Privacy Policy

OpenSync ("we", "our", "us") operates the opensync.app website and application. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

OpenSync is a YouTube upload management tool that allows video editors to upload content for creator approval before publishing to YouTube.

OpenSync uses the YouTube API Services. By using OpenSync, you also agree to be bound by the Google Privacy Policy.

We request the following YouTube API scopes:

• youtube.upload — To upload approved videos to your YouTube channel on your behalf.
• youtube.readonly — To display your channel name and thumbnail in the OpenSync dashboard.

We collect the following information:

• Account information — Email address, name, and profile picture from your authentication provider (Google/Clerk).
• YouTube channel information — Channel name, channel ID, and thumbnail URL (read-only, used for display purposes).
• YouTube OAuth tokens — Access and refresh tokens required to upload videos on your behalf. These are stored encrypted in Google Cloud Secret Manager, NOT in our application database.
• Video files — Temporarily stored in Google Cloud Storage during the upload and approval process. Deleted after publishing to YouTube or after 30 days, whichever comes first.
• Video metadata — Title, description, tags, and privacy settings you provide for each upload.

• To provide the upload management and approval service.
• To upload approved videos to your YouTube channel via the YouTube API.
• To send notifications about upload status (email, Slack, webhooks).
• To display your channel information in the dashboard.
• To monitor and improve our service.

• YouTube OAuth tokens are stored in Google Cloud Secret Manager with IAM access controls, audit logging, and automatic encryption at rest. They are NEVER stored in our application database.
• Video files are stored temporarily in Google Cloud Storage (encrypted at rest) and deleted after publishing or 30 days.
• User data is stored in Convex (our database provider) with encryption in transit and at rest.
• All data transmission uses HTTPS/TLS encryption.

• Video files: Deleted immediately after YouTube publish, or after 30 days if unpublished.
• Upload metadata: Retained for as long as your account is active.
• Account data: Retained until you delete your account.
• Audit logs: Retained for 1 year for security purposes.

You can revoke OpenSync's access to your YouTube channel at any time by:

• Clicking "Disconnect" on the channel in your OpenSync dashboard — this revokes the OAuth tokens and deletes them from Secret Manager.
• Visiting your Google Account permissions page and removing OpenSync's access.

We use the following third-party services:

• Google Cloud Platform — Video storage (GCS), token storage (Secret Manager), YouTube API.
• Clerk — User authentication and organization management.
• Convex — Application database.
• Resend — Transactional email delivery.
• Sentry — Error tracking and monitoring.

You have the right to:

• Access your personal data stored by OpenSync.
• Request deletion of your account and all associated data.
• Revoke YouTube API access at any time.
• Export your data in a machine-readable format.

For any privacy-related questions or requests, contact us at: work@pranavbhatkar.me