Privacy Policy

Last updated: March 8, 2026

1. Introduction

GapLoom ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at gaploom.com and app.gaploom.com (the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). If you subscribe to a paid plan, payment processing is handled by Stripe — we never store your credit card details.

YouTube Channel Data

When you add channels to track, we collect publicly available data: channel names, video titles, descriptions, view counts, like counts, comment counts, upload dates, and publicly available transcripts. We never access your private YouTube analytics or require YouTube login.

Generated Content

Scripts, ideas, and other content you generate using GapLoom are stored in your account. This content belongs to you.

Usage Data

We collect anonymous usage analytics (page views, feature usage) to improve the Service. We use a self-hosted, privacy-friendly analytics solution — no data is shared with third parties.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To generate AI-powered content based on your tracked channels
  • To process payments and manage subscriptions
  • To send transactional emails (password resets, billing notifications)
  • To improve and optimize the Service
  • To respond to support requests

4. AI & Data Processing

GapLoom uses AI models (via OpenAI and other providers) to generate content. When generating scripts or analysis, relevant data (video titles, transcripts, your preferences) is sent to AI providers for processing. These providers do not use your data to train their models.

We do not sell, share, or use your generated content for training our own or third-party AI models.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Payment processors (Stripe) — to handle billing
  • AI providers (OpenAI) — to generate content
  • Hosting providers — to operate infrastructure
  • Law enforcement — only if legally required

6. Data Retention

Your account data is retained as long as your account is active. If you delete your account, we will delete your personal data and generated content within 30 days. Anonymous, aggregated analytics data may be retained indefinitely.

7. Your Rights

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your generated content
  • Withdraw consent for marketing communications

If you're in the EU/EEA, you have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

8. Cookies

We use essential cookies for authentication (JWT session tokens). We do not use third-party tracking cookies or advertising cookies.

9. Security

We use industry-standard security measures including HTTPS encryption, secure password hashing, and regular security updates. However, no method of transmission over the Internet is 100% secure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above.

11. Contact Us

Questions? Email us at hello@gaploom.com.