Skip to content

Privacy Policy

Effective date: 12 October 2025

1. Introduction

NextBlitz is privacy-respectful and data-minimal. This Policy explains what we collect, how we use and share it, and your rights under GDPR/UK GDPR, CCPA/CPRA, and other laws.

2. Controller & Contact

NextBlitz is the controller. Contact: support@nextblitz.ai.

3A. Our Creator Data Promises

  • No training on your Inputs or Outputs; vendors configured to disable training where available.
  • Ephemeral by default; only saved if you choose to save a project.
  • No human review unless you grant time-limited, logged support access.
  • Clear exits: revoke YouTube access from your Google account or delete your account/data in-app; we honor Google revocations and deletion requests within 30 days.

4. Why We Use Data (Legal Bases)

  • Provide/improve the Service (contract/legitimate interests)
  • Personalize suggestions (consent/legitimate interests; YouTube is opt-in)
  • Billing (contract/legal obligations)
  • Security/fraud (legitimate interests/legal obligations)
  • Compliance and enforcement (legal obligations/legitimate interests)
  • Service communications (contract/legitimate interests); marketing only with consent

5. YouTube API Services Disclosures

NextBlitz uses YouTube API Services. By connecting YouTube, you also agree to the YouTube Terms of Service, the YouTube API Services Terms of Service, and the Google Privacy Policy.

  • Terms: YouTube Terms of Service and YouTube API Services Terms of Service.
  • Google Privacy Policy: policies.google.com/privacy.
  • Revoke access any time from your Google account: myaccount.google.com/permissions.
  • Data collected when granted: channel metadata, video metadata, titles, descriptions, thumbnails, publish dates, comments on your own videos, and YouTube Analytics reports/performance patterns if granted/available.
  • Use of YouTube data: channel-aware ideas, scripts, titles, packaging feedback, analytics, and insights.
  • Limited Use: We do not use YouTube API Services data to train or improve generalized AI or machine learning models. YouTube data is used only to provide user-facing creator features requested by the user.
  • What we do not do: we do not upload videos, edit videos, delete videos, or change channel settings.
  • Retention/refresh: verify authorization every 30 days; refresh or delete stored API data after 30 days as required.
  • User-requested deletion: delete stored YouTube data as soon as possible and within 30 days.

6. AI Provider Disclosures

  • OpenAI: API data not used for training by default; short-term logging for abuse monitoring.
  • Google Gemini: Paid services do not use prompts/responses to improve Google products; limited policy-enforcement logs.
  • Anthropic Claude: commercial API handling; no training via our integration; usage policy enforced.

7. Sharing

Processors/vendors (hosting/CDN, analytics, email/support, AI providers), and Paddle for billing. Legal/safety as required. No sale of personal information.

8. International Transfers

Transfers outside EEA/UK rely on SCCs or equivalent safeguards, or your consent.

9. Retention

We keep data only as long as needed: ephemeral sessions unless saved; OAuth access tokens are short-lived. Refresh tokens are encrypted at rest and retained until you disconnect YouTube, revoke access, or delete your account. Billing records are retained per statute.

10. Security

TLS/HTTPS; secure headers; secret management; role-based access; least privilege; periodic access reviews.

11. Your Rights

  • GDPR/UK: access, correction, deletion, restriction, portability, objection; withdraw consent anytime.
  • CCPA/CPRA: know, delete, correct, limit sensitive data, and opt out of sale/share (we do not sell).

12. Children

Not directed to children under 13 (or higher local age). We do not knowingly collect children's data.

13. Changes

We will post updates and adjust the effective date; we will notify you of material changes.

Questions? Email support@nextblitz.ai. Last updated: 12 October 2025