Privacy Policy - Cipher Archives

1. Introduction

This Privacy Policy describes how Cipher Archives ("the App," "we," "our," or "us"), operated by Bur Oak Management, collects, uses, stores, and protects information in connection with its use of the YouTube Data API v3 and other Google API Services.

Cipher Archives is a media production and publishing tool operated by a single entity ("the Operator") for the sole purpose of managing the Operator's own YouTube channel and related content workflows. The App is not a multi-tenant service. It does not have end users other than the Operator, it is not offered to the public, and it does not solicit or accept registrations from third parties.

This policy is published in compliance with the Google API Services User Data Policy and the YouTube API Services Terms of Service. It also addresses applicable provisions of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Information We Collect

The App collects no personal data from end users, because it has no end users other than the Operator. The only data that flows through the App is the Operator's own YouTube channel data, authorized via Google OAuth 2.0.

Specifically, the App may access the following categories of information from the Operator's own Google and YouTube account:

YouTube channel ID, channel title, and basic channel metadata.
Video metadata for videos owned and uploaded by the Operator, including titles, descriptions, tags, thumbnails, categories, privacy status, scheduled publish times, and upload timestamps.
Video file binaries that the Operator explicitly instructs the App to upload from local storage to the Operator's own YouTube channel.
Caption files, end screens, cards, and similar metadata that the Operator attaches to the Operator's videos.
Aggregate analytics summaries on the Operator's own videos, used solely for upload verification and performance review.

The App does not access any other Google account, any other YouTube channel, any subscriber data, any viewer comments containing personally identifiable information, any private messages, or any data belonging to any person other than the Operator.

The App does not collect cookies, browser fingerprints, IP addresses, device identifiers, location data, biometric information, or any other tracking signals.

3. How We Use the Information

Information accessed by the App is used exclusively for:

Uploading video files from the Operator's local computer to the Operator's own YouTube channel.
Setting or updating metadata on the Operator's videos, including titles, descriptions, tags, thumbnails, scheduled publish times, and privacy status.
Verifying that uploads completed successfully and logging results locally.
Producing summary status reports for the Operator's own review.

The App does not use any data for advertising, profiling, training machine learning models, selling, sharing, or any purpose unrelated to the Operator's own content workflow.

4. How We Store the Information

All credentials and tokens are stored exclusively on the Operator's local computer hardware:

OAuth refresh tokens and access tokens are stored in gitignored files inside the Operator's local home directory.
API keys for related services are stored in gitignored .env files on the same local machine.
Operational logs are written to local disk and never uploaded anywhere.
No tokens, credentials, video metadata, or analytics data are transmitted to any cloud storage, third-party server, or any service other than Google's own YouTube Data API endpoints.

The Operator's computer is protected by full disk encryption, an operating system account password, and physical access control.

5. Sharing of Information

The App does not share any information with any third party. There is no advertising network, analytics provider, error reporting service, marketing partner, affiliate, or data broker involved. The only network destination is Google's official YouTube Data API v3 endpoints.

6. Data Retention

Data accessed by the App is retained on the Operator's local machine at the Operator's discretion. The Operator may delete any stored token, log, or cached metadata at any time by removing the corresponding local file.

Revoking Access: The Operator may revoke the App's access at any time by visiting Google Account Permissions and removing the Cipher Archives entry. Once revoked, the App can no longer obtain new data from Google APIs and any previously stored tokens become inert.

7. Your Rights

Although the App has no users other than the Operator, the following rights are acknowledged in good faith for any individual whose data might theoretically be implicated:

Right to Access -- You have the right to know what personal information is held about you.
Right to Rectification -- You have the right to correct inaccurate personal information.
Right to Erasure -- You have the right to request deletion of any personal information held about you.
Right to Restrict Processing -- You have the right to request that processing be limited.
Right to Data Portability -- You have the right to receive your information in a structured, commonly used format.
Right to Object -- You have the right to object to processing of your information.
Right to Withdraw Consent -- You have the right to withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us using the information in Section 10.

8. Children's Privacy

The App is not directed at children under the age of 13 (or under 16 where applicable) and does not knowingly collect any information from children. The App has no public surface through which a child could interact with it.

9. Security

The App relies on the security of the Operator's local operating system, local disk encryption, and Google's own OAuth 2.0 security infrastructure. The Operator is responsible for keeping the local machine patched, password-protected, and physically secure.

10. Contact

For any question about this Privacy Policy, or to exercise any right described in Section 7:

Email: jarvis.wyatt.youtube@gmail.com
Entity: Bur Oak Management

11. Google API Services Disclosure

Cipher Archives' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

12. Changes to This Policy

This Privacy Policy may be updated from time to time. The Effective Date at the top will be revised whenever a material change is made. Continued operation of the App after a change constitutes acceptance of the updated policy.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Iowa, United States of America, without regard to its conflict of law principles.