Privacy Policy
Learn about how we collect, use, and protect your personal information at Poix.
Effective Date: November 8, 2024
1. Introduction
Welcome to Poix. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our services. By using Poix, you consent to the practices described in this policy.
2. Definition of Key Terms
- Personal Information: Any information that can be used to identify an individual, directly or indirectly.
- Services: The products, features, tools, software, and all related services provided by Poix.
- Cookies: Small pieces of data stored on a user's device by the web browser while browsing a website.
- Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, or erasure.
3. Information We Collect
3.1 Personal Information
We collect the following types of personal information:
- Name
- Email address
- Logs of API requests you make to our service, including the specific endpoints accessed, request parameters, and response data
3.2 Payment Information
We use Stripe to process payments for our services. While we do not store your payment card information directly, we do retain:
- Stripe customer ID
- Transaction IDs
This information is used for accounting and customer support purposes.
3.3 Authentication Information
We utilize GitHub for user authentication. When you sign in to our service, we:
- Create a new user account or assign permissions to an existing account based on your GitHub email address
3.4 Usage Information
We collect information about how you use our service, including:
- Tokens you create and when they were last used
- Logs of your API requests, including the specific endpoints accessed, request parameters, and response data
This usage information helps us improve and optimize our service to better meet your needs.
3.5 YouTube Data Usage
We access YouTube data through the official YouTube Data API Services. We only collect and process publicly available YouTube data in accordance with:
- YouTube Terms of Service (https://www.youtube.com/t/terms)
- Google Privacy Policy (https://policies.google.com/privacy)
- YouTube API Services Terms of Service (https://developers.google.com/youtube/terms/api-services-terms-of-service)
The YouTube data we access includes:
- Public video information (titles, descriptions, view counts, etc.)
- Public channel information
- Public playlist information
- Other publicly available metadata
We do not:
- Access or collect private YouTube user data
- Modify any YouTube content
- Store YouTube credentials
- Manipulate YouTube metrics or engagement
4. Legal Basis for Processing Personal Information
We process your personal information based on the following legal grounds:
- Consent: When you explicitly agree to the processing of your data for specific purposes.
- Contractual Necessity: When processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
- Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
- Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
5. How We Use Your Information
We use the collected information for the following purposes:
- To provide and maintain our service
- To process payments and manage your account
- To improve and optimize our service by analyzing usage patterns and trends
- To communicate with you about your account and our services
- To detect, prevent, and address technical issues
- To comply with legal obligations
6. Consent Mechanisms
We obtain your consent for data collection and processing in the following ways:
- When you create an account or sign up for our services, you explicitly agree to our Privacy Policy and Terms of Service.
- For non-essential cookies and marketing communications, we use a clear opt-in mechanism.
- You can withdraw your consent at any time by contacting us or using the unsubscribe options provided in our communications.
7. User Rights Under Specific Laws
7.1 Rights under GDPR (for EU users)
If you are a resident of the European Economic Area (EEA), you have the following rights:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making and profiling
7.2 Rights under CCPA (for California residents)
If you are a California resident, you have the following rights:
- Right to know
- Right to delete
- Right to opt-out of sale
- Right to non-discrimination
To exercise these rights, please contact us using the information provided in the "Contact Us" section below.
8. Data Protection Officer (DPO) Contact Information
Our Data Protection Officer can be contacted at:
Email: support@poix.io
9. Data Storage and Security
9.1 Data Storage
We store your personal information and logs about API requests you make in secure, encrypted databases. We take appropriate measures, including the use of industry-standard encryption and access controls, to protect this data from unauthorized access or disclosure.
9.2 Security Measures
We implement the following security measures to protect your data:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection and security best practices
- Regular software updates and patch management
9.3 Cookies
We use session cookies to store user session information, such as your login status and preferences. These cookies are essential for providing you with a seamless and personalized experience as you navigate our service.
10. Third-Party Data Sharing and Processing
We share your data with the following third-party service providers:
10.1 Payment Processing
We use Stripe for payment processing. Please refer to Stripe's privacy policy for information on how they handle your payment data.
