Skip to main content
leapedge.clip

Privacy notice

Privacy.

Effective:

What we collect

Email and display name (account); timezone (for local-date daily reports); video URLs you paste and the analysis output we generate from them; insights you choose to save; subscription state (billing). No browser fingerprinting and no third-party trackers beyond Google Analytics 4 (pageviews only, no PII).

Legal basis (EU/UK GDPR)

If you are in the EU, UK, or EEA: we process your account email, display name, and timezone under Article 6(1)(b) (performance of the contract you entered when you signed up). We process the video URLs you paste and resulting analyses under the same lawful basis — they are the service. We process Google Analytics pageview events under Article 6(1)(f) (legitimate interest in product improvement, balanced against minimal-PII collection — no uid or query strings sent). Stripe handles payment data under its own Article 6(1)(b) basis; we never see card numbers.

Your rights (EU/UK GDPR & California CCPA/CPRA)

  • Access / Know: request a copy of the data we hold about you.
  • Rectification / Correct: fix inaccurate data — profile fields are editable in Settings.
  • Erasure / Delete: Settings → Danger Zone deletes your Firestore data and Firebase Auth record together. Stripe records persist per its own retention policy.
  • Restriction / Objection: opt out of the daily digest in Settings; pause analytics via browser DNT or by signing out.
  • Portability: saved insights are visible at /action-items. A bulk export is on the roadmap — email us if you need it sooner.
  • No sale / share (CCPA):we do not sell or share personal information for cross-context behavioural advertising. No “Do Not Sell” link is required.

To exercise any right, email ivan@atanexus.com. We respond within 30 days (GDPR) or 45 days (CCPA). EU/UK residents have the right to lodge a complaint with their supervisory authority.

International data transfers

The processors below are US-based. Where your data leaves the EU/UK, transfers rely on the European Commission's Standard Contractual Clauses (Google, Stripe) or equivalent adequacy decisions. We minimise transferred fields to what each processor needs to operate the service.

How we use it

Authenticate you (Firebase Auth); run the analysis pipeline (Gemini, server-side only); send the optional daily-digest email; surface your saved insights back to you.

Processors we share with

Firebase Auth and Firestore (Google), Stripe (billing), Google Gemini (LLM via @google/genai), Resend via the Firebase Trigger Email extension (mail delivery), Google Analytics 4 (pageviews), Sentry (error monitoring). All are reputable processors with published privacy commitments.

Retention

Email outbox: 30 days then auto-deleted by the Firebase extension. Analyses and saved insights: kept until you delete your account. Auth records: managed by Firebase Auth's own retention policy.

Cookies

One first-party session cookie (__session, HttpOnly, 7-day TTL). Google Analytics 4 sets its standard _ga and _gid cookies — opt out via browser DNT or by signing out.

Contact

Privacy questions: ivan@atanexus.com.