ExpertReacts

Privacy Policy

Last updated 2026-04-23

This Privacy Policy explains how ExpertReacts (“we”, “our”) collects, uses, stores, and shares information when you use our website at expertreacts.app (the “Service”). ExpertReacts is a reaction-video production tool that helps expert creators (surgeons, chefs, trainers, and others) find, organize, and report on videos their channel reacts to.

1. Information we collect

Account information

When a member of our team or a client invites you to the Service, we create an account that stores your email address, display name, role, and the client your account is associated with.

Data from Google and the YouTube API Services

If you choose to connect your YouTube channel, the Service receives data from Google’s YouTube Data API v3 and YouTube Analytics API under OAuth scopes you explicitly authorize. Specifically:

  • https://www.googleapis.com/auth/youtube.readonly — we call youtube.v3.channels.list?mine=true once during the connection flow to read the authenticated channel’s ID, title, and thumbnail. This confirms channel ownership and lets us display your connected channel name in the dashboard. We do not read your videos, comments, subscriptions, playlists, or any other channel content under this scope.
  • https://www.googleapis.com/auth/yt-analytics.readonly — we call the YouTube Analytics API to generate monthly performance reports containing aggregate metrics such as views, watch time, average view duration, retention, impressions, and click-through rate for your own videos. We do not access other channels’ data under this scope.

Content you create in the Service

The Service stores video ideas, scripts, talking points, and other content authored through the product, along with metadata about your usage (login timestamps, comments you post, etc.).

Automatically collected data

We log standard request data (IP address, user-agent, timestamps) for security and debugging. We do not use third-party advertising or behavioral-analytics cookies.

2. How we use information

  • Channel identity. Your YouTube channel ID and title are used to display your connected channel in the Service and to attribute reports and videos to the correct channel.
  • Performance reporting. YouTube Analytics metrics are used to generate the monthly performance report your channel manager prepares for you. The report is delivered to you (typically via a Google Doc) and may be discussed with your channel-management team.
  • Operating the Service. Account information and content you author are used to operate the platform, authenticate you, and enable collaboration between you and your channel-management team.

We do not use Google user data for advertising. We do not sell Google user data. We do not use Google user data to train generalized machine-learning models. Data obtained through the YouTube API Services is used solely to operate the Service as described above.

3. How we store and protect data

Application data is stored in our managed PostgreSQL database (Supabase) with row-level security. OAuth access tokens and refresh tokens are encrypted at rest with AES-256-GCM before being written to the database. Connections between your browser, the Service, and Google are made over TLS.

4. Sharing

We do not share your personal information or data obtained through the YouTube API Services with third parties for their independent use. We rely on the following infrastructure providers to operate the Service, who process data solely on our behalf under their own security and privacy terms:

  • Vercel (web hosting)
  • Supabase (database, authentication, storage)
  • Google (YouTube Data API, YouTube Analytics API, Google Docs)
  • Anthropic (Claude API for script drafting)
  • Google Gemini (content analysis and matching)

We do not otherwise share Google user data with third parties.

5. Retention

YouTube OAuth tokens and the associated channel metadata are retained for as long as your channel remains connected. If you disconnect your YouTube channel (from the portal settings page, from your Google Account permissions page, or by having your client account deleted), the tokens are revoked against Google’s OAuth endpoint and the stored row is deleted from our database immediately.

Other account data is retained for the lifetime of your account and deleted when your account is deleted, except where we are required to retain records for legal or financial-compliance reasons.

6. Your choices and rights

  • Revoking YouTube access. You can disconnect the Service from your YouTube channel at any time from the portal settings page, or at myaccount.google.com/permissions. Revoking either place invalidates both the access and refresh tokens.
  • Access, correction, and deletion. You can request a copy of the personal information we hold about you, or request correction or deletion, by emailing the address below.

7. YouTube API Services

By using the Service to connect your YouTube channel, you acknowledge and agree to be bound by the YouTube Terms of Service. You can review Google’s privacy practices at policies.google.com/privacy.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be announced within the Service or by email.

10. Contact

Questions, privacy requests, or account-deletion requests: itsmarkobiz@gmail.com.