LegalClosed beta

Privacy Policy

Last updated · 4 July 2026

Plain language, no boilerplate. Your data is yours. Here's exactly what we touch, why, and where it lives.

01

Who's responsible for your data

The data controller for everything described in this policy is Reinholdsson Media House B.V., a private limited company registered in the Netherlands. Throughout this policy, “we”, “us”, and “our” refer to that entity.

KVK 96166959 · BTW NL867496265B01
Nachtegaalstraat 2-410, 8011BV Zwolle, The Netherlands
Privacy questions: hello@creatorscope.studio

02

What we collect

When you sign in with Google, we receive your basic profile from the OAuth handshake: email address, name, and profile picture. We also request scoped access to the YouTube channels you choose to connect.

From the YouTube Data API, we read your videos, titles, descriptions, thumbnails, retention curves, view counts, comments, and channel analytics. This is read-only — we never publish, edit, or delete anything on your channel.

Within the app, we store the things you create across the Voice, Oracle, and Briefingtrio: pipeline cards, scripts, ideas, voice-model source documents, Oracle verdicts, briefing notes, and any settings you change. We also keep basic usage data — which pages you visit and when — so we can see what's working.

If you subscribe to a paid plan (Hobbyist, Pro, or Founder), billing is handled by Stripe. We never see or store your card number — Stripe sends us back a customer ID, the plan you picked, the renewal date, and the last four digits of the card so we can show it in Settings. Stripe also calculates and collects VAT through Stripe Tax, which means your billing country (and VAT number, if you enter one) is processed by Stripe.

We send transactional email — a welcome note, a heads-up before your trial ends, a notice if a payment fails — through Resend, which processes your email address for exactly that purpose. No marketing email lists, no newsletters you didn't ask for.

03

YouTube API Services

Creatorscope uses YouTube API Services to read data from the YouTube channels you connect. By connecting a channel, you agree to be bound by YouTube's Terms of Service in addition to this policy.

Your use of YouTube data through Creatorscope is also subject to Google's Privacy Policy.

When you connect a channel, we ask Google for exactly four OAuth scopes — no more:

  • youtube.readonly — read your videos, titles, descriptions, thumbnails, and comments.
  • yt-analytics.readonly — read your channel analytics: views, watch time, retention curves, traffic sources.
  • yt-analytics-monetary.readonly — read your revenue metrics (RPM, estimated earnings) so the briefing can talk about money, not just views.
  • youtube.force-ssl — used solely to download the caption transcripts of your own videos for the voice model. Google only exposes transcript downloads through this broader scope; we never use it to publish, edit, or delete anything on your channel.

Creatorscope's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements: Google user data is used only to provide and improve the features you see in the app, is never sold, never used for advertising, and never used to train generalized AI models.

You can revoke Creatorscope's access to your YouTube data at any time:

Revoking via Google immediately invalidates our access tokens. Within 30 days of revoking the grant — or of your subscription ending — an automated job deletes all YouTube-derived data associated with your account. Billing records held by Stripe are the only exception, kept because tax law requires it.

04

Why we collect it — and the legal basis

To run the service. The Oracle can't predict a video's performance without your channel's history. The voice model can't sound like you without your past scripts. The pipeline can't show your thumbnails without reading them.

Under Article 6 GDPR, each processing purpose rests on one of three legal bases:

  • Contract (Art. 6(1)(b)) — everything the core product needs: reading your YouTube data, generating scripts and verdicts, storing your content, billing through Stripe, and transactional email through Resend.
  • Legitimate interest (Art. 6(1)(f)) — keeping the service secure and working: error monitoring via Sentry, cookieless aggregate analytics via Plausible, and abuse prevention.
  • Consent (Art. 6(1)(a)) — Google Analytics cookies on the marketing pages, and only after you accept the cookie banner. You can withdraw consent at any time.

That's the whole brief. We don't collect anything we don't actively use to make the product better for you.

05

Where it lives

In the EU. Your data is stored in a Turso database hosted in eu-west-1 (Ireland). The application itself runs on Vercel with Dublin, Ireland as its primary region. Both are SOC 2 compliant.

