Privacy Policy

1. Introduction

Welcome to Obserra (“Company,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access and use our web application and browser extension (collectively, the “Services”). Our goal is to protect your privacy while providing you with a transparent and secure experience. We design our practices to comply with applicable data protection laws in the USA, Europe, and the UK, as well as other jurisdictions where our users reside.

By using our Services, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our practices, please refrain from using the Services.

We may update this Privacy Policy periodically. Any changes will be posted on our website, and your continued use of the Services after such updates will constitute your acceptance of the revised terms.

2. Information We Collect

We collect various types of information necessary for the proper functioning and enhancement of our Services. Below is an overview of the data we collect:

Personal Information:

• Account Registration: When you create an account, we collect your name and email address. These details are essential for authentication, communication, and account management.
• Profile Customization: If you choose to upload a profile picture, the image is stored solely for display on your profile.
• Settings and Preferences: Your custom settings (including daily limits, channel or video genre restrictions, and break reminders) and any referral codes you use are saved to ensure consistent functionality across devices.

Usage Data:

• Web Extension Activity: When you use our browser extension, we collect data such as the video title, channel name, and duration of the video watched. This information is used to generate personalized insights, allow you to monitor your viewing habits, and enforce any limits you have set.
• Analytics: We collect anonymous analytics and monitor feature usage. This data helps us ensure that our systems are operating as expected and aids in preventing fraudulent activities, such abuse of our affiliate program.

Support Chat

• If you contact us via our live chat feature, we collect the information you provide, such as your name, email, and any messages you send during the chat. This data is used solely to assist you with your inquiries and provide customer support. Chatwoot is a third-party service that processes this information on our behalf.

Payment Information

• Transaction Processing: Payment transactions are processed via Stripe. While we collect essential billing details required for payment processing, all sensitive financial information is handled by Stripe in accordance with their privacy policies.

Technical Information

• IP Address: Your IP address may be recorded to provide localized services, such as displaying the appropriate currency.
• Bot Prevention: To safeguard our services from automated bots, we employ Cloudflare Turnstile on certain pages.

AI Processing Data: We use an AI model to analyze videos to determine their genre. This process helps categorize videos for insights and user-imposed restrictions.

• No Data Storage: The AI model runs prompts in real time and does not store any input or output data. Once the genre is determined and returned, no record of the request remains.
• Open-Source Models: All AI models used in this process are open-source and operate in a transparent, privacy-focused manner.
• No Personal Data Sent: The AI system only processes information related to the video, such as the title. No personal or identifying user data is sent or processed by the AI.

We are committed to collecting and retaining only the information essential for providing you with a seamless and secure experience with Obserra.

3. How We Use Your Information

We use the information we collect to provide, improve, and secure our Services while ensuring compliance with applicable laws. Below is a breakdown of how your data is used:

Providing and Operating the Services

• User Authentication: Your email and password (or third-party authentication method) are used to verify your identity and grant secure access to your account.
• Personalized Features: Your settings, including daily limits, channel and genre restrictions, and break reminders, are stored to ensure seamless functionality across devices.
• Generating Insights: Video data (such as title, channel, and watch duration) is used to provide insights into your YouTube viewing habits and enforce any limits you have set.

Processing Payments

• Subscription Management: If you subscribe to our paid plan, Stripe processes your payment and provides us with non-sensitive transaction details to manage your subscription.
• Billing Currency Determination: Your IP address may be used to display pricing in the correct currency based on your location.

Security and Fraud Prevention

• Bot Detection: Cloudflare Turnstile helps us prevent automated abuse and spam.
• Fraud Prevention: Analytics allow us to detect and prevent fraudulent activities, such as abuse of our affiliate program.

Service Improvement and Analytics

• Performance Monitoring: We collect anonymous analytics to understand feature usage and improve our Services.
• AI-Based Categorization: AI is used to determine the genre of videos for restriction and insights, without storing queries or sending personal data.

Legal Compliance

• Regulatory Requirements: We may process and retain certain data to comply with tax, legal, and regulatory obligations.
• Enforcing Terms: Data may be used to investigate violations of our Terms of Service or to protect against legal claims.

We do not use your personal information for targeted advertising or sell your data to third parties.

