[{"data":1,"prerenderedAt":676},["ShallowReactive",2],{"privacy":3},{"id":4,"title":5,"body":6,"description":668,"extension":669,"meta":670,"navigation":671,"path":672,"seo":673,"stem":674,"__hash__":675},"content\u002Fprivacy.md","Privacy Policy",{"type":7,"value":8,"toc":648},"minimark",[9,14,22,27,30,33,56,60,75,98,105,112,118,122,125,131,134,138,141,187,192,196,205,219,223,253,272,278,288,292,346,350,357,360,403,409,412,416,419,451,454,457,461,467,470,477,481,492,498,513,544,548,556,559,563,566,594,600,604,607,611,614,622,625,629,632],[10,11,13],"h1",{"id":12},"privacy-policy","[Privacy Policy]",[15,16,17],"p",{},[18,19,21],"span",{"style":20},"color: #716F6F","Last updated: March 22, 2026",[23,24,26],"h2",{"id":25},"_1-introduction","1. Introduction",[15,28,29],{},"This Privacy Policy explains how Cutio (\"we,\" \"us,\" or \"our\") collects, uses, and protects your information when you use the Cutio browser extension and related services (collectively, the \"Service\"). Cutio is an AI-powered tool that automatically detects and skips sponsor segments in YouTube videos.",[15,31,32],{},"The Service is operated by Dmitrii Brolnitskii, an independent developer. This Privacy Policy informs you about how we process your personal data when you use the Service.",[15,34,35,39,40,45,48,39,51],{},[36,37,38],"strong",{},"Contact:"," ",[41,42,44],"a",{"href":43},"mailto:support@cutio.dev","support@cutio.dev",[46,47],"br",{},[36,49,50],{},"Website:",[41,52,53],{"href":53,"rel":54},"https:\u002F\u002Fcutio.dev",[55],"nofollow",[23,57,59],{"id":58},"_2-information-we-collect","2. Information We Collect",[15,61,62,63,66,67,70,71,74],{},"When you sign in using Google OAuth, we receive and store your ",[36,64,65],{},"email address"," (used as your unique account identifier), ",[36,68,69],{},"display name",", and ",[36,72,73],{},"profile picture URL",". We do not access your Google password. Authentication is handled securely through Google's OAuth 2.0 protocol.",[15,76,77,78,81,82,85,86,89,90,93,94,97],{},"When you use the Service, we automatically collect: ",[36,79,80],{},"YouTube video IDs"," (identifiers of videos you analyze, not full URLs or browsing history), ",[36,83,84],{},"channel names"," of analyzed videos, ",[36,87,88],{},"skip events"," (segment category and duration when you skip a detected sponsor segment), ",[36,91,92],{},"analysis request metadata"," (status, AI provider\u002Fmodel used, token consumption, timestamps), and a ",[36,95,96],{},"device identifier"," (a randomly generated UUID created by the extension to manage multi-device sessions — not a hardware fingerprint).",[15,99,100,101,104],{},"You may also optionally configure your interface language, analysis filters (live recordings, music content, maximum video duration, segment categories to skip), and a custom AI provider API key. If you choose to use your own AI API key (Gemini or OpenRouter), the key is encrypted using ",[36,102,103],{},"AES-256-GCM"," authenticated encryption before storage. We never store API keys in plaintext. Keys are decrypted only at the moment of use and are never logged.",[15,106,107,108,111],{},"We do ",[36,109,110],{},"not"," collect your browsing history (only specific YouTube video IDs that you actively submit for analysis), video content (we do not download or process actual video files), IP addresses (used only transiently for rate limiting and never written to any database), cookies (authentication is token-based), or credit card and payment details (all payment processing is handled by Paddle — see Section 6).",[15,113,114,117],{},[36,115,116],{},"Data provision requirement:"," Providing your Google account information (email, name, profile picture) is necessary to create your account and use the Service — without this information, we cannot provide the Service. Providing additional data such as custom AI provider API keys is optional and not required for basic functionality.",[23,119,121],{"id":120},"_3-how-we-collect-information","3. How We Collect Information",[15,123,124],{},"When you sign in, Google shares your basic profile information (email, name, picture) with us through a secure OAuth 2.0 flow. We request only the minimum scopes required for authentication.",[15,126,127,128,130],{},"The Cutio browser extension operates on YouTube pages. It reads the current video identifier from the page URL and sends it to our