Last updated: February 22, 2026
TL;DR: AmberDetect analyzes publicly visible comment text to detect scams, spam, and harmful content. We do not collect personal information, browsing history, or platform account credentials. We do not sell, rent, or share your data with third parties for advertising purposes.
AmberDetect ("we", "our", or "us") operates the AmberDetect browser extension (the "Extension"), the AmberDetect website at amberdetect.com (the "Website"), and the AmberDetect dashboard at dashboard.amberdetect.com (the "Dashboard") — collectively referred to as the "Service."
This Privacy Policy describes what information we collect, how we use it, who we share it with, and what choices you have. We are committed to transparency and to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
By installing the Extension, using the Dashboard, or visiting the Website, you agree to the practices described in this Privacy Policy. If you do not agree, please uninstall the Extension and discontinue use of the Service.
This Privacy Policy covers:
When you browse YouTube or TikTok with the Extension installed, it reads publicly visible comment text on the page and analyzes it for scam, spam, fraud, toxic, and political content. This analysis occurs in two stages:
We collect minimal, anonymous usage statistics to monitor service health and improve detection accuracy:
Telemetry is tied to a randomly generated installation ID (a 32-character hex string) that is not linked to your identity, browser profile, or any platform account. You can delete your telemetry data at any time from the Extension settings, which sends a deletion request to our server.
If you choose to sign in to the Dashboard using Google OAuth, we receive and store:
If you grant optional YouTube API access (via the "Connect YouTube" button in the Dashboard), we also receive a scoped OAuth token that allows the Dashboard to:
commentThreads.list and
comments.list for AI-powered scam, spam, and toxicity
analysis displayed in the Creator Dashboard.comments.delete,
comments.setModerationStatus, and
comments.markAsSpam. All moderation actions are
100% user-initiated — we never take automated moderation actions without your explicit confirmation.AmberDetect's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:
You can revoke AmberDetect's YouTube access at any time via your Google Account Permissions. Revoking access immediately prevents any further YouTube API calls from AmberDetect.
Paid subscriptions are processed through Stripe. We do not receive, process, or store your credit card number, CVV, or full card details. Stripe provides us with only a customer ID, subscription status, and the last four digits of your card for display purposes. See Stripe's Privacy Policy.
The AmberDetect website uses Google Analytics 4 (GA4) to understand traffic patterns. Analytics are loaded only after you explicitly accept cookies via the consent banner. If you decline, no analytics scripts are loaded and no tracking occurs. GA4 data is anonymous and aggregated.
Our API server (hosted on AWS Lambda) generates access logs that may temporarily include IP addresses, request timestamps, and HTTP status codes. These logs are used exclusively for debugging, abuse prevention, and rate limiting. Server logs are automatically purged after 30 days.
We explicitly do not collect, store, or transmit:
Comment text sent to our API is classified by AI models into seven categories: fraud, spam, toxic, political, question, feedback, and appreciation. Each category receives a confidence score (0.0–1.0). The classification result is returned to your Extension in real-time and cached temporarily (up to 24 hours) so the same comment doesn't need to be re-analyzed. The original comment text is:
Anonymous telemetry data helps us:
Dashboard account data is used to authenticate you, display your analytics, manage your subscription, and link your Extension installations to your account for synchronized settings and quota tracking.
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Comment text analysis via API | Legitimate interest (providing the core service) |
| Anonymous telemetry collection | Legitimate interest (service improvement) |
| Google OAuth sign-in (Dashboard) | Consent (user-initiated sign-in) |
| Payment processing via Stripe | Contractual necessity (fulfilling subscription) |
| Website analytics (GA4) | Consent (cookie banner acceptance) |
We use the following third-party services to operate AmberDetect. We share only the minimum data necessary for each service to function:
Comment text is sent to Microsoft Azure OpenAI Service for AI-powered classification. Azure OpenAI receives only the raw comment text — no personal identifiers. Data is processed in accordance with Microsoft's enterprise data protection policies and is not used to train AI models. See Azure OpenAI Data Privacy.
