site.namenav.signIn

Privacy Policy

Last updated: January 28, 2026

1. Introduction

Fetch Transcript API, operated by Fetch Transcript ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and API services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address - Required for account creation and communication
  • Display name - Optional, for personalization
  • Password - Stored securely using bcrypt hashing (we never store plain text passwords)
  • Account creation date - For account management

3.2 Usage Data

We automatically collect:

  • API request logs - Video IDs requested, timestamps, response times, error codes
  • API key usage statistics - Number of calls, success/failure rates
  • IP addresses - For rate limiting, security, and fraud prevention
  • User agent strings - Browser/client information for debugging
  • Referrer URLs - To understand traffic sources

3.3 Payment Information

Payment processing is handled entirely by Stripe Inc. We do NOT store your full credit card numbers, CVV, or sensitive payment data on our servers.

We only store:

  • Transaction references (Stripe payment IDs)
  • Purchase amounts and dates
  • Last 4 digits of card (for your reference only)
  • Billing country (for tax purposes)

3.4 Technical Data

Our servers may collect:

  • Device type and operating system
  • Browser type and version
  • Screen resolution
  • Timezone
  • Language preferences

4. How We Use Your Information

We use collected information for the following purposes:

4.1 Service Provision

  • To create and manage your account
  • To process your API requests
  • To process payments and add credits to your account
  • To provide customer support

4.2 Security and Abuse Prevention

  • To enforce rate limits and prevent abuse
  • To detect and prevent fraud
  • To protect against unauthorized access
  • To maintain system security

4.3 Communication

  • To send transactional emails (password resets, receipts)
  • To notify you of important service updates or security issues
  • To respond to your inquiries

4.4 Analytics and Improvement

  • To analyze usage patterns and improve the Service
  • To monitor performance and identify issues
  • To develop new features based on usage data

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contractual Necessity: To provide the Service you requested (account management, API access)
  • Legitimate Interests: Security, fraud prevention, service improvement
  • Legal Obligation: Tax records, fraud prevention, responding to legal requests
  • Consent: Where specifically obtained (e.g., marketing communications)

6. Data Retention

Data TypeRetention Period
Account informationUntil account deletion + 30 days
API usage logs90 days
Payment records7 years (legal requirement)
Security logs1 year
Analytics data2 years (anonymized)

You can request deletion of your data at any time through your account settings or by contacting us. Note that some data may be retained for legal compliance.

7. Data Sharing and Disclosure

We do NOT sell your personal data.

We may share your information with:

7.1 Service Providers

  • Stripe Inc. - Payment processing (PCI DSS compliant)
  • Amazon Web Services (SES) - Transactional email delivery
  • Plausible Analytics - Privacy-focused website analytics (no personal data shared)
  • GlitchTip - Error tracking for service reliability (anonymized)

7.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal process
  • Government requests
  • To protect our legal rights or property
  • To prevent fraud or security threats
  • To protect the safety of users or the public

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

8. International Data Transfers

Your data is primarily processed and stored within the European Union. However, some service providers may process data outside the EU:

  • Stripe: US-based (EU-US Data Privacy Framework certified)
  • Amazon SES: May use EU or US regions

Where data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

9. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Restriction (Art. 18): Request limited processing of your data
  • Right to Withdraw Consent: Where processing is based on consent
  • Right to Lodge a Complaint: With your local Data Protection Authority

To exercise these rights, visit the "Settings > Your Data" section in your account or contact us at [email protected]

We will respond to your request within 30 days. We may request verification of your identity before processing your request.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise CCPA rights, contact us at [email protected] with the subject line "CCPA Request".

11. Cookies and Tracking

11.1 Essential Cookies

We use strictly necessary cookies for:

  • Authentication (session tokens stored in localStorage)
  • Security (CSRF protection)
  • User preferences (language, theme)

11.2 Analytics

We use Plausible Analytics, a privacy-focused analytics service that:

  • Does NOT use cookies
  • Does NOT track you across websites
  • Does NOT collect personal information
  • Is fully GDPR compliant
  • Provides only aggregate, anonymized data

11.3 What We Do NOT Use

  • Third-party advertising cookies
  • Social media tracking pixels
  • Cross-site tracking technologies
  • Google Analytics (we use privacy-focused Plausible instead)

12. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
  • Encryption at Rest: Sensitive data encrypted in our databases
  • Password Hashing: bcrypt with cost factor 12
  • Access Controls: Role-based access to systems and data
  • Regular Audits: Security reviews and vulnerability assessments
  • Incident Response: Procedures for handling security breaches

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

13. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will delete such information.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

Continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

16. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

We aim to respond to all inquiries within 30 days.

17. Complaints

If you believe we have not adequately addressed your privacy concerns, please contact us first at [email protected]. We take all complaints seriously and will work to resolve your concerns.

You may also have the right to lodge a complaint with your local data protection authority, depending on your jurisdiction.