logo
Sign in
Privacy Policy

Effective date: September 1, 2025

YouReply Maker ("YouReply Maker," "we," "us," or "our") provides a centralized dashboard to monitor, manage, and reply to YouTube comments. This Privacy Policy explains how we collect, use, share, and protect information when you visit youreplymaker.com and when you connect your Google/YouTube account to our service (collectively, the "Services").

If you do not agree with this Policy, please do not use the Services. Your use of the Services constitutes consent to the practices described here.

1) Who we are & scope

Website and app: youreplymaker.com and its subdomains.

Intended users: Content creators and businesses that manage YouTube channels.

Roles under data‑protection law (GDPR/UK GDPR):

  • We act as data controller for account, billing, support, and site analytics data.

  • For YouTube channel data you authorize via Google OAuth, we act as your data processor, processing only on your instructions to deliver the Services.

Contact: Questions, requests, or complaints: info@youreplymaker.com.

2) Information we collect

We collect the minimum data necessary to operate the Services:

A. Account & contact data
Name, email address, password (hashed), profile details.
Workspace/organization name, roles, invited users.

B. Google/YouTube OAuth data (when you connect a channel)
Google account ID, email, channel ID(s) and titles.
OAuth access/refresh tokens (encrypted at rest).
Granted scopes and their status.

C. YouTube content & metadata managed in the app
Comment and thread metadata (IDs, authors, timestamps, the comment text you choose to display in the dashboard), moderation actions (your replies, delete, hide, hold) and execution states/errors returned by the YouTube Data API.
We do not collect your Google/YouTube password. We do not download or store your videos.

D. Usage, device & diagnostic data
Log data (IP address, device/browser type, language, referring page, pages viewed, date/time, session identifiers), feature‑usage events, crash/error reports.

E. Billing & payments (if you purchase a plan)
Billing name, email, and limited payment details processed by our payment processor (we do not store full card numbers). Invoices and transaction IDs are retained for tax/audit purposes.

F. Support & communications
Messages you send to support, attachments you upload, feedback, and survey responses.

G. Cookies & similar technologies
Strictly necessary (authentication, security, rate‑limiting), analytics, and marketing/remarketing cookies (see §§10 and 16).

3) How we use information

We process data to:

  • Authenticate users and provide core functions (listing comments, sending replies, managing threads).

  • Maintain and improve the Services (debugging, analytics, feature development, capacity planning).

  • Communicate with you (service emails, account onboarding, security alerts, billing notices and—if you opt in—product updates/marketing).

  • Prevent abuse, fraud, and security incidents; enforce the Terms of Service.

  • Comply with legal obligations (tax, accounting, responding to lawful requests from competent authorities).

We do not sell your personal information.

4) Google API Services User Data Policy — Limited Use

When you connect a Google account, we access Google user data in accordance with the Google API Services User Data Policy, including its Limited Use requirements. In particular:

  • We request minimal scopes (see Appendix A).

  • Data obtained from Google APIs is used only to provide or improve user‑facing features that you interact with (e.g., fetching comments, posting your reply) and is not used for advertising or remarketing (see §16).

  • We do not transfer Google user data to third parties except (i) as necessary to provide or secure the Services as described in this Policy (e.g., cloud hosting, logging), (ii) where required by law, or (iii) with your explicit consent.

  • We do not allow humans to read your Google user data except with your explicit consent, for security/compliance (e.g., investigating abuse), or as strictly necessary and access‑controlled for support.

  • Access tokens and any Google user data we store are encrypted at rest and protected in transit by TLS.

  • You may disconnect at any time (see §8). When you disconnect or delete your account, our access to your Google data ceases and we delete stored Google data within the time frames in §6.

5) Legal bases (EEA/UK)

If you are in the EEA or the UK, we rely on:

  • Contract performance (Art. 6(1)(b)) to provide the Services you request.

  • Legitimate interests (Art. 6(1)(f)) to improve and secure the Services, prevent misuse, and establish/exercise/defend legal claims (balanced against your rights and expectations).

  • Consent (Art. 6(1)(a)) for optional analytics/marketing and when you connect your Google account via OAuth.

  • Legal obligation (Art. 6(1)(c)) for accounting, tax, and responding to lawful requests.

6) Retention

  • Account data: While the account remains active; deleted within 30 days after account deletion (backups may persist up to 90 days). Statutory retention obligations prevail where applicable.

  • OAuth tokens/Google data: Kept while the connection is active; deleted within 30 days after you disconnect or delete the account.

  • Comment metadata & moderation logs: Up to 24 months for history and auditability; you may request earlier deletion.

  • System logs/analytics: Typically up to 12 months.

  • Billing records: Retained for the periods required by tax/accounting laws.

  • De‑identified or aggregated data may be retained indefinitely.

7) How we share information

We share data only with:

  • Service providers/processors: Under written contracts and confidentiality obligations, solely to provide services on our behalf (e.g., cloud hosting, databases, email delivery, error tracking, analytics, payment processing, support tools).

  • Advertising/measurement platforms: Limited site interaction data collected via marketing cookies/pixels may be shared with platforms acting as independent controllers (e.g., Google Ads, Meta, LinkedIn). Google API data is not included in such sharing (see §16).

  • Professional advisors: Lawyers, accountants—subject to confidentiality.

  • Authorities: Where required to comply with law or to protect rights, property, and safety.

  • Business transfers: Your data may be transferred in connection with a merger, financing, acquisition, or asset sale; we will notify you of material changes.

