Legal

Privacy Policy

Last updated

This Privacy Policy describes how SkipBait ("we", "us") collects, uses, stores, and shares information when you use our website, Chrome extension, and related services (collectively, the "Service"). Read it together with our Terms of Service.

1. Information we collect

Account and authentication

  • Identifiers: Email address; password if you register with email and password; and authentication identifiers if you sign in with Google.
  • Session data: Tokens and session records needed to keep you signed in securely.

Content you submit or generate

  • Video context: YouTube video IDs, URLs, titles, and publicly available transcript or caption text you ask us to analyze.
  • Analysis outputs: Summaries, outlines, action items, suggested questions, and similar outputs we generate and store for your account.
  • Chat: Messages you send in in-product chat, model responses, and related conversation context.

Subscription, billing, and usage

  • Plan and status: Subscription tier, renewal dates, and entitlement flags needed to deliver features.
  • Usage metrics: Aggregated or event-level records relating to how the Service is used (for example, counts or estimates tied to analyses performed, chat usage, feature access, and billing periods). We use this information to bill where applicable, operate and improve the Service, protect security and integrity, and enforce our Terms (including acceptable and fair use).
  • Payments: Payment transactions are processed by third-party payment providers. We do not store your full payment card number.

Voice input (optional)

  • If you use the optional microphone feature in chat, audio is processed by your browser's built-in speech recognition (Web Speech API), which may route audio to the browser vendor's servers (for example Google's speech service in Chrome). SkipBait receives only the transcribed text your browser returns, not raw audio.
  • Voice input is entirely optional. Your browser will prompt you for microphone permission before it can be used, and you can decline without affecting any other feature.

Technical and security data

  • Logs and diagnostics: Server logs, error reports, rate-limit or abuse-prevention signals, and related technical metadata as needed to keep the Service reliable and secure.
  • Extension local storage: The Chrome extension caches data in your browser, including settings, session data, recent analyses, outlines, actionables, suggested questions, chat history, and subscription usage state. This data remains on your device until you clear browser extension data or uninstall the extension.

Extension permissions

The SkipBait Chrome extension uses the following browser permissions:

  • Storage: To cache analyses, settings, and session data locally in your browser.
  • Identity: To facilitate sign-in (for example Google OAuth through your browser, coordinated with our authentication provider).
  • Downloads: To save PDF exports you request from the extension.
  • Network access: Limited to youtube.com (to read page context when you are actively viewing a YouTube video), our backend service, and our authentication and storage providers. We do not request access to unrelated websites or your browsing history.

Integrity, fraud prevention, and related accounts

Depending on implementation and risk, we may process additional categories to operate anti-abuse and billing-integrity controls described in our Terms, including detection of multiple or related accounts (not every signal is collected or used at all times):

  • Payments and subscription integrity: Information from payment processors such as customer or subscription identifiers, transaction outcomes, limited billing metadata, and processor-provided fraud or risk indicators, consistent with those providers' terms and our role as merchant.
  • Account and sign-in context: Authentication provider identifiers, email addresses, and patterns that may suggest duplicate or coordinated registrations.
  • Network data: For example IP addresses, timestamps, and derived technical metadata from Service requests.
  • Device or environment signals: Where relevant, browser or extension instance characteristics (for example to maintain sessions or distinguish abusive automation from ordinary use). We do not use such signals for unrelated marketing.
  • Behavioural signals: Usage rates, timing patterns, and product interaction telemetry (including items described under usage metrics) compared with typical workloads, as risk inputs alongside technical limits.

We combine such inputs only as needed for security, fraud prevention, and enforcement of our agreements; automated outcomes are designed to be proportionate, with manual review where appropriate. See our Terms of Service regarding acceptable use and account measures.

2. How we use information

  • Provide, maintain, and secure the Service.
  • Authenticate users and sync saved content across devices.
  • Process subscriptions, payments, and customer support requests.
  • Detect, investigate, and reduce abuse, fraud, security incidents, and violations of our Terms, including coordinated or repeated sign-ups and other patterns that may link accounts for enforcement purposes.
  • Meet legal obligations and enforce our agreements.
  • Improve the Service using aggregated or de-identified insights where appropriate.

3. How we share information

We share information only where needed to run the Service. Below are the specific third-party companies we share data with and what is sent to each.

AI inference providers - video analysis

We send video transcripts or extracted caption text, titles, and related metadata to AI inference providers (currently DeepInfra, OpenRouter, Nebius, Fireworks, and IonRouter, depending on availability and routing) to generate summaries, outlines, action items, and suggested questions.

OpenAI - chat and translation

We send your chat messages and relevant conversation history to OpenAI to generate follow-up chat responses. When you use summary translation, we may also send summary or outline text to OpenAI for that feature.

Serper - web search

When you ask questions in chat that may benefit from current information, we send search queries derived from your chat messages to Serper to retrieve real-time web results.

Fly.io - application hosting

Our backend API is hosted on Fly.io. Requests from the extension and website pass through this infrastructure; server logs may include IP addresses, timestamps, and related technical metadata described under technical and security data.

Supabase - authentication and cloud storage

We use Supabase for user authentication and cloud data storage. Your account information, saved video analyses, chat history, and subscription and usage data may be stored with Supabase.

Google - sign-in (optional)

If you choose Google sign-in, authentication identifiers are passed to Google's OAuth service (accounts.google.com). SkipBait receives only the resulting authentication token through Supabase; we do not receive your Google password. Email and password sign-in is handled through Supabase without sending your password to Google.

Stripe - payment processing

Subscription billing is handled by Stripe. Payment information and billing details are processed directly by Stripe. SkipBait does not store or access your full payment card number.

We may also share information with professional advisors (for example, legal or accounting) where required, and with authorities when required by applicable law or to protect rights, safety, and security.

If you use optional export or share features (for example, opening a link to send text through WhatsApp), you choose to send that content to a third-party site or app. We do not control how they handle it; their terms and privacy policy apply to what you transmit there.

We do not sell your personal information. We do not provide your information to third parties for their independent advertising or unrelated commercial use except as stated here or with your clear direction.

4. Retention

We retain information for as long as your account remains active and as needed to provide the Service. We may retain certain records longer where required for legal, tax, billing, security, dispute resolution, compliance, or documented misuse inquiries. Browser or extension data may remain on your device until you clear it.

5. Security

We apply reasonable administrative and technical safeguards aimed at protecting personal information. No method of transmission over the Internet or electronic storage is completely secure.

6. International users

SkipBait operates from Hong Kong SAR. Depending on your location, data may be processed in Hong Kong and other regions where our subprocessors operate. By using the Service you understand that transfers may occur subject to safeguards we impose in agreements with processors.

7. Your choices

  • Subject to applicable law, you may request access, correction, portability, restriction, objection, or deletion by contacting us.
  • Where we offer account deletion, we remove or anonymize account data except where retention is legally required or proportionate for security and dispute resolution.

8. Children

The Service is not intended for minors who cannot validly consent in their jurisdiction. Contact us if you believe we collected data from someone who does not meet that threshold.

9. Changes

We may revise this Privacy Policy by posting an updated version on this page and, where appropriate, providing additional notice (such as in-product prompts or email).

10. Contact

Privacy questions: hello@skipbait.app