Privacy Policy

Last updated: 13 May 2026

TranscriptGrab ("we", "us") provides AI-powered tools that turn public videos into written content. This page explains what we collect, why, and your rights. We aim to collect as little personal data as possible.

1. Information we collect

Account information

When you sign in with Google, we receive your email address, name, and profile picture. We use this to identify your account, send important service emails, and display your name in the app.

Usage data

We store the video URLs you submit, the transcripts we extract, and the content we generate for you. This is so you can revisit your work in your library. We do not sell or share this data.

Brand Voice profiles (Pro)

If you save a Brand Voice profile, we store the product description and tone notes you provide. This is sent to our AI model with each generation so output stays on-brand.

Payment data

Payments are processed by Stripe. We never see or store your full card details. We retain a Stripe customer ID and subscription status to manage your account.

Connected social accounts (Pro)

If you connect X (Twitter) or Facebook for scheduled posting, we store OAuth tokens issued by those platforms. We use these tokens only to publish posts you explicitly schedule. You can disconnect at any time from the Workspace.

Cookies

We use a single HttpOnly session cookie (tg_session) to keep you signed in. We do not use third-party advertising or tracking cookies. We use Vercel Analytics for aggregate page-view counts, which does not use cookies and does not track individuals.

2. How we use your information

• To run the service: extract transcripts, generate content, save your library.
• To process payments and manage subscriptions.
• To prevent abuse and enforce usage limits.
• To respond to support requests.

We do not use your content to train AI models. We do not sell your data to anyone, ever.

3. Third parties we share data with

• Google — sign-in only.
• Stripe — payment processing.
• Google (Gemini) — receives the transcript and your Brand Voice profile to generate content. Google does not retain inputs for training under their API terms.
• Supadata — fetches the transcript from the source platform.
• Upstash (QStash) — schedules delayed posts.
• X (Twitter), Meta (Facebook) — receives the post content you schedule, on your behalf.
• Vercel — our hosting provider.
• Neon — our database provider.

4. Data retention

Generated content stays in your library until you delete it or close your account. Sessions expire after 30 days of inactivity. Stripe records are retained as required by law (typically 7 years).

5. Your rights

You can:

• Delete any generation from your Workspace at any time.
• Disconnect any social account at any time.
• Cancel your subscription at any time from your account dropdown.
• Request a full export or deletion of your account data by emailing [CONTACT_EMAIL].

If you are in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA, including the right to object to processing and the right to lodge a complaint with your local supervisory authority.

6. Security

Sessions are HttpOnly and rotated regularly. Passwords are never stored — sign-in is delegated to Google. All traffic is HTTPS. We follow industry-standard practices but cannot guarantee absolute security.

7. Children

TranscriptGrab is not intended for anyone under 16. We do not knowingly collect data from children.

8. Changes

If we materially change this policy, we will update the "Last updated" date and, where appropriate, notify you by email.

9. Contact

Questions about this policy or your data? Email [CONTACT_EMAIL].