YouTube Sidebar Premium – Privacy Notice
Last updated: 15 March 2025
YouTube Sidebar Premium (the “Extension”) enhances youtube.com with extra sidebar tabs, account-aware upgrades, and optional saved content. This notice lists the limited data we handle, how it flows through Chrome/Firefox storage, Firebase, Google, and Stripe, and the choices you retain.
What Information We Process
- Google sign-in profile: When you use Chrome/Firefox identity we receive a Google ID token plus profile basics (subject ID, email, display name, photo). Tokens live in memory only until we validate them; a sanitized copy of your profile (no token) is cached in extension storage so you stay signed in between sessions.
- Device and extension settings: We create an anonymous device ID and store your sidebar layout, tab order, hidden tabs, theme, saved filters, captured videos, exported queue, and premium-only video notes in browser storage sync/local storage.
- YouTube session context: While you are on youtube.com we read the page’s own config (account name, avatar, channel/session IDs, video metadata) to show the correct status inside the sidebar. This copy never leaves your browser unless you explicitly export a JSON file of captured videos.
- License and payment metadata: When you refresh a license or start checkout we store in Firebase Firestore the user ID, plan, entitlement timestamps, Stripe checkout/session identifiers, Stripe customer/subscription IDs, and billing email needed to link the purchase to your account. We do not collect or see full card numbers.
- Support communications: If you email ytsidebar@aimixtapes.com we receive your message and reply address so we can respond and follow up on entitlements or refunds.
How Data Moves
- On-device only: Device IDs, cached Google profile basics, captured videos, video notes, layout settings, and YouTube session context remain on your computer. Clearing extension data, signing out, or uninstalling removes them.
- Sent to Firebase Cloud Functions: The Extension transmits Google ID tokens (over HTTPS) when checking entitlements, the confirmSecret + sessionId generated by Stripe during checkout, and your selected plan so the API can respond with the correct license. The API validates every token with Google’s tokeninfo endpoint before storing anything.
- Shared with processors:
- Google provides OAuth, Chrome Identity, and the youtube.com page data we read. Our backend also calls oauth2.googleapis.com/tokeninfo solely to verify that the ID token you provided is valid for our OAuth client.
- Firebase / Google Cloud hosts our HTTPS endpoint and Firestore database located in us-central1 (Iowa, USA) where entitlement documents live.
- Stripe receives your email, selected plan, price ID, and the confirmSecret embedded in the checkout session. Stripe processes payments and sends us webhooks/metadata so premium features can unlock.
We do not sell personal information, run advertising trackers, or ingest your broader browsing history.
Why We Use This Data
- Authenticate you with Google so premium plans, device seats, and license revocations stay accurate.
- Sync sidebar settings between browsers when sync storage is available and keep your captured library attached to the right device.
- Display contextual UI such as the active YouTube profile, the queue of captured videos, and Pro-only tabs.
- Verify and fulfill Stripe payments, handle refunds/chargebacks, and notify you about account issues.
- Respond to direct support inquiries and enforce abuse prevention (for example, blocking fraudulent entitlements).
Extension Permissions
- Host access: https://www.youtube.com/* lets us inject the sidebar, read DOM elements required for comments/suggestions, and observe the YouTube account currently in use.
- Host access: https://us-central1-ytextension83.cloudfunctions.net/* allows secure calls to our Firebase API for license refresh, checkout confirmation, and downgrade requests.
- identity is required to launch Chrome/Firefox web auth flows with your Google account.
- storage allows us to persist settings, device IDs, captured videos, and notes within chrome.storage.sync/local.
Retention & Control
- Local data: Remains on your browser until you delete it from the Options page, clear browser data, sign out, or uninstall the Extension.
- Device/identity cache: Removed immediately when you click “Sign out” in the Extension. We also periodically clear stale entries when tokens expire.
- Entitlement and payment metadata: Retained while your plan is active and for up to 90 days after cancellation to resolve disputes, chargebacks, and tax obligations.
- Support emails: Kept for up to 12 months unless a longer period is legally required.
- You may request deletion of account-linked server data by emailing ytsidebar@aimixtapes.com from the Google address tied to your plan. Proof of purchase may be required.
Security
- All communication with Google, Firebase, and Stripe uses HTTPS and verifies TLS certificates.
- ID tokens are checked against Google’s tokeninfo endpoint and discarded after the entitlement response is issued.
- Firestore security rules scope each entitlement document to the authenticated user ID.
- Stripe handles all payment credentials; we only see session IDs and metadata.
- Access to Firebase projects, logs, and Stripe dashboards is limited to the maintainers of the Extension.
Your Choices
- Use Options → Data controls to clear captured videos or notes, or export a JSON copy for your own use.
- Revoke Google access anytime from https://myaccount.google.com/permissions.
- Downgrade or cancel premium via Options → License or by contacting support (Stripe’s portal link is emailed during checkout).
- Uninstall the Extension at any time to remove its permissions.
Children & Regions
The Extension is intended for users 13+ and for personal, non-institutional use. If we learn that a child under the minimum age provided Google account data we will delete the associated entitlements.
Changes
We may update this notice when features or processors change. Material updates appear in the Options page changelog and in this file.