4. Data Sharing and Disclosure

We respect your privacy and do not sell or share your personal data with third parties for marketing or advertising purposes. However, we may share your information in the following limited circumstances:

Service Providers and Third-Party Processors: We use third-party services to help us operate Obserra efficiently. These providers only process data as necessary to perform their functions and are contractually obligated to protect your information. The key third parties we use include:

• Stripe (Payments Processing): Handles payment transactions and billing information. We do not store credit card details—these are managed securely by Stripe.
• Analytics: Collects anonymous analytics to monitor feature usage and detect fraud (e.g., abuse of affiliate system). No personally identifiable information (PII) is included in these analytics.
• Cloudflare Turnstile (Bot Prevention): Helps us prevent automated abuse and spam by verifying user interactions.
• Support Services: We use Chatwoot to provide support through live chat on our website. When you start a chat, your messages and any contact details you provide are processed by Chatwoot. Chatwoot is a third-party service that helps us manage support communications, and they are contractually obligated to handle your data securely and in compliance with privacy laws.

Legal and Regulatory Requirements: We may disclose your information if required by law, legal process, or regulatory authority, including:

• To comply with a subpoena, court order, or legal obligation.
• To enforce our Terms of Service or protect our rights.
• To prevent fraud, security threats, or other illegal activities.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to a new entity. We will notify you of any such changes and your choices regarding your data.

Aggregated or Anonymous Data: We may share anonymized or aggregated data that does not personally identify you for research, analytics, or business insights.

We only share data when necessary and ensure appropriate safeguards are in place to protect your information.

5. Data Retention

We retain your personal data only for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Below is an overview of our data retention practices:

User Account Data

• Your name, email, profile picture, and settings are retained for as long as your account remains active.
• If you delete your account, we will remove or anonymize your personal data within 30 days, unless retention is required for legal reasons.

YouTube Activity Data

• Video titles, channel names, and watch durations recorded via the web extension are retained until you delete them from your account or delete your account entirely.

Payment and Transaction Data

• Payment-related data is retained as required by tax and financial regulations. Stripe may store transaction records for compliance purposes, even after you delete your account.

Security and Fraud Prevention Data

• Information related to fraud prevention (e.g., fake referrals) may be stored for up to 12 months to detect patterns of abuse.
• IP addresses used for currency localization are not permanently stored.

Analytics and AI Processing Data

• Anonymous analytics data collected is retained for system performance analysis and fraud prevention but does not contain personally identifiable information.
• AI genre classification data is not stored after processing.

Legal Compliance and Disputes

• If required by law, we may retain certain information beyond the standard retention periods for legal, regulatory, or dispute resolution purposes.

Once data is no longer needed, we securely delete or anonymize it.

6. Data Security

We take data security seriously and implement industry-standard measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. While no system is entirely foolproof, we follow best practices to minimize risks.

Security Measures in Place

• Encryption: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) to prevent interception.
• Secure Storage: Sensitive user data is stored securely with access controls to limit exposure.
• Access Controls: Only authorized personnel have access to user data, and they are bound by strict confidentiality obligations.
• Hashing of Passwords: If passwords are stored, they are securely hashed and never stored in plaintext.
• DDoS Protection: We use Cloudflare's security infrastructure to protect against denial-of-service (DDoS) attacks and other threats.

Third-Party Security

• Stripe (Payments): Handles all financial transactions securely and is PCI-DSS compliant to protect payment data.
• Analytics: Stores only anonymous usage data, ensuring no personally identifiable information (PII) is at risk.
• Cloudflare Turnstile (Bot Prevention): Protects against automated threats without tracking individual users.

User Responsibilities: While we take extensive security precautions, you also play a role in keeping your account secure:

• Use a strong, unique password for your Obserra account.
• Avoid sharing your login credentials.
• Notify us immediately if you suspect any unauthorized access to your account.

Data Breach Response: In the unlikely event of a data breach that compromises personal information, we will:

• Investigate the breach and take corrective action.
• Notify affected users promptly, as required by applicable laws.
• Work with security experts to prevent future breaches.

We continuously review and enhance our security practices to ensure the highest level of data protection.

7. International Data Transfers

Obserra operates globally, and as a result, your data may be transferred to, processed, and stored in countries outside your country of residence. We take appropriate measures to ensure your data remains protected regardless of where it is processed.

Data Storage Locations

• Our servers and primary infrastructure are hosted in Europe.
• Some third-party services we use (e.g., Stripe, Analytics, and Cloudflare) may process data in Europe, the United States or other jurisdictions.

