Skip to content

Privacy Policy

Effective date: 12 October 2025

1. Introduction

NextBlitz is privacy‑respectful and data‑minimal. This Policy explains what we collect, how we use and share it, and your rights under GDPR/UK GDPR, CCPA/CPRA, and other laws.

2. Controller & Contact

NextBlitz is the controller. Contact: privacy@nextblitz.com.

3A. Our Creator Data Promises

  • No training on your Inputs or Outputs; vendors configured to disable training where available.
  • Ephemeral by default; only saved if you choose to save a project.
  • No human review unless you grant time‑limited, logged support access.
  • Clear exits: disconnect YouTube and delete stored YouTube‑derived data in‑app; we honor Google revocations within 7 days.

4. Why We Use Data (Legal Bases)

  • Provide/improve the Service (contract/legitimate interests)
  • Personalize suggestions (consent/legitimate interests; YouTube is opt‑in)
  • Billing (contract/legal obligations)
  • Security/fraud (legitimate interests/legal obligations)
  • Compliance and enforcement (legal obligations/legitimate interests)
  • Service communications (contract/legitimate interests); marketing only with consent

5. YouTube API Services Disclosures

  • We use YouTube API Services. By enabling, you also agree to YouTube TOS and Google Privacy Policy.
  • Revoke access anytime via in‑app or Google settings.
  • Retention/refresh: verify authorization every 30 days; refresh or delete stored API data after 30 days as required.
  • User‑requested deletion: delete stored YouTube data as soon as possible and within 7 days.

6. AI Provider Disclosures

  • OpenAI: API data not used for training by default; short‑term logging for abuse monitoring.
  • Google Gemini: Paid services do not use prompts/responses to improve Google products; limited policy‑enforcement logs.
  • Anthropic Claude: commercial API handling; no training via our integration; usage policy enforced.

7. Sharing

Processors/vendors (hosting/CDN, analytics, email/support, AI providers), and Paddle for billing. Legal/safety as required. No sale of personal information.

8. International Transfers

Transfers outside EEA/UK rely on SCCs or equivalent safeguards, or your consent.

9. Retention

We keep data only as long as needed: ephemeral sessions unless saved; OAuth tokens short‑lived; billing per statute.

10. Security

TLS/HTTPS; secure headers; secret management; role‑based access; least privilege; periodic access reviews.

11. Your Rights

  • GDPR/UK: access, correction, deletion, restriction, portability, objection; withdraw consent anytime.
  • CCPA/CPRA: know, delete, correct, limit sensitive data, and opt out of sale/share (we do not sell).

12. Children

Not directed to children under 13 (or higher local age). We do not knowingly collect children’s data.

13. Changes

We will post updates and adjust the effective date; we’ll notify you of material changes.

Questions? Email support@nextblitz.ai. Last updated: 12 October 2025