Privacy Policy

Last updated: March 28, 2026

At SageTube ("we", "us", "our"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website at sagetube.ai, our Chrome browser extension, and related services (collectively, the "Service"). This policy is in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

We collect and process the following categories of personal data:

• Account Information: Name and email address when you register for an account.
• Usage Data: IP address, browser type, device information, pages visited, and interaction patterns with the Service.
• Payment Information: Billing details and transaction history, processed securely through our payment provider Stripe. We do not store your full credit card details on our servers.
• User Content: YouTube video URLs, PDF documents, and other content you submit to the Service for processing and analysis.
• AI Interaction Data: Chat queries, conversations with AI Experts, and search queries you make within the Service.
• Chrome Extension Data: When you use the SageTube Chrome extension, it collects YouTube video metadata (titles, descriptions, URLs) from pages you interact with. The extension only activates on YouTube pages and only transmits data when you explicitly use its features.
• Mobile Application Data: When you use the SageTube mobile app, we collect device information (device model, OS version), authentication tokens, and Firebase Cloud Messaging (FCM) device tokens for push notification delivery. FCM tokens are hashed and stored securely. Stale tokens are automatically pruned when they become invalid.
• Guest Trial Data: If you use the Service without creating an account (Guest Trial), we may collect limited technical data such as your IP address, browser information, and session-level interaction data. This data is ephemeral and is not linked to a persistent identity.
• Pulse Subscriber Data: If you subscribe to receive Live Knowledge Pulse email notifications for a public Expert, we collect your email address and a unique subscriber token. This data is used solely for delivering digest notifications and is retained until you unsubscribe or the subscription is pruned after a period of inactivity.
• Creator Monetization Data: If you enable Creator Monetization, Stripe collects and processes your identity verification, bank account, and payout information as part of the Stripe Connect onboarding. SageTube stores your Stripe Connect account ID and transaction records but does not store your banking details.

2. How We Use Your Information

Your personal data is used for the following purposes:

• Service Provision: To operate the Service, including processing your content through AI models, generating transcriptions, creating vector embeddings for search, and enabling conversations with AI Experts.
• Account Management: To manage your account, subscriptions, wallet balance, and usage tracking.
• Communication: To respond to support requests, send service notifications, and provide important updates about your account or the Service.
• Analytics and Improvement: To understand how users interact with the Service and to improve its functionality and performance.
• Legal Compliance: To comply with legal obligations, enforce our terms of service, or protect our legal rights.
• Marketing: With your consent, to send promotional content that may interest you. You can opt out at any time.

3. AI Processing and Automated Decision-Making

SageTube uses artificial intelligence to provide its core features. This involves:

• Content Processing: Your submitted content (YouTube videos, PDFs) is processed by AI models to generate transcriptions, summaries, and vector embeddings that enable semantic search and AI-powered conversations.
• AI Chat Responses: When you interact with AI Experts, your queries are processed by third-party AI models to generate responses. These responses are generated automatically but do not constitute legally or similarly significant decisions about you.
• Embeddings and Vector Storage: Your content is converted into numerical vector representations and stored in a vector database to enable intelligent search and retrieval.

You have the right to request human review of any AI-generated output and to understand the logic involved in automated processing of your data.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Performance of Contract (Article 6(1)(b) GDPR): Processing necessary to provide the Service you have subscribed to, including AI content analysis, transcription, and chat functionality.
• Consent (Article 6(1)(a) GDPR): For marketing communications and analytics cookies. You may withdraw consent at any time.
• Legal Obligation (Article 6(1)(c) GDPR): To comply with applicable laws, such as tax and accounting requirements.
• Legitimate Interests (Article 6(1)(f) GDPR): For service improvement, fraud prevention, and security. We balance these interests against your rights and freedoms.

5. Third-Party Sub-Processors

We share your data with the following categories of third-party service providers who process data on our behalf:

• AI and Machine Learning: OpenAI (USA) and Google Gemini (USA) process your content and queries to provide AI chat, embeddings, and transcription services. Your content is sent to these providers for processing and is subject to their respective data processing agreements.
• Transcription: OpenAI Whisper API (USA) and AssemblyAI (USA) process audio content to generate text transcriptions.
• Cloud Infrastructure: Google Cloud Platform (EU region: europe-west1) hosts the Service, stores your data, and provides computing resources.
• Payment Processing: Stripe (USA) processes payments securely. Stripe is PCI DSS Level 1 certified.
• Analytics: PostHog (EU instance) collects anonymized usage data to help us improve the Service.
• Email: SendGrid (USA) delivers transactional emails such as account verification and password resets.
• Push Notifications: Firebase Cloud Messaging (Google, USA) delivers push notifications to mobile app users. FCM device tokens are transmitted to Google for notification delivery.
• Creator Payments: Stripe Connect (USA) processes creator monetization payouts. Creator identity and banking information is collected and stored by Stripe.

We also disclose data when required by law, to regulatory authorities, or in connection with a merger, acquisition, or sale of assets.

6. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA) on Google Cloud Platform servers in Belgium (europe-west1). However, some of our sub-processors are based in the United States. When your data is transferred outside the EEA, we ensure adequate protection through:

• EU-U.S. Data Privacy Framework certifications where applicable.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions by the European Commission where available.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Retained for the duration of your account and deleted upon request, subject to legal retention requirements.
• User Content: Transcriptions, embeddings, and uploaded documents are retained while your account is active. You can delete individual items or your entire account at any time.
• Chat History: AI conversation history is retained while your account is active and deleted when you delete a chat session or your account.
• Payment Records: Retained for up to 7 years to comply with tax and accounting obligations.
• Usage Logs: Aggregated analytics data is retained for up to 12 months.
• Mobile Device Tokens: FCM tokens are retained while your account is active. Stale tokens (unregistered devices) are automatically pruned. All tokens are deleted upon account deletion.
• Pulse Subscriber Data: Email addresses and subscriber tokens are retained until unsubscription or automatic pruning after 365 days of inactivity.
• Guest Trial Data: Session data from guest access is ephemeral and may be deleted at any time. No persistent personal data is retained for unregistered visitors.
• Creator Monetization Records: Transaction records and Stripe Connect account associations are retained for up to 7 years to comply with tax and accounting obligations.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing (Article 18): Request limitation of how we process your data.
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us at the email address below. We will respond within 30 days of receiving your request.

9. Cookies and Tracking

Our website uses the following types of cookies:

• Essential Cookies: Required for the Service to function, including session management and CSRF protection. These cannot be disabled.
• Analytics Cookies: PostHog analytics cookies help us understand how visitors use the Service. These are loaded via Google Tag Manager and can be managed through your browser settings.

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Access controls and authentication for all systems.
• Regular security assessments of our infrastructure.
• Network security policies restricting communication between services.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Articles 33 and 34.

11. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. For significant changes, we will notify you via email or a prominent notice on the Service before the changes take effect.

13. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:

Email: ...