Legal Safeguards for International Transfers: When transferring data outside the UK or European Economic Area (EEA), we ensure that appropriate legal safeguards are in place, such as:

• Standard Contractual Clauses (SCCs): Where required, we use SCCs approved by the European Commission to ensure an adequate level of data protection.
• UK and EU GDPR Compliance: We comply with both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) when handling user data.
• Adequacy Decisions: If data is transferred to a country with an adequacy decision (e.g., countries recognized by the European Commission as providing an adequate level of protection), no additional safeguards are required.

Your Rights and Protection: Regardless of where your data is processed, we apply strict security measures to protect your information and uphold your privacy rights. If you have concerns about international data transfers, you may contact us for more information.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal data under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Privacy Act (CCPA) (where applicable).

Your Data Protection Rights: You may have the following rights concerning your personal data:

• Right to Access - You can request a copy of the personal data we hold about you.
• Right to Rectification - You have the right to request corrections to any inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten") - You can request the deletion of your personal data, subject to certain exceptions (e.g., legal or regulatory obligations).
• Right to Restrict Processing - In some cases, you may request that we limit how we process your data.
• Right to Data Portability - You can request your personal data in a structured, commonly used format and transfer it to another service.
• Right to Object - You may object to the processing of your personal data when we process it based on legitimate interests.
• Right to Withdraw Consent - If we rely on your consent to process your data, you can withdraw that consent at any time.

How to Exercise Your Rights: To exercise any of these rights, you can contact us at [email protected]. We will respond to your request within the timeframes required by applicable laws.

• Identity Verification: To protect your data, we may need to verify your identity before processing your request.
• Response Time: We typically respond within 30 days unless an extension is required due to the complexity of the request.

Rights Under the CCPA (For California Residents): If you are a California resident, you may have additional rights under the CCPA, including the right to opt out of the sale of personal data. However, Obserra does not sell personal data to third parties.

Lodging a Complaint: If you believe your data protection rights have been violated, you have the right to file a complaint with:

• The UK Information Commissioner’s Office (ICO) if you are in the UK.
• The relevant data protection authority in your EU country.
• Your local regulatory body if outside the UK/EU.

We encourage you to contact us first to resolve any concerns.

9. Cookies and Tracking Technologies

Obserra uses minimal tracking technologies to ensure the functionality, security, and improvement of our Services. We do not use cookies for advertising or intrusive tracking.

Types of Tracking Technologies We Use: We use the following types of tracking technologies:

• Essential Cookies: These are required for the operation of our Services, such as authentication and security (e.g., Cloudflare Turnstile for bot prevention).
• Analytics Tools: We collect anonymous usage data and monitor feature performance. No personally identifiable information (PII) is included.

Third-Party Cookies and Services: While we do not use third-party tracking for advertising, some third-party services we integrate with may use cookies:

• Cloudflare Turnstile may set temporary cookies to distinguish between human users and bots.
• Stripe Checkout may use cookies for secure transaction processing.

Managing Cookies: Since we use only essential and anonymous analytics tracking, there is no requirement for cookie consent pop-ups under GDPR and UK privacy laws. However, you can manage or block cookies through your browser settings if desired.

Do Not Track (DNT) Signals: Obserra does not track users across third-party websites, and we do not respond to Do Not Track (DNT) signals, as we do not engage in cross-site tracking.

10. Children's Privacy

Obserra is not intended for use by individuals under the age of 13 (or the equivalent minimum age in applicable jurisdictions, such as 16 in parts of the European Union). We do not knowingly collect personal data from children.

If You Are a Parent or Guardian: If you believe that a child has provided us with personal data without parental consent, please contact us at [email protected], and we will take appropriate action, including deleting the information.

Compliance with Applicable Laws

• In the United States, we comply with the Children's Online Privacy Protection Act (COPPA), which prohibits the collection of personal data from children under 13 without verifiable parental consent.
• In the EU and UK, we comply with GDPR rules, which require parental consent for processing personal data of children under 16 (or lower if set by individual member states, but never below 13).

Preventative Measures: To prevent accidental use by children, we do not market our Services to minors, and our platform is designed for users who manage their own digital habits.

11. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of our Services. When we make material changes, we will post the updated Privacy Policy on our website with a revised "Last Updated" date.

How We Notify You

• We will notify users of significant changes by displaying a prominent notice on our website or via email.
• For non-material changes, we may update the Privacy Policy directly without further notice.

Your Continued Use : By continuing to use our Services after the changes take effect, you accept the updated Privacy Policy. If you do not agree to the updated terms, you should stop using our Services and may request the deletion of your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at [email protected]

We are committed to addressing your privacy concerns and ensuring a transparent experience with our Services.