10.2 Authentication
We use GitHub as an authentication method. When you use GitHub to sign in, we create a new user or assign existing user permissions based on your GitHub email.
10.3 Analytics
We use the following services to track user activity:
- Cloudflare Analytics for website activity
- Vercel Analytics for API activity
Please refer to the respective privacy policies of these services for more information on how they handle your data.
10.4 Deployment
We use GitHub CI/CD to deploy the website and API.
10.5 YouTube Data Processing
Our use of YouTube API Services is in strict compliance with YouTube's terms of service and API policies. Specifically:
a) Data Access and Usage:
- We only access publicly available YouTube data through official API channels
- We respect YouTube's quota limitations and API guidelines
- We maintain appropriate security measures to protect accessed data
b) YouTube User Privacy:
- We do not collect or store personal information of YouTube users
- We do not attempt to identify individual YouTube users
- We do not combine YouTube data with other data sources to identify individuals
c) Service Limitations:
- Our service provides analysis and insights based solely on public YouTube data
- We do not modify, manipulate, or misrepresent YouTube content or metrics
- We do not enable unauthorized modification of YouTube content
d) Google Privacy Policy and Terms: Users of our service who interact with YouTube data through our platform should review:
- Google Privacy Policy: https://policies.google.com/privacy
- YouTube Terms of Service: https://www.youtube.com/t/terms
11. International Data Transfers
Your information may be transferred to and processed in countries other than the country in which you reside, including the United States. These countries may have data protection laws that are different from the laws of your country. We use appropriate safeguards, such as Standard Contractual Clauses, to ensure the security and confidentiality of your data when it is transferred internationally.
12. Data Retention Policies
We retain your personal information and usage data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:
- Account information: Retained for the duration of your account plus 30 days after account closure
- Payment information: Retained for 7 years for tax and accounting purposes
- Usage logs: Retained for 90 days for security and troubleshooting purposes
We regularly review and delete data that is no longer needed to provide our services or to comply with legal obligations.
13. Children's Privacy
Our service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.
14. Procedure for Policy Changes
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
- Posting the new Privacy Policy on this page
- Updating the "Effective Date" at the top of this policy
- Sending an email notification to users who have provided us with their email address
We encourage you to review this Privacy Policy periodically for any changes. Continued use of our service after the changes take effect constitutes acceptance of the updated policy.
15. Opt-Out and Unsubscribe Mechanisms
You can opt-out of non-essential data processing or unsubscribe from our communications in the following ways:
- Click the "Unsubscribe" link in our email communications
- Adjust your preferences in your account settings
- Contact us directly using the information provided in the "Contact Us" section
16. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
17. Data Breach Notification Procedures
In the event of a data breach that affects your personal information, we will:
- Assess the nature and scope of the breach
- Take immediate steps to contain and mitigate the breach
- Notify affected individuals without undue delay, typically within 72 hours of becoming aware of the breach
- Provide information on the nature of the breach, likely consequences, and measures taken or proposed to address the breach
- Notify relevant authorities as required by applicable laws
18. Links to Third-Party Websites
Our service may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to review the privacy policies of any third-party sites you visit.
19. User Responsibility
You are responsible for:
- Keeping your login credentials secure
- Notifying us immediately of any unauthorized use of your account
- Ensuring that the information you provide to us is accurate and up-to-date
20. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of [Your Jurisdiction]. Any disputes relating to this policy will be subject to the exclusive jurisdiction of the courts in [Your Jurisdiction].
21. Accessibility of the Privacy Policy
This Privacy Policy is available in multiple languages and accessible formats. If you require this policy in a different format or language, please contact us using the information provided in the "Contact Us" section.
22. Feedback Mechanism
We welcome your feedback on this Privacy Policy and our data practices. To provide feedback, please contact us using the information provided in the "Contact Us" section.
23. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Email: support@poix.io
We will respond to your inquiry as soon as possible and will make every effort to resolve any concerns you may have.
Thank you for trusting Poix with your personal information. We are committed to protecting your privacy and providing you with a secure and reliable service.