API for analysis. The extension does ",[36,129,110],{}," read or access any other website data, track your browsing activity across sites, access your YouTube or Google account beyond the initial sign-in, or modify any YouTube page content beyond overlaying skip controls.",[15,132,133],{},"Our servers automatically collect operational data (request timestamps, response status codes, performance metrics) for service reliability. This data is associated with anonymized identifiers and is used for monitoring and debugging, not for profiling.",[23,135,137],{"id":136},"_4-how-we-use-your-information","4. How We Use Your Information",[15,139,140],{},"We use the information we collect for the following purposes:",[142,143,144,151,157,163,169,175,181],"ul",{},[145,146,147,150],"li",{},[36,148,149],{},"Providing the Service"," — we use video IDs and transcripts to analyze videos and detect sponsor segments. Legal basis: contractual necessity (GDPR Art. 6(1)(b)).",[145,152,153,156],{},[36,154,155],{},"Authentication"," — we use your email, name, and avatar to create and manage your account. Legal basis: contractual necessity.",[145,158,159,162],{},[36,160,161],{},"Personal statistics"," — we use skip events and usage data to display your time saved and segments skipped. Legal basis: contractual necessity.",[145,164,165,168],{},[36,166,167],{},"Usage quotas and rate limits"," — we use token usage and request counts to enforce plan limits. Legal basis: contractual necessity.",[145,170,171,174],{},[36,172,173],{},"Payment processing"," — we share your email with Paddle to facilitate subscriptions. Legal basis: contractual necessity.",[145,176,177,180],{},[36,178,179],{},"Abuse prevention and security"," — we use rate limit counters and request metadata to protect the Service. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). Our legitimate interest is to protect the Service from abuse, unauthorized access, and fraudulent activity, and to maintain service availability for all users.",[145,182,183,186],{},[36,184,185],{},"Service improvement"," — we use aggregated analytics and error logs to fix bugs and improve quality. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). Our legitimate interest is to identify and fix technical issues, improve service quality, and understand aggregate usage patterns to enhance the user experience.",[15,188,107,189,191],{},[36,190,110],{}," use your data for advertising, profiling, or selling to third parties.",[23,193,195],{"id":194},"_5-google-api-services-user-data-policy","5. Google API Services User Data Policy",[15,197,198,199,204],{},"Our use of information received from Google APIs adheres to the ",[41,200,203],{"href":201,"rel":202},"https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fapi-services-user-data-policy",[55],"Google API Services User Data Policy",", including the Limited Use requirements:",[142,206,207,210,213,216],{},[145,208,209],{},"We only use Google user data (email, name, profile picture) to provide and improve the Service as described in this Privacy Policy.",[145,211,212],{},"We do not transfer Google user data to third parties, except as necessary to provide the Service (e.g., sharing your email with Paddle for payment processing), with your consent, or as required by law.",[145,214,215],{},"We do not use Google user data for advertising or marketing purposes.",[145,217,218],{},"We do not allow humans to read your Google user data, except with your consent, for security investigations, to comply with applicable law, or when the data is aggregated and anonymized.",[23,220,222],{"id":221},"_6-third-party-services","6. Third-Party Services",[15,224,225,228,229,232,233,236,237,240,241,246,247,252],{},[36,226,227],{},"Paddle (Payment Processing)."," Payments for Cutio subscriptions are processed by ",[36,230,231],{},"Paddle.com Market Limited"," (for customers outside the United States) and ",[36,234,235],{},"Paddle.com Inc."," (for US customers), acting as our ",[36,238,239],{},"Merchant of Record",". This means Paddle is the legal seller of the subscription. We share your email address with Paddle to facilitate the transaction. Paddle independently collects payment information (credit card, billing address) directly — we never see or store your payment details. For payment data, Paddle acts as an independent data controller, not as our data processor. Paddle may