Privacy Policy

Summary

YouTubeTranscriptGenerator.io ("we", "us") lets anyone extract YouTube transcripts free of charge. Optional features (AI-powered summaries and content generation) require a paid Pro account. We do not run third-party analytics or advertising trackers and we do not sell personal information. The sections below explain exactly what data we handle, both for anonymous visitors and for users with an account.

1. Information you give us

YouTube URLs and video IDs.When you submit a YouTube URL, we extract the video ID from it. We pass the video ID to YouTube's caption endpoint to retrieve the transcript and, if you choose, to a machine-translation provider. We do not require the URL to be associated with you in any way.

Contact emails. If you email us at [email protected] we will receive the message and any information you choose to include. We use it only to respond to you.

Account details (optional).If you create an account we store your email address, a bcrypt-hashed password, and (if you use "Sign in with Google") your Google profile display name and avatar URL. We never see or store your raw password.

Payment details (Pro plan only). When you subscribe, payment is processed by Stripe. Stripe collects and processes your card number, expiry, billing address, and any tax information required by law. We do NOT see or store your card number — we only receive a Stripe customer ID, a subscription ID, the plan you chose, its status, and the renewal date. Stripe's own privacy policy governs the card data they handle.

2. Information collected automatically

Server logs. Like most websites, our server records standard request information (IP address, user-agent string, referring URL, requested path, response status, timestamp). We use these logs to diagnose errors, prevent abuse, and monitor uptime.

Network provider (Cloudflare).Our site is fronted by Cloudflare, which records similar request metadata to protect the service against attacks and to deliver content efficiently. See Cloudflare's privacy policy.

Transcript cache.To keep the service fast and free, we cache extracted transcripts and translations on our server keyed by YouTube video ID and target language. The cache contains public caption text and the video's public title — it does not contain anything that identifies you.

3. Cookies and tracking

We do not set advertising or analytics cookies. Cloudflare may set a small number of technical cookies necessary for bot mitigation and load balancing. We do not use Google Analytics, Facebook Pixel, or similar trackers at this time. If we add analytics in the future, we will update this page and obtain consent where required.

Authentication cookie.If you log in, we set a single HttpOnly "authjs.session-token" cookie that identifies you on subsequent requests. It is signed with a server secret. It expires automatically after 30 days of inactivity and is cleared when you sign out.

Local-only history.Your dashboard's "Recent transcripts" list and total AI-run counter are stored in your browser's localStorage. They never leave your device, are never sent to our servers, and clear with your browser data or by clicking "Clear" on the dashboard.

4. Third-party services we rely on

• YouTube (Google LLC).We call YouTube's public caption endpoints to fetch transcripts for the video IDs you submit.
• Google Gemini API.When you request a translation or an AI feature (summary, key insights, notes, etc.), we send the transcript text and the instruction to Google's Gemini API. Outputs are returned to you and not retained beyond the standard server logs.
• Google Sign-In (optional). If you choose to log in with Google, we use Google OAuth to authenticate you and receive your email, display name, and avatar URL. We do not receive your password.
• Stripe (Pro plan only). Stripe processes payments and stores cardholder data. We never see your card number. Stripe shares with us a customer ID, subscription status, plan, and renewal date so we can grant Pro access.
• Residential proxy provider.Outbound requests to YouTube may be routed through a third-party residential proxy network to comply with YouTube's rate limits. Proxy logs may include the destination URL but not your IP or browser information.
• Cloudflare. Proxies traffic to our origin server and provides TLS, DDoS protection, and caching.

Each of these providers operates under its own privacy policy. We recommend reviewing them if you have concerns about specific providers.

5. How we use information

We use the information described above to:

• provide the transcript and translation features you request;
• operate, maintain, and improve the Service;
• monitor for and prevent abuse, fraud, and security incidents;
• respond to your support emails; and
• comply with our legal obligations.

6. Sharing

We do not sell or rent personal information. We share data only:

• with the third-party services listed in Section 4, strictly to provide their functionality;
• with our hosting and infrastructure providers (e.g. our server host, Cloudflare) under their standard terms;
• if required by law, valid legal process, or to protect our rights and the safety of our users; and
• in connection with a merger, acquisition, or sale of assets, in which case we will notify users and require that the recipient honour this Privacy Policy.

7. Data retention

Server logs are retained for up to 30 days, after which they are rotated and deleted. Cached transcripts and translations are retained indefinitely unless we choose to evict them; you can request that a specific cached transcript be deleted by emailing us (see Section 11). Support emails are retained for as long as necessary to resolve your enquiry and to comply with our legal obligations.

Account and subscription records. When you delete your account (email us to request) we remove your user record, cancel any active subscription, and delete the Stripe customer/ subscription IDs we hold for you. Stripe retains its own copies of payment records as required by financial regulations.

8. Security

We apply reasonable technical and organisational safeguards including TLS for all browser traffic, restricted access to production servers, and routine backups. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

9. Children

The Service is not directed to children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of personal information we hold about you, and to object to certain processing. For users without an account, the personal information we hold is usually limited to recent server-log entries and any emails you have sent us. For users with an account or active subscription, we additionally hold the data described in Section 1. To exercise these rights, email [email protected].

Do-Not-Track signals. Because we do not run cross-site tracking, we treat DNT and Global Privacy Control signals the same as any other request — no tracking either way.

11. Contact and updates

For any privacy question or request, email [email protected]. We may update this Privacy Policy from time to time; the "Last updated" date above always reflects the most recent version. Continued use of the Service after a change means you accept the revised policy.