Privacy Policy

Last updated: March 18, 2026

Overview

EngageKit is designed with privacy as a core principle. We provide YouTube analytics tools and process only the minimum data necessary to operate the service. Your YouTube analytics data is never stored on our servers — it flows directly from the YouTube API to your browser. We do store limited account data when you make a purchase, as described below.

Data We Access

When you sign in with Google, we request read-only access to:

  • YouTube Channel Data - Your channel name, profile picture, subscriber count, and video list
  • YouTube Analytics - Views, watch time, demographics, traffic sources, and engagement metrics

We never request permission to modify your YouTube account, upload videos, or access private information beyond analytics.

How We Use Your Data

Your YouTube data is used exclusively to:

  • Display analytics in your dashboard
  • Generate charts and visualizations
  • Create media kits and PDF reports
  • Calculate performance metrics and insights

All data processing happens in your browser. We do not store, share, or sell your YouTube data.

Data Storage

Your YouTube analytics data — views, watch time, demographics, video metrics — is never written to a database. It is fetched from the YouTube API on demand and displayed in your browser only.

When you purchase a premium template, we store the following in our database (Supabase, hosted on AWS) solely to verify and fulfill your access:

  • Your Google account user ID
  • The Stripe checkout session ID (to prevent duplicate charges)
  • Purchase timestamp and access expiry timestamp (24 hours)

This purchase record is retained for as long as necessary to resolve disputes and comply with financial record-keeping obligations. Payment card details are never stored by us — they are handled exclusively by Stripe.

Data Protection & Security

We take the protection of your sensitive data seriously. The following mechanisms are in place to safeguard your information:

  • Encryption in transit - All communication between your browser, our servers, and the YouTube API is encrypted using TLS (HTTPS). Data is never transmitted over unencrypted connections.
  • Secure session handling - OAuth access tokens and session tokens are stored in HttpOnly, Secure, SameSite cookies that are inaccessible to JavaScript and protected against cross-site request forgery (CSRF).
  • Short-lived access tokens - OAuth access tokens are short-lived and automatically refreshed via Google's token endpoint. Expired tokens are discarded and never retained.
  • Minimal data retention - Your YouTube analytics data, channel information, and video metrics are never written to a database. Only the minimum purchase record data needed to fulfill and verify your access is stored, as described in the Data Storage section above.
  • Minimal scope access - We request only the minimum OAuth scopes needed to display your analytics. We do not request write, upload, or account management permissions.
  • No AI/ML training use - Your YouTube data accessed via Google APIs is never used to train, fine-tune, or improve any artificial intelligence or machine learning models.

Authentication

We use Google OAuth 2.0 for secure authentication. Your Google password is never shared with us. We store only a session token to keep you signed in, which is automatically cleared when you sign out or revoke access.

Third-Party Services

EngageKit uses the following services:

  • Google OAuth - For secure sign-in
  • YouTube Data API - To fetch channel and video information
  • YouTube Analytics API - To retrieve performance metrics
  • Stripe - To process payments for premium templates. Your payment details are handled exclusively by Stripe and are never transmitted to or stored by us. Stripe's privacy policy applies to data you provide during checkout.
  • Supabase - Our database provider (hosted on AWS) where purchase records are stored. Only the data described in the Data Storage section is held here.
  • Google Analytics - Page view and usage analytics, loaded only with your consent. You can opt out via the cookie banner or your browser settings.
  • Vercel Analytics - Anonymous page view analytics (no personal data collected, no consent required).

Cookies

We use two categories of cookies:

  • Essential cookies - Required to keep you signed in (NextAuth session cookie). These cannot be declined without breaking the service.
  • Analytics cookies - Google Analytics (_ga, _ga_*) to understand aggregate usage patterns. These are only set after you accept via the cookie banner. You can change your preference at any time by clearing your browser cookies and reloading the page.

We do not use advertising or third-party tracking cookies.

Revoking Access

You can disconnect EngageKit from your Google account at any time:

  1. Go to your Google Account permissions
  2. Find EngageKit in the list of connected apps
  3. Click "Remove Access"

Once revoked, we will no longer have access to your YouTube data.

Children's Privacy

EngageKit is not intended for use by children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy, please contact us at privacy@engagekit.app.