Privacy Policy

Information We Collect

When you create an account, we collect your email address and, if you pay, billing information processed entirely by Paddle (our merchant of record). We never store your credit card details.

When you connect a YouTube channel, we store the channel ID and the metadata of your Shorts (video ID, title, thumbnail URL, duration). We do not download, host, or transcode any video files. All video playback is served directly by YouTube.

When visitors view an embedded widget on your website, we collect anonymized event data (plays, pauses, CTA clicks) and aggregate them into your analytics dashboard. We do not use cookies on end-user sites and we do not build individual visitor profiles.

How We Use Your Information

We use your email to send account notifications, product updates, and (if you opt in) marketing emails. You can unsubscribe at any time.

We use YouTube channel data solely to fetch and display your Shorts in the widget. We do not analyze, sell, or share your channel content with third parties.

Aggregated, anonymized widget analytics are used to power your dashboard. Raw events are retained for 90 days, then purged.

Third-Party Services

EmbedShorts uses the following sub-processors:

• Supabase — database and authentication (EU servers, SOC 2 Type II) • Paddle — payment processing and tax compliance (as merchant of record) • Vercel — hosting and edge delivery • Google / YouTube — video playback (YouTube IFrame API, subject to Google's Privacy Policy) • Microsoft Clarity — session analytics (aggregated, no PII shared) • Google Analytics 4 — website analytics (anonymized IP)

Each processor is bound by a data processing agreement and may not use your data for their own purposes.

Data Retention

Account data is retained for the lifetime of your account plus 30 days after deletion (to allow recovery). Billing records are retained for 7 years as required by tax law and handled by Paddle.

Widget event data is retained for 90 days. Aggregated metrics (charts, totals) are retained indefinitely.

Your Rights

If you are in the EU/EEA or UK, you have rights under GDPR/UK GDPR including access, rectification, erasure, restriction, portability, and objection. If you are in California, you have rights under CCPA.

To exercise any right, email privacy@embedshorts.com. We will respond within 30 days.

You may delete your account at any time from Settings → Account. This permanently removes your data from our systems within 30 days.

Cookies

On embedshorts.com we use strictly necessary cookies (session management) and, with your consent, analytics cookies (Google Analytics 4, Microsoft Clarity). You can withdraw consent at any time via the cookie banner.

The EmbedShorts widget embedded on third-party websites does not set any cookies by default. YouTube's IFrame player may set its own cookies subject to YouTube's privacy policy.

Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Customer data is isolated at the database level — one customer cannot access another's data. We conduct regular security reviews and promptly investigate any reported vulnerabilities.

To report a security issue, email security@embedshorts.com.

Changes to This Policy

We may update this policy as our product evolves. Material changes will be communicated by email at least 14 days in advance. The "last updated" date below always reflects the current version.