Effective July 11, 2026
Privacy Policy
AmberDetect is built around temporary public scans and short-lived creator data. This policy explains what is processed, why, and when it is deleted.
1. Who we are
AmberDetect provides independent AI-assisted analysis of YouTube comments. Contact the data controller at privacy@amberdetect.com.
2. Public scans
When you submit a public YouTube URL, we fetch public video metadata and up to 300 recently returned public comment items through the YouTube Data API. We send comment text—not public author names or avatars—to our AI provider for classification. Provider requests disable model-training storage where supported.
Public scans stream results to your browser. They do not create saved video records or permanent raw-comment detection events. A 24-hour cache may retain a one-way text hash and AmberDetect labels so identical text does not require another AI request. The hash is not a copy of the comment.
We process operational data such as a request identifier, coarse rate-limit signals, timing, error code, and aggregate usage to protect capacity and diagnose failures. Public results redact author identity.
3. Accounts and connected channels
Basic Google sign-in provides identity data such as your name, email address, profile image, and Google account identifier. It does not grant YouTube access.
If you explicitly choose “Connect YouTube,” Google may provide an access token, refresh token, granted scopes, and channels associated with your account. We use that access only to load and manage data for a channel you own. Ownership is checked before a report is saved or a moderation request is accepted.
You can disconnect YouTube independently of billing. We then revoke the Google token where possible, remove stored tokens and scopes, and enqueue deletion of stored YouTube data.
4. YouTube data and AmberDetect analysis
Video titles, thumbnails, channel identifiers, comment text, public author data, and counts are YouTube-sourced content. Fraud, spam, toxicity, political-topic content, questions, feedback, appreciation, confidence, sentiment, and aggregate audience signals are independent AmberDetect analysis and are not YouTube metrics or endorsements.
The political-topic category describes only text content. AmberDetect does not infer political affiliation—or any other protected trait—about a commenter, creator, or audience.
5. Retention
| Data | Maximum retention |
|---|---|
| Public raw comment text and identity | Stream only; not saved as public records |
| Text-hash classification cache | 24 hours |
| Connected-channel titles, thumbnails, names, authors, and comment text | 27 days, then refreshed or deleted |
| Feedback that still contains YouTube text | 27 days, or reduced sooner to non-identifying telemetry |
| AmberDetect-only derived aggregates | Up to 35 months, only while the applicable YouTube derived-metrics approval remains valid |
| OAuth tokens | Until disconnect, revocation, expiry, or account deletion |
| Account and billing records | While the account is active and as required for legal, tax, fraud-prevention, or dispute obligations |
Authenticated cleanup runs daily; database TTL is a fallback. YouTube revocation and deletion jobs are designed to complete within seven days. Expired raw metadata is not displayed unless refreshed from YouTube.
6. Processors and disclosures
We use service providers for hosting, database storage, authentication, AI classification, email delivery, error monitoring, and payment processing. They process data only to provide those services under their own contractual and security obligations. YouTube-sourced content is also governed by the Google Privacy Policy and YouTube API terms.
We may disclose information when legally required, to protect users or the service, or during a corporate transaction. We do not sell YouTube API data or use it to build advertising profiles.
7. Analytics and outreach email
Product analytics load only after consent. You can accept or decline from the consent control and change your choice by clearing the site’s consent setting. Essential authentication, security, and billing storage does not require analytics consent.
Emails may use a pseudonymous link or open identifier plus a timestamp and one-way IP hash to measure delivery and response. Each marketing email includes an unsubscribe link. We do not collect a user-agent string for new outreach events.
8. Your choices and rights
Depending on your location, you may request access, correction, export, restriction, objection, or deletion. In Account, you can disconnect YouTube or delete the account. You can also revoke AmberDetect in Google Account permissions.
Send privacy requests to privacy@amberdetect.com. We may verify your identity before completing a request.
9. Security, children, and changes
We use encryption in transit, access controls, restricted service credentials, short retention, and operational monitoring. No system is perfectly secure. AmberDetect is not directed to children under 13, and we do not knowingly create accounts for them.
We will update the effective date when this policy changes and provide additional notice for material changes when appropriate.