Privacy Policy

Bloobel (“we”, “us”, “the app”) is an AI-assisted tool for producing faceless YouTube Shorts. This policy explains what information we collect, why we collect it, how we store it, and how you can remove it. Questions: hello@bloobel.io.

• Account data — email address and a hashed password when you sign up, plus session tokens to keep you signed in.
• Workspace content — the channels, topics, scripts, voiceovers, images, and rendered videos you create inside the app. This content is also transmitted to third-party AI providers as described in section 8.
• Billing data — if you purchase credits or a subscription, Stripe handles the card details; we store only the resulting credit balance and the Stripe customer/subscription identifiers.

When you click Connect YouTube account, we request permission to access your YouTube data via Google OAuth 2.0. We only access the data covered by the scopes you explicitly approve on Google’s consent screen.

Scopes we request, what each one lets us do, and why:

• https://www.googleapis.com/auth/youtube.readonly — read your channel id, channel title, and the metadata of videos on your channel. We use this to identify which channel is linked to your workspace and to list your existing uploads inside the app.
• https://www.googleapis.com/auth/yt-analytics.readonly — read aggregated analytics reports for your channel and videos. We use this to render the in-app Analytics dashboard (views, retention, CTR, traffic sources, demographics).
• https://www.googleapis.com/auth/youtube.upload — upload a video to your channel as an unlisted or public Short. Only invoked when you explicitly click Publish on a render.
• https://www.googleapis.com/auth/youtube.force-ssl — update video metadata and thumbnails after an upload (e.g. when you tweak a title or description from inside the app).

We do not request or use any other Google API scopes. You can revoke the entire grant at any time from myaccount.google.com/permissions or by clicking Disconnect inside the app’s channel settings.

Bloobel’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use YouTube user data only to provide and improve user-facing features inside Bloobel; we do not transfer this data to third parties except as necessary to provide and improve those features, comply with applicable law, or as part of a merger / acquisition / sale of assets with notice to you; we do not use the data for serving advertisements; and we do not allow humans to read the data unless we have your explicit consent, it is required for security, to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements. We do not use YouTube data to train generalized or third-party AI / machine-learning models.

• All application data (account, workspace content, OAuth tokens, cached analytics) is stored in Supabase Postgres (managed by Supabase, Inc.). Supabase encrypts data at rest and in transit.
• Rendered video files and image assets are stored in object storage (Supabase Storage / S3-compatible).
• Billing data is stored by Stripe under their security and compliance program.

• OAuth tokens and cached YouTube analytics are kept only while a workspace channel is connected to your Google account. They are deleted within seconds of:
  • you clicking Disconnect inside the app,
  • you revoking the grant at myaccount.google.com/permissions (we detect this on the next refresh attempt and erase the token),
  • or you deleting the workspace channel.
• Account data and workspace content is kept until you delete your account.
• Billing records are kept as required by applicable tax law (typically 7 years).

• YouTube data only: open Channel Settings inside Bloobel and click Disconnect. This revokes the OAuth grant at Google and erases the refresh token, access token, and all cached analytics rows tied to that channel.
• Whole account: email us at hello@bloobel.io and we will delete your account, all workspace content, and any cached YouTube data within 30 days.

The app sends content you create to these third parties only as needed to render videos and serve features. Each provider processes data under their own privacy policy and terms:

• Anthropic (Claude) — script planning, title and description generation, and fact-checking. Your topics, scripts, and scene descriptions are sent to Anthropic’s API.
• Google Gemini / Lyria — AI background music generation and, when you choose a Gemini voice, narration. Relevant prompts and scene data are sent to Google’s Gemini API.
• fal.ai (Z-Image) — primary image generation. Scene descriptions and style prompts are sent to fal.ai to generate visual assets for each scene.
• ElevenLabs — voiceover synthesis and optional background music. Script text is sent to ElevenLabs to generate audio.
• Runway / Higgsfield — optional image-to-video animation for individual scenes, enabled only if you activate the animation feature.
• Supabase — database and object storage for all application data and rendered assets.
• Stripe — payment processing for credit purchases and subscriptions.
• Google / YouTube — for the OAuth-scoped reads, uploads, and metadata edits described in section 3.
• Upstash Redis — rate-limiting infrastructure. We store IP addresses and request-count metadata to enforce API rate limits. No content data is stored in Redis.
• Sentry — error monitoring and crash reporting. Sentry may capture stack traces and request context that could include partial content data when an error occurs. Data is used solely for diagnosing and fixing bugs.

We do not sell or rent your data. We do not share YouTube-derived data with any provider beyond what is required to perform the specific feature you triggered.

The app is not directed at children under 13. Do not use it if you are under 13.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights with respect to your personal data under applicable data protection law:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data (subject to legal retention obligations).
• Portability — receive your data in a machine-readable format.
• Restriction — ask us to restrict how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email hello@bloobel.io. We will respond within 30 days.

Personal data is transferred to third-party AI and infrastructure providers outside the EEA (including those in the United States). These transfers are covered by the respective provider’s Standard Contractual Clauses, EU adequacy decisions, or other lawful transfer mechanisms. You may contact us for details about any specific transfer.

We will update the “Last updated” date above whenever this policy changes. Material changes will be announced inside the app.

Privacy questions, data requests, or GDPR rights requests: hello@bloobel.io.