Privacy Policy

This Privacy Policy describes how Autopilot Videos (“we”, “us”, or “our”) collects, uses, and shares information when you use our short-form video automation platform available at https://autopilotvideos.com (the “Service”).

We are committed to protecting your privacy and being transparent about what data we access, why we need it, and how you can control it.

Account information

When you create an account, we collect your name, email address, and (if you sign in with Google) your Google profile picture.

YouTube channel data (via Google OAuth and YouTube API Services)

Autopilot Videos uses YouTube API Services to verify ownership of and upload videos to YouTube channels you have explicitly connected. By connecting a YouTube channel toAutopilot Videos, you also agree to the YouTube Terms of Service and the Google Privacy Policy. You can revoke Autopilot Videos’s access at any time at myaccount.google.com/permissions.

When you connect a YouTube channel, you authorize Google to share limited access with us via OAuth 2.0. Specifically, we request these scopes:

• https://www.googleapis.com/auth/youtube.readonly — to identify which YouTube channel(s) you own and read basic channel metadata (channel ID, name, default language) and public channel statistics (subscriber count, view count, video count). Used so you can confirm and select which channel to publish to before any upload occurs, and to display your channel’s public stats on your dashboard. We do not read your individual videos, comments, playlists, subscriptions, or YouTube Analytics under this scope.
• https://www.googleapis.com/auth/youtube.upload — to upload videos you have created in Autopilot Videos to the YouTube channel you have connected. This is the only write scope we request. It does not authorize comment, playlist, subscription, analytics, or any other write operation.
• openid, email, profile — to identify your Google account for account linking.

Autopilot Videos does not read, post, moderate, or otherwise interact with comments on your videos or anyone else’s. Autopilot Videosdoes not modify videos after upload, does not set custom thumbnails, does not enumerate or read videos uploaded outsideAutopilot Videos, and does not access YouTube Analytics beyond the public statistics listed above.

Google user data we store

• YouTube channel ID and channel name — to associate uploaded videos with the correct channel and display it on your dashboard.
• OAuth tokens (access token and refresh token) — both encrypted at rest with AES-256-GCM (see Section 3). The short-lived access token authorizes upload calls; the refresh token is used solely to obtain a new access token when the current one expires. Both are discarded on account deletion or when you revoke access at myaccount.google.com/permissions.
• Google account ID, email, name, profile picture (from openid/email/profile) — to identify your account at sign-in and personalize the in-app experience.

Content you create

Video scripts, slide content, channel configuration, scheduling preferences, and other data you provide while using the Service.

Usage data

Anonymized request logs, video generation history, and publishing outcomes, retained to provide the Service and diagnose failures.

Payment information

If you subscribe to a paid tier, payment processing is handled by our payment provider. We do not store full credit card numbers. We retain subscription status, billing email, and payment receipts.

We use the information we collect to:

• Publish videos to your YouTube channel at the times you schedule
• Generate AI-assisted video content based on your preferences
• Send service-related notifications (auth expiry, publish failures, account verification)
• Provide customer support when you reach out to us
• Process subscription payments and send billing receipts
• Detect and prevent fraud, abuse, and security incidents
• Diagnose pipeline failures and measure feature reliability using aggregated, de-identified service telemetry (e.g., publish-success rates, render-error counts) — not individual YouTube content or channel data

We do not use YouTube data for advertising, user profiling, or resale. YouTube data is used solely to deliver the autopilot publishing feature you asked us to perform.

• Encryption at rest: OAuth access and refresh tokens are both encrypted with AES-256-GCM before being stored in our database. Encryption keys are stored in AWS SSM Parameter Store under a KMS envelope and are accessible only to our production servers via scoped IAM roles.
• Encryption in transit: All traffic between your browser, our servers, and Google's APIs is encrypted via TLS 1.2+.
• Scope minimization: We request only the OAuth scopes strictly necessary to deliver the features you've enabled.
• Access controls: Production database and secret access is limited to a small number of authorized personnel, audited via CloudTrail.
• Incident response: We monitor for failed authentications, anomalous publish patterns, and token decryption failures, and have established procedures to respond to suspected security incidents.

We share information only in these limited circumstances:

• With YouTube: We call the YouTube Data API on your behalf to publish videos you've scheduled. Your use of YouTube is subject to the YouTube Terms of Service and the Google Privacy Policy.
• With our infrastructure providers: Hosting (AWS), email delivery (SendGrid), payment processing (if subscribed). These providers process data only on our instructions and under contractual confidentiality obligations.
• To comply with the law: If required by valid legal process, we may disclose information to authorities. We will notify you unless prohibited from doing so.

We do not sell your personal information or your YouTube data to anyone.

• OAuth tokens: the refresh token is retained until you revoke access (either from your Google Account permissions page or by deleting your Autopilot Videos account). The access token is short-lived (Google issues a new one approximately every hour); the most recent encrypted access token is retained alongside the refresh token and discarded on the same revocation/deletion event.
• Account data: retained for the lifetime of your account. On a deletion request submitted to hello@autopilotvideos.com (Section 6), we will delete your encrypted OAuth tokens, profile fields, channel associations, and content history within 30 days.
• Published video metadata: retained indefinitely for your historical record and analytics.
• Service logs: retained for up to 90 days for debugging and abuse detection.
• Billing records: retained for 7 years to comply with tax and financial regulations.

You have the following rights regarding your data:

• Revoke OAuth access at any time via myaccount.google.com/permissions. Revocation is effective immediately on Google's side; our stored token becomes unusable.
• Export your data — email hello@autopilotvideos.com and we'll send a machine-readable archive within 30 days.
• Delete your account and all associated data by emailing hello@autopilotvideos.com from the address on your account. We will acknowledge receipt within 5 business days and complete the deletion within 30 days, including your encrypted OAuth tokens, profile data, channel associations, and content history. Aggregated/de-identified telemetry that cannot be linked back to you may be retained. Billing records are retained for 7 years to comply with tax and financial regulations (Section 5).
• Correct inaccurate data by emailing hello@autopilotvideos.com from the address on your account. We will correct verified inaccuracies within 30 days. Some fields (such as your linked Google email) are controlled by Google and can be changed only by editing your Google account.
• Opt out of non-essential emails via the unsubscribe link in each email. We will still send critical service emails (auth expiry, billing, security) regardless.

Autopilot Videos’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide or improve user-facing features that are prominent in the Autopilot Videos user experience. We do not use or transfer Google user data for serving ads, including retargeting, personalized, or interest-based advertising. We do not allow humans to read Google user data except (a) with the user’s explicit consent for specific data, (b) for security purposes, or (c) when required by law. We do not sell Google user data.

The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it.

Our servers are located in the United States (AWS us-east-1). If you access the Service from outside the United States, your information will be transferred to and processed there, where privacy laws may differ from those of your jurisdiction.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, send an email notification to registered users at least 30 days before the change takes effect.

If you have any questions about this Privacy Policy or our data practices, contact us at hello@autopilotvideos.com.