← BACK TO SOURCEDECK● LEGAL
Privacy Policy
Last updated: February 2026 · Compliant with the DPDPA 2023 (India) and GDPR principles
Data we collect
- ·Google account profile (name, email, picture) — via Google OAuth. Required for login.
- ·YouTube channel data (subscribers, views, recent uploads) — only if you connect it.
- ·Spotify listening data (top tracks, artists, saved shows) — only if you connect it.
- ·Content you create in SourceDeck: projects, scripts, sponsor deals.
- ·Payment metadata (transaction ID, amount, plan) — payment card data is handled by Razorpay, we never see it.
- ·Basic logs (IP address, timestamps) for security and debugging. Rotated on a rolling basis.
How we use it
- ·To provide the service (auth, analytics, AI outputs, sponsor tracking).
- ·To process payments (Razorpay) and manage subscriptions.
- ·To generate AI outputs — your content and channel data are sent to third-party AI providers (Anthropic Claude) under our commercial contract. AI providers do not retain your data for model training.
- ·Product improvement — aggregate, anonymized usage data only.
What we don't do
- ·We do not sell your data. Ever.
- ·We do not use your content to train AI models.
- ·We do not send unsolicited marketing emails.
- ·We do not read the emails your users draft with our AI unless you explicitly submit them to us for a support request.
Data location & security
Data is stored in secure managed databases with encryption at rest and TLS in transit. Access is restricted to authorized personnel. We follow the principle of least privilege internally.
Your rights (DPDPA / GDPR)
- ·Access — request a copy of your data.
- ·Correction — fix anything wrong.
- ·Deletion — delete your account and all associated data.
- ·Portability — export your projects, scripts, sponsors as JSON.
- ·Revoke integration access — disconnect Google/Spotify from Analytics page anytime.
Exercise any of these by contacting us — see Contact page.
Cookies
We use one first-party session cookie (session_token) to keep you logged in. It's httpOnly, secure, SameSite=None. No tracking cookies, no third-party pixels.
Changes
We'll notify you via email or an in-app banner if this policy changes materially.