set its own cookies during the checkout process. For details on how Paddle handles your data, please review the ",[41,242,245],{"href":243,"rel":244},"https:\u002F\u002Fwww.paddle.com\u002Flegal\u002Fprivacy",[55],"Paddle Privacy Policy"," and ",[41,248,251],{"href":249,"rel":250},"https:\u002F\u002Fwww.paddle.com\u002Flegal\u002Fbuyers",[55],"Paddle Buyer Terms",".",[15,254,255,258,259,261,262,246,267,252],{},[36,256,257],{},"AI Providers (Google Gemini, OpenRouter)."," To analyze video transcripts, we send YouTube video transcript text (publicly available captions), video metadata (title, duration, category — all publicly available on YouTube), and analysis instructions (a generic system prompt, not user-specific). We do ",[36,260,110],{}," send any personally identifiable information (your email, name, user ID, or IP address) to AI providers. Transcript analysis requests are not linked to your identity. If you use your own API key, requests are made directly to the provider under your own account and subject to that provider's terms. See the ",[41,263,266],{"href":264,"rel":265},"https:\u002F\u002Fai.google.dev\u002Fterms",[55],"Google AI Terms",[41,268,271],{"href":269,"rel":270},"https:\u002F\u002Fopenrouter.ai\u002Fprivacy",[55],"OpenRouter Privacy Policy",[15,273,274,277],{},[36,275,276],{},"YouTube."," We fetch publicly available video transcripts (captions) and metadata from YouTube to perform sponsor segment detection. We do not access any private YouTube data or act on behalf of your YouTube\u002FGoogle account.",[15,279,280,283,284,287],{},[36,281,282],{},"Infrastructure & Monitoring."," Our servers are hosted in the ",[36,285,286],{},"United States"," (Vultr, Atlanta). We use self-hosted monitoring tools (SigNoz) for operational observability. Monitoring data includes request traces and logs that may contain user IDs for debugging purposes. This data is stored on our own infrastructure and is not shared with third parties.",[23,289,291],{"id":290},"_7-data-retention","7. Data Retention",[142,293,294,304,310,316,322,328,334,340],{},[145,295,296,299,300,303],{},[36,297,298],{},"Account information"," (email, name, avatar) and ",[36,301,302],{},"user preferences"," are stored until you delete your account.",[145,305,306,309],{},[36,307,308],{},"Analysis results"," (cached sponsor segment timestamps) are kept for 7 days in cache and indefinitely in the database. These are shared across all users and not linked to individual accounts.",[145,311,312,315],{},[36,313,314],{},"Video transcripts and metadata"," are stored indefinitely for service improvement. They are keyed by video ID, not by user.",[145,317,318,321],{},[36,319,320],{},"Skip event statistics, token usage records, analysis history, and subscription change history"," are permanently deleted when you delete your account.",[145,323,324,327],{},[36,325,326],{},"Authentication sessions"," (refresh tokens) expire automatically after 30 days.",[145,329,330,333],{},[36,331,332],{},"Rate limiting data"," is transient and retained only for seconds to minutes.",[145,335,336,339],{},[36,337,338],{},"Operational logs and traces"," are retained for 30 days.",[145,341,342,345],{},[36,343,344],{},"Abuse prevention hash"," (retained after account deletion) is stored until you re-register, at which point it is automatically deleted. See Section 8 for details.",[23,347,349],{"id":348},"_8-account-deletion","8. Account Deletion",[15,351,352,353,252],{},"You can delete your account at any time through the extension settings (self-service). Alternatively, you may contact us at ",[36,354,355],{},[41,356,44],{"href":43},[15,358,359],{},"When your account is deleted:",[142,361,362,369,375,381,388,397],{},[145,363,364,365,368],{},"Your ",[36,366,367],{},"email, name, and profile picture"," are permanently anonymized",[145,370,364,371,374],{},[36,372,373],{},"API keys"," are permanently erased",[145,376,364,377,380],{},[36,378,379],{},"OAuth provider links"," are deleted",[145,382,383,384,387],{},"All ",[36,385,386],{},"active sessions"," are revoked",[145,389,364,390,393,394],{},[36,391,392],{},"usage statistics"," (skip counts, time saved, token usage, analysis history) are ",[36,395,396],{},"permanently deleted",[145,398,364,399,402],{},[36,400,401],{},"subscription history"," is permanently deleted",[15,404,405,408],{},[36,406,407],{},"Abuse prevention:"," To prevent quota