage Statistics: Track your monthly/daily generation limits based on your plan
- YouTube Integration: Upload and manage videos on your YouTube channel as described above
7. AI TRAINING AND YOUR DATA
We want to be transparent about how your data relates to AI training:
Our Commitment
- We do NOT train AI models on your data: Your product images, generated ads, and personal information are never used to train our AI systems
- Third-party AI processing: We use Google's Gemini API for ad generation. Google's data practices are governed by their own policies
- Your content remains yours: We do not claim any ownership or training rights over your uploaded images or generated content
Opt-Out Rights
If you have any concerns about your data being used for any purpose beyond the core functionality of our service, you can contact us at [email protected] to discuss your specific concerns and opt-out options.
8. THIRD-PARTY SERVICES
GOOGLE OAUTH
OAuth for secure sign-in. Google provides us with your email, name, and profile picture. This is governed by Google's Privacy Policy.
GOOGLE GEMINI API
When you generate an ad, the following data is sent to Google's Gemini API via our secure backend:
- Your product image (base64 encoded)
- The reference ad image (base64 encoded)
- Our server-side API key (your personal API key is NOT required)
STRIPE
Payment processing is handled by Stripe. We never see or store your credit card information. Stripe's privacy practices are governed by Stripe's Privacy Policy.
FACEBOOK ADS LIBRARY
The extension operates on facebook.com/ads/library pages but does NOT:
- Collect your Facebook data
- Access your Facebook account
- Track your browsing on Facebook
9. INFORMATION SHARING
We may share your information in the following circumstances:
Service Providers
We share data with trusted third-party service providers who assist us in operating our service, as detailed in the Third-Party Services section above.
Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to:
- Comply with a legal obligation
- Protect and defend our rights or property
- Prevent or investigate possible wrongdoing
- Protect the personal safety of users or the public
Business Transfers
If NanoAds is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy. You will have the option to delete your account before such transfer takes place.
What We Never Do
- Sell your personal data to third parties
- Share your data with advertisers
- Provide your data to data brokers
10. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.
Transfer Safeguards
- Supabase: Our database provider operates with data centers in various regions and complies with GDPR requirements
- Google Services: Google complies with applicable data protection frameworks for international transfers
- Stripe: Stripe is certified under the EU-US Data Privacy Framework
Your Rights for International Transfers
If you are located in the European Economic Area (EEA), UK, or Switzerland, we ensure that any international transfers of your personal data are protected by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.
11. DATA SECURITY
- API keys and tokens are stored using secure encryption
- All API communications use HTTPS/TLS encryption
- Database access is protected with Row Level Security (RLS) policies
- Sensitive data is encrypted at rest in our database
- OAuth tokens are stored securely and never exposed in client-side code
12. YOUR RIGHTS
You have complete control over your Google user data and all personal data. Depending on your location, you may have the following rights:
Access and Control
- Right to Access: You can view all your account data through your dashboard or request a copy from us
- Right to Rectification: You can correct inaccurate personal data by updating your profile or contacting us
- Right to Deletion: You can delete your account or disconnect YouTube at any time, and request deletion of all your data
- Right to Data Portability: You can request a copy of your data in a structured, commonly used format
Processing Controls
- Right to Restrict Processing: You can request that we limit how we use your data
- Right to Object: You can object to processing of your personal data in certain circumstances
- Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time
- Revoke OAuth Access: You can revoke Google OAuth permissions through your Google Account settings
Exercising Your Rights
To exercise any of these rights, you can:
- Use the account settings in your dashboard
- Contact us at [email protected]
We will respond to your request within 30 days. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.
13. CHILDREN'S PRIVACY
NanoAds is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age.
- Age Requirement: You must be at least 13 years old to use NanoAds
- Parental Consent: If you are between 13 and 18, you should review this policy with a parent or guardian
- Discovery of Child Data: If we learn that we have collected personal information from a child under 13, we will delete that information promptly
If you believe we have collected information from a child under 13, please contact us immediately at [email protected].
14. CHANGES TO THIS POLICY
We may update this privacy policy to reflect changes in our practices or for legal, operational, or regulatory reasons. If we make material changes to how we use Google user data, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email if you have an account with us
- Display a prominent notice in our application
Continued use of our service after changes constitutes acceptance of the updated policy.
15. TERMS OF SERVICE
By using NanoAds, you agree to our Terms of Service.
16. COMPLIANCE
This application complies with:
- Google API Services User Data Policy
- YouTube API Terms of Service
- Chrome Web Store Developer Program Policies
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
17. CONTACT
For privacy questions, concerns, or to request deletion of your Google user data, please contact us at [email protected]