Encryption is in transit (TLS) and at rest. Session cookies are HttpOnly and signed. Encrypted database backups roll over automatically and expire within 30 days — so anything deleted from the live database is gone from backups within 30 days too.

06

Third parties that touch your data

To generate AI output — title suggestions, draft scripts, verdicts — we send relevant excerpts of your content to AI model providers:

  • Anthropic (Claude) — for most generation and analysis tasks.
  • Google (Gemini) — for select tasks where Gemini performs better.

Under our API agreements with both providers, your data is not used to train their models. They process the request, return a response, and that's the end of the transaction.

For page-view statistics we run Plausible — cookieless, EU-hosted, aggregate-only — across the whole site. On the logged-out marketing pages only (the landing page, about, FAQ, tools, and these legal pages — never inside the signed-in product) we additionally use Google Analytics. Its cookies are denied by defaultvia Google's Consent Mode v2 — nothing tracks you until you explicitly accept the cookie banner. We never receive ad-targeting data from Google, and ad personalization stays denied even after you accept.

We use Sentry to catch errors and (optionally, on opt-in only) replay the session leading up to a crash so we can reproduce and fix it. Session replays are sampled, masked by default for text and inputs, and never include the contents of your scripts or briefings.

The full set of sub-processors we rely on:

  • Vercel — application hosting; primary region Dublin, Ireland (EU).
  • Turso — database; eu-west-1, Ireland (EU).
  • Google — sign-in (OAuth), YouTube API Services, Gemini AI processing, and Google Analytics on the marketing pages — covered by Google's Privacy Policy.
  • Anthropic — Claude models for generation and analysis.
  • Stripe — payments, subscriptions, and VAT calculation via Stripe Tax.
  • Resend — transactional email delivery.
  • Plausible — cookieless aggregate analytics, EU-hosted.
  • Sentry — error monitoring.

We do not share data with advertisers, data brokers, or anyone else. We do not sell your data. Full stop.

07

Cookies

Two functional cookies, always. One holds your authenticated session so you don't have to sign in on every page. One remembers whether you picked light or dark theme. These two don't require consent — you can't use the product without them.

Analytics cookies (_ga, _ga_*) only drop if you click Accept on the cookie banner, and only on the logged-out marketing pages — the Google Analytics script never loads inside the signed-in app. Decline — or just close the banner — and Google Analytics runs in cookieless mode: we get a rough page-view count and nothing else. Plausible never sets cookies anywhere. No tracking pixels for third parties. No remarketing tags.

08

Data retention

Concrete numbers, not “as long as necessary”:

DataKept for
YouTube-derived data (videos, analytics, retention curves, comments, transcripts)Deleted within 30 days of you revoking the Google grant or your subscription ending — enforced by an automated job, not a manual process.
Your account and the content you created (scripts, ideas, pipeline cards, briefing notes)Kept while your account is active. On a deletion request: wiped from the live database immediately; encrypted backups expire within 30 days.
Billing records (held by Stripe)7 years — Dutch tax law requires it.
Error reports (Sentry)Up to 90 days, then auto-deleted.

To request deletion, or to get a copy of everything we have on you, email the founder at the address below. No forms, no tickets.

09

Your rights

Because we're a Dutch controller, your rights under the GDPR apply by default. You can access, correct, export, restrict, object to processing of, or delete your data at any time. You can disconnect a YouTube channel from Settings, which stops further syncing. You can revoke our Google OAuth access from your Google account at any time at myaccount.google.com/permissions.

Data portability:the in-app account export gives you everything we hold on you — profile, channels, videos, comments, ideas, Oracle decisions, notifications — as a single machine-readable JSON file, on demand. That's your Article 20 right, self-serve. If you'd rather not click, email us and we'll send it.

You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens— the Dutch supervisory authority, since we're a Dutch controller — or with the supervisory authority of the EU country where you live or work.

10

Changes to this policy

If we change anything material — what we collect, who we share it with, where it's stored — we'll email you before the change takes effect. Smaller edits will be reflected here with an updated date at the top.

11

Contact

Privacy questions, data requests, or anything else: email hello@creatorscope.studio. That's the founder. You'll get a real reply.