abuse upon re-registration, we retain a one-way cryptographic hash (SHA-256) of your OAuth provider identity along with your server-side token usage for the current billing period. This hash cannot be reversed to recover your email or profile information. It is automatically deleted if you create a new account.",[15,410,411],{},"Cached video analysis results (sponsor segment timestamps) are shared across all users and are not linked to individual accounts. These are retained after account deletion as they contain no personal information.",[23,413,415],{"id":414},"_9-data-security","9. Data Security",[15,417,418],{},"We implement the following security measures to protect your data:",[142,420,421,427,433,439,445],{},[145,422,423,426],{},[36,424,425],{},"Encryption in transit:"," All communications between the extension, our API, and third-party services use TLS (HTTPS)",[145,428,429,432],{},[36,430,431],{},"Encryption at rest:"," User API keys are encrypted with AES-256-GCM authenticated encryption",[145,434,435,438],{},[36,436,437],{},"Token-based authentication:"," Short-lived JWT access tokens (1 hour) with rotating refresh tokens (30 days)",[145,440,441,444],{},[36,442,443],{},"Rate limiting:"," Protection against brute-force and abuse attacks",[145,446,447,450],{},[36,448,449],{},"No plaintext secrets:"," API keys and tokens are never logged or stored in plaintext",[15,452,453],{},"While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.",[15,455,456],{},"In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay via the email address associated with your account, as required by GDPR Article 34.",[23,458,460],{"id":459},"_10-international-data-transfers","10. International Data Transfers",[15,462,463,464,466],{},"Our servers are located in the ",[36,465,286],{}," (Atlanta). If you access the Service from outside the United States, your data will be transferred to and processed in the US. For transfers of personal data from the European Economic Area (EEA) to the United States, we rely on the EU-US Data Privacy Framework and, where applicable, EU Standard Contractual Clauses (SCCs) as appropriate safeguards under GDPR Chapter V.",[15,468,469],{},"When we use third-party AI providers (Google Gemini, OpenRouter), video transcript data (which does not contain personal information) may be processed in the United States or other countries where these providers operate. As this data does not contain personal information, GDPR data transfer restrictions do not apply to these transfers.",[15,471,472,473,252],{},"Payment data processed by Paddle may be transferred internationally by Paddle as an independent data controller, subject to appropriate safeguards including EU Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework, as described in ",[41,474,476],{"href":243,"rel":475},[55],"Paddle's Privacy Policy",[23,478,480],{"id":479},"_11-your-rights","11. Your Rights",[15,482,483,486,487,491],{},[36,484,485],{},"If you are located in the European Economic Area (GDPR)",", you have the right to: access a copy of the personal data we hold about you, rectify inaccurate data, erase your personal data (\"right to be forgotten\"), restrict the processing of your data, receive your data in a structured and machine-readable format (data portability), object to processing based on legitimate interest, and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at ",[36,488,489],{},[41,490,44],{"href":43},". We will respond within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.",[15,493,494,497],{},[36,495,496],{},"Automated decision-making:"," We do not engage in automated individual decision-making or profiling as defined by Article 22 of the GDPR. While Cutio uses AI to analyze video transcripts, this processing is applied to publicly available video content and does not produce legal effects or similarly significant effects concerning you.",[15,499,500,503,504,508,509,512],{},[36,501,502],{},"If you are a California resident (CCPA\u002FCPRA)",", you have the right to: know what personal information we collect, use, and disclose; delete your personal information; opt out of sale of personal information; not be discriminated against for exercising your rights; correct inaccurate personal information; and limit the use of sensitive personal information. To exercise these rights, contact us at ",[36,505,506],{},[41,507,44],{"href":43},". ",[36,510,511],{},"We