Privacy policy

Condense helps you follow YouTube channels you care about, fetch caption transcripts for videos, and generate structured summaries and timestamped "moments" grounded in those captions. You can sign in with Google (identity first) or email; if you choose to import from YouTube, we request read-only YouTube access for that step. You can also track channels without linking YouTube, using public metadata where the deployment is configured with a YouTube Data API key.

The data controller for a given Condense deployment is whoever operates that deployment (for example, the person or company that hosts the app and database). If you use someone else's instance, they are responsible for how it is run; this policy describes what the software is designed to collect and process.

For this deployment, privacy-related requests may be sent to ra.boltshauser3@gmail.com.

If you use Google sign-in or connect YouTube, Condense accesses Google user data as described below. This disclosure is provided to meet the Google API Services User Data Policy and related requirements for apps that use Google APIs.

Data accessed

Depending on what you authorize, we may access:

• Account identification and profile (when you sign in with Google using OpenID Connect): your Google account subject identifier, email address, and basic profile fields (such as name and profile image URL) as returned by Google's userinfo.email and userinfo.profile scopes, plus openid.
• OAuth tokens issued by Google (access token and, where provided, refresh token) stored on our servers after you consent, so we can call Google APIs you have approved on your behalf until you revoke access or we delete your account data.
• YouTube subscriptions and metadata when you explicitly connect YouTube or import subscriptions: read-only access via https://www.googleapis.com/auth/youtube.readonly so we can list the channels you subscribe to on YouTube and keep channel and video metadata (for example channel and video identifiers, titles, thumbnails, publish times) through the YouTube Data API v3. For accounts that never grant this scope, we may still show public channel and video metadata using a server-side API key where the deployment is configured for it.

Data usage

We use Google user data only to provide and improve Condense:

• Authentication and account linking: create your Condense user, sign you in, and associate your saved channels, lists, summaries, and settings with your account.
• YouTube subscription sync: import and refresh the list of channels you follow on YouTube so you can curate your feed inside Condense. We do not upload videos, post comments, change subscriptions on YouTube, or otherwise modify your YouTube account.
• Product experience: display channel titles, artwork, and video information in the interface.
• No ads profile from Google data: we do not use Google user data to build cross-app advertising profiles and we do not sell that data.

Data sharing

Google OAuth tokens and sign-in secrets are not sold. They are stored in our application database and used only on our servers to call Google APIs you authorized. We do not transmit your OAuth tokens or Google passwords to model providers for AI summarization.

Infrastructure subprocessors may process stored account data (including fields received from Google and API responses) solely to host the app and database—for example PostgreSQL hosting (commonly Neon) and application hosting (commonly Vercel)—under our instructions and their terms.

AI summarization: when you run Condense's summary feature, we send the video title, caption / transcript text (and optional instructions you type) to an AI model via Vercel AI Gateway. That content reflects public or product-derived video text, not your Google sign-in credentials. The configured model provider processes prompt content only to return the summary.

Optional transcript providers: if Supadata is configured for a deployment, a video identifier may be sent to Supadata so their service can return transcript data (see Transcripts).

Data storage and protection

• Data in transit between your browser and Condense is protected using HTTPS/TLS.
• Account fields from Google, OAuth tokens, and synced YouTube metadata are stored in our database; access is limited to application servers and operational practices appropriate to the host environment.
• Google API client secrets and server keys are kept in server-side configuration, not exposed to the client bundle.
• Authentication uses secure cookies as implemented by our auth layer (Better Auth / Next.js).

Data retention and deletion

We retain Google-derived account data, OAuth tokens, and YouTube sync metadata while your account is active and as needed to provide the service, unless a longer period is required by law.

Deletion requests: email ra.boltshauser3@gmail.com with the subject line "Data deletion request", the email address you use with Condense, and whether you signed in with Google, so we can verify and process your request. We aim to complete verified deletion within thirty (30) days unless we must retain certain information to meet legal obligations (for example tax or fraud records).

Google's use of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements.

We process the following when you create or use an account:

• Email and password sign-in: email address, name, and a salted password hash stored in our database (we do not store your password in plain text).
• Google sign-in: see Google user data for the categories of Google data we access and how we use them; operationally we store profile identifiers, email, name, and OAuth tokens to call Google APIs you approve (including read-only YouTube when you grant it).
• Sessions: session tokens in cookies, plus session records that may include IP address and user agent string as stored by our authentication layer.

Product behavior for YouTube (scopes, read-only use, optional API key for public metadata) is covered in detail under Google user data. In short: we only request read-only YouTube access when you choose to connect or import subscriptions, and we do not modify your YouTube account.

To build summaries, we obtain caption text for videos. Depending on configuration, transcript text may be retrieved by:

• Requesting timed text from YouTube's public caption endpoints (server-side), or
• When a Supadata API key is configured, sending the video identifier to Supadata so their service can return transcript data.

Transcript segments and metadata are stored in our database so we do not refetch them for every view and so summaries remain consistent.

When you generate a "condense", we send the video title and transcript text (and optional focus instructions you provide) to an AI model through Vercel AI Gateway using an API key configured on the server. The default model identifier in code is openai/gpt-4o-mini; the operator may configure a different gateway-supported model. The model provider (for example OpenAI or Anthropic, depending on configuration) receives the prompt content needed to produce the summary.

Generated thesis, bullets, insights, and related metadata are stored in our database. We also record usage rows tied to your account for quota and billing logic.

If you use share links, anyone who has the URL can load the shared summary and related video presentation data served by Condense. Do not share links for content you are not allowed to redistribute.

Paid plans are processed with Stripe. We store Stripe customer and subscription identifiers and status in our database as required to provide access. Payment card details are handled by Stripe, not stored by Condense.

Typical infrastructure used by this software includes:

• PostgreSQL (commonly Neon) for application data.
• Vercel AI Gateway for routing AI requests.
• Google / YouTube for sign-in and read-only YouTube Data API calls.
• Supadata (optional) for transcript retrieval when configured.
• Stripe for subscriptions when enabled.

The application code does not embed third-party marketing or analytics SDKs (such as advertising or product-analytics trackers). Server logs from your hosting provider may still collect technical data (for example request metadata) according to that provider's practices.

We use cookies and similar storage required for authentication (session cookies managed by Better Auth / Next.js). There are no advertising cookies in the application code.

We retain account and application data while your account exists and as needed to operate the service (for example cached transcripts and summaries, subscription sync state). Operators may implement additional backup or deletion policies on top of this software.

For Google-related data, retention and how to request deletion are described under Data retention and deletion in Google user data.

Depending on where you live, you may have rights to access, correct, delete, or export personal data, or to object to or restrict certain processing. The operator of your deployment is responsible for honoring applicable requests.

There is no in-app self-service "delete my account" control in this product version; use the process in Data retention and deletion (email the privacy contact when configured) or contact the deployment operator. Disconnecting Condense in your Google Account third-party access stops new Google API calls but does not remove data already stored in Condense.

Condense is not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

We may update this policy when the product changes. The effective date at the top will be revised when we do.