When Azure OpenAI is unavailable, comment text may be routed to OpenAI as a fallback. The same data minimization principles apply. See OpenAI Privacy Policy. We use the OpenAI API with data processing agreements — your data is not used to train OpenAI's models.
Our API server runs on AWS Lambda in the EU-Central-1 (Frankfurt, Germany) region. User data and detection caches are stored in Amazon DynamoDB. AWS is SOC 2, ISO 27001, and GDPR compliant. See AWS Privacy Notice.
Subscription payments are handled entirely by Stripe. We never see or store your full payment card details. Stripe is PCI-DSS Level 1 compliant. See Stripe Privacy Policy.
The Dashboard web application is hosted on Vercel. See Vercel Privacy Policy.
Google OAuth is used for Dashboard authentication. If you connect your YouTube account, we use the YouTube Data API v3 to fetch and moderate comments on your behalf (see Section 3.3 for full details). Google Analytics 4 is used on the Website (consent-gated). See Google Privacy Policy.
AmberDetect's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell, rent, or trade your data to any third party. We do not share data with data brokers, advertisers, or any entity not listed above.
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Comment text (API cache) | 24 hours | Automatic TTL expiry in DynamoDB |
| Detection results (server cache) | 24 hours | Automatic TTL expiry in DynamoDB |
| YouTube OAuth access token | Until revoked or account deleted | Revoke via Google Account Permissions or delete account |
| Anonymous telemetry | Retained while account/installation exists | User-initiated deletion from Extension settings |
| Dashboard account data | Until account deletion | User request via email |
| User feedback on detections | Retained to improve model accuracy | User request via email |
| Server access logs | 30 days | Automatic AWS CloudWatch log expiry |
| Local Extension data (browser storage) | Until Extension is uninstalled | Browser handles deletion on uninstall |
We implement industry-standard security measures to protect your data:
No system is perfectly secure. If you discover a security vulnerability, please report it to support@amberdetect.com.
The Extension requests the following browser permissions. Each is necessary for the core functionality:
| Permission | Why It's Needed |
|---|---|
| storage | Store your settings, detection cache, and anonymous installation ID locally in your browser. |
| alarms | Schedule periodic telemetry uploads and cache cleanup in the background service worker. |
| Host: youtube.com | Read and annotate comments on YouTube video pages and YouTube Studio. |
| Host: tiktok.com | Read and annotate comments on TikTok video pages. |
| Host: api.amberdetect.com | Send API requests for AI-powered comment analysis and receive classification results. |
The Extension does not request permissions for: tabs, webNavigation, cookies, history, bookmarks, downloads, notifications, geolocation, camera, microphone, or clipboard access.
The Dashboard is an optional companion to the Extension. You can use the Extension fully without ever creating a Dashboard account.
If you sign in to the Dashboard with Google:
You can request full account deletion by emailing support@amberdetect.com. We will delete all associated records (user, settings, accounts, OAuth tokens, linked devices, and telemetry) within 30 days. If you have connected YouTube, your OAuth tokens will also be purged; we recommend revoking access via Google Account Permissions as well to ensure no refresh tokens remain active.
If you are located in the EEA or UK, you have the right to: access your personal data, rectify inaccuracies, erase your data, restrict processing, object to processing, and data portability. To exercise these rights, contact us at support@amberdetect.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Our servers are located in the European Union (AWS EU-Central-1, Frankfurt, Germany). If you are located outside the EU, your data will be transferred to and processed in the EU. We rely on standard contractual clauses and the service providers' data processing agreements (AWS, Stripe, Vercel) to ensure adequate data protection for international transfers.
AmberDetect is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child under the applicable minimum age has used our Service or provided personal data, please contact us at support@amberdetect.com and we will promptly delete such data.
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
To exercise your CCPA rights, contact us at support@amberdetect.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
Continued use of AmberDetect after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all privacy-related inquiries within 30 days.
Summary: We analyze publicly visible comment text to protect you from scams — that's it. We don't collect personal information beyond what's needed for Dashboard accounts. We don't sell your data. We delete cached comment text within 24 hours. You can uninstall the Extension or delete your account at any time.