do not sell or share your personal information"," as defined by the California Consumer Privacy Act.",[15,514,515,516,519,520,523,524,527,528,531,532,535,536,539,540,543],{},"In the preceding 12 months, we have collected the following categories of personal information: ",[36,517,518],{},"identifiers"," (email address, name, profile picture, device identifier), ",[36,521,522],{},"internet or other electronic network activity information"," (YouTube video IDs analyzed, skip events, usage metadata), and ",[36,525,526],{},"commercial information"," (subscription status, token usage). These categories are collected from: ",[36,529,530],{},"you directly"," (account registration, service usage) and ",[36,533,534],{},"third-party sources"," (Google OAuth for profile information). We use this information for the business purposes described in Section 4. We disclose identifiers to ",[36,537,538],{},"Paddle"," (for payment processing) and send non-personal video transcript data to ",[36,541,542],{},"AI providers",". We have not sold or shared personal information in the preceding 12 months.",[23,545,547],{"id":546},"_12-childrens-privacy","12. Children's Privacy",[15,549,550,551,555],{},"The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us at ",[36,552,553],{},[41,554,44],{"href":43},", and we will promptly delete such information.",[15,557,558],{},"Using the Service requires a Google account, which itself requires users to meet Google's minimum age requirements.",[23,560,562],{"id":561},"_13-browser-extension-permissions","13. Browser Extension Permissions",[15,564,565],{},"The Cutio browser extension requests only the permissions necessary for its functionality:",[142,567,568,579,585],{},[145,569,570,573,574,578],{},[36,571,572],{},"Access to YouTube pages"," (",[575,576,577],"code",{},"*:\u002F\u002F*.youtube.com\u002F*",") — to read the current video ID and initiate analysis.",[145,580,581,584],{},[36,582,583],{},"Storage"," — to save your authentication token and extension preferences locally on your device.",[145,586,587,593],{},[36,588,589,590],{},"Network requests to ",[575,591,592],{},"cutio.dev"," — to communicate with our API for video analysis and authentication.",[15,595,596,597,599],{},"The extension does ",[36,598,110],{}," request access to all websites, your browsing history, or any data beyond what is described above.",[23,601,603],{"id":602},"_14-do-not-track","14. Do Not Track",[15,605,606],{},"Our Service does not currently respond to \"Do Not Track\" (DNT) browser signals, as there is no industry-standard technology for honoring DNT in this context. However, we do not track users across third-party websites regardless of DNT settings.",[23,608,610],{"id":609},"_15-changes-to-this-privacy-policy","15. Changes to This Privacy Policy",[15,612,613],{},"We may update this Privacy Policy from time to time. When we make significant changes, we will:",[142,615,616,619],{},[145,617,618],{},"Update the \"Last updated\" date at the top of this page",[145,620,621],{},"Notify users through the extension or via email for material changes",[15,623,624],{},"Your continued use of the Service after changes are posted constitutes acknowledgment of the updated Privacy Policy.",[23,626,628],{"id":627},"_16-contact-us","16. Contact Us",[15,630,631],{},"If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:",[15,633,634,637,639,640,642,644,645],{},[36,635,636],{},"Dmitrii Brolnitskii",[46,638],{},"\nEmail: ",[41,641,44],{"href":43},[46,643],{},"\nWebsite: ",[41,646,53],{"href":53,"rel":647},[55],{"title":649,"searchDepth":650,"depth":650,"links":651},"",2,[652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667],{"id":25,"depth":650,"text":26},{"id":58,"depth":650,"text":59},{"id":120,"depth":650,"text":121},{"id":136,"depth":650,"text":137},{"id":194,"depth":650,"text":195},{"id":221,"depth":650,"text":222},{"id":290,"depth":650,"text":291},{"id":348,"depth":650,"text":349},{"id":414,"depth":650,"text":415},{"id":459,"depth":650,"text":460},{"id":479,"depth":650,"text":480},{"id":546,"depth":650,"text":547},{"id":561,"depth":650,"text":562},{"id":602,"depth":650,"text":603},{"id":609,"depth":650,"text":610},{"id":627,"depth":650,"text":628},"Cutio Privacy Policy","md",{},true,"\u002Fprivacy",{"title":5,"description":668},"privacy","SCVawrsz-LrWzFK50W4_RLy8xiiLluRWkHERpLZ6gXI",1774372964584]