We do not sell personal information and we do not share Google user data for advertising purposes.

8) Your choices & rights

In‑product steps (YouReply Maker):

  • Sign in at youreplymaker.com/user/login.

  • Use Account → My Channels → Action → Disconnect to revoke our access.

  • To permanently remove your data, go to Settings → Account → Delete account.

Disconnecting Google/YouTube

  • In‑product: Account → My Channels → Action → Disconnect. This revokes our access and starts the deletion timetable in §6.

  • From your Google Account: Google Account → Security → Third‑party access → Manage third‑party access → Remove access (for YouReply Maker).

Deleting your account & data

  • In‑product: Settings → Account → Delete account (or contact us). We will delete or anonymize personal data consistent with §6.

GDPR/UK GDPR rights
Right of access, rectification, erasure, restriction, portability, and objection.
Right to withdraw consent at any time (without affecting lawfulness of processing before withdrawal).
Right to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA) rights
We do not sell or share personal information within the meaning of the CPRA.
You may submit requests for access, correction, deletion, and to limit the use of sensitive personal information via info@youreplymaker.com.
Where we engage in cross‑context behavioral advertising (remarketing), we provide a “Do Not Sell or Share My Personal Information” link on our site and honor your choices (see §16).

9) Security

We implement the following technical and organizational measures:

  • Encryption in transit (TLS) and encryption at rest for sensitive data (including OAuth tokens).

  • Access controls, least‑privilege, audit logs, and multi‑factor authentication for administrative access.

  • Regular patching, vulnerability management, and backups.

  • Sub‑processor reviews and data‑processing agreements.

No method is 100% secure; if we learn of a breach affecting your data, we will notify you and relevant authorities as required by law.

10) Cookies, analytics & advertising

We use:

  • Strictly necessary cookies: For sessions and security.

  • Analytics cookies/tags: To understand feature usage and reliability; where feasible, we shorten (mask) IP and produce aggregated reports. Analytics cookies operate with your consent where required.

  • Marketing/remarketing cookies (pixels): To show YouReply Maker ads after you visit our site and to measure campaign performance (see §16). These cookies operate with your consent and can be changed anytime in the Cookie Preferences manager.

Your browser may allow you to block cookies; some features may not function without cookies.

11) International transfers

Your data may be processed in countries other than your own. Where applicable, we rely on mechanisms such as Standard Contractual Clauses (SCCs) and apply additional safeguards.

12) Third‑party links

The Services may contain links to other sites. We are not responsible for their privacy practices; please review their policies before providing personal information.

13) Children’s privacy

The Services are not directed to children under 13 (or 16 in certain regions). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us so we can take appropriate action.

14) Changes to this Policy

We may update this Policy from time to time. We will post the current version on this page and update the Effective date. For material changes, we will notify you by email or in‑app notice.

15) Advertising & remarketing

We use cookies, pixel tags, SDKs, and similar technologies to (i) show YouReply Maker ads to visitors on third‑party sites and apps (remarketing/retargeting) and (ii) measure campaign effectiveness.

Scope & platforms
From time to time we may work with: Google Ads (Display/YouTube), Meta (Facebook/Instagram), LinkedIn, X Ads, TikTok, Pinterest, and similar advertising/measurement services. Not all platforms are active at all times.

Data processed
Marketing tags process cookie/device identifiers, truncated IP address, browser/device information, pages visited and actions taken (e.g., viewing the pricing page), and referrer. With your consent, we may upload email addresses you provided to us (e.g., for an account or newsletter) in hashed (salted) form to create custom audiences / lookalikes.
Google OAuth/YouTube data is strictly excluded from advertising or measurement flows.

Roles & sharing
These platforms typically act as independent controllers; their privacy policies apply. Sharing is limited to site interaction data collected via marketing tags or hashed contact data as described in §7.

Legal bases
In regions like the EEA/UK, marketing cookies and similar technologies operate on consent (GDPR, ePrivacy). In the absence of consent, such tags are not triggered. Some basic measurement may rely on legitimate interests, but marketing/remarketing requires consent.

Your controls

  • Use our Cookie Preferences manager to enable/disable the Marketing category at any time.

  • Platform‑level settings: Google Ads Ad Settings, Meta Ad Preferences, LinkedIn Advertising Preferences, X Personalization, TikTok Personalization and Data, Pinterest Privacy & Data.

  • CPRA (California): For cross‑context behavioral advertising, we provide a “Do Not Sell or Share My Personal Information” link and honor your choices.

Durations & limits
Marketing cookies are generally retained for up to 13 months; campaign measurement logs are typically retained for up to 12 months (aligned with §6). We do not target based on sensitive categories, and we do not engage in interest‑based advertising directed to children.

Transparency
This §16 supplements the cookies section (§10). You can withdraw your marketing consent at any time; withdrawal does not affect the lawfulness of processing before withdrawal.

16) Contact

For questions or requests regarding this Policy or your data: info@youreplymaker.com.

Appendix A — Google scopes we request

  • https://www.googleapis.com/auth/youtube.readonly — to list your channels and videos in the dashboard and display comments/threads.

  • https://www.googleapis.com/auth/youtube.force-ssl — to post replies on your behalf and perform moderation actions (hide, hold, delete).

We request these scopes only when you choose to connect your Google account. We do not request restricted Gmail/Drive scopes, and we do not use Google‑sourced data for advertising.

We use cookies to improve your browsing experience, personalize content, and analyze site traffic. By clicking Allow, you consent to our use of cookies. learn more

Allow