Privacy Policy

When you connect your YouTube account to EidosStack, we access the following Google user data: • YouTube Channel Information: Channel name, channel ID, subscriber count, and channel description • Video Metadata: Video titles, descriptions, tags, thumbnails, and publishing status • Upload Permissions: Authorization to upload videos to your YouTube channel on your behalf • Analytics Data: Basic video performance metrics (views, likes, comments) for videos uploaded through EidosStack We ONLY access data necessary for the core functionality of uploading and managing your video content on YouTube.

When you connect other social media accounts (TikTok, Instagram, Facebook) through any EidosStack product (EidosClip, EidosONE, EidosLumina, etc.), we collect similar data: • Account profile information (username, profile picture, follower count) • Authorization to post content on your behalf • Basic analytics for content posted through EidosStack applications All platform integrations require your explicit authorization through OAuth consent screens. Specifically for TikTok: • When you connect your TikTok account through EidosClip, EidosONE, EidosLumina, or other EidosStack products, we access your TikTok profile information and authorization to upload videos • We only access the minimum permissions required for video upload functionality • Your TikTok credentials and content are never shared with third parties • All EidosStack products use the same secure OAuth integration for TikTok

• Email address (for license delivery and account management) • License key and activation status • Product tier and purchase information • Hardware identifiers (for license validation only)

• Software version and product identifier • Anonymized usage telemetry (feature usage, error reports) • IP address (for license validation and security) • Session data (for active license management) We do NOT collect: • Your video content files • Audio or image files • Scripts or project files • Any media you create or edit

We use your YouTube data ONLY for the following purposes: • Uploading videos: To publish your videos to your YouTube channel when you initiate an upload through any EidosStack product (EidosClip, EidosONE, EidosLumina, etc.) • Managing uploads: To track upload status, update video metadata, and manage your content library • Analytics display: To show you performance metrics for videos uploaded through our platform • Account verification: To verify your YouTube channel ownership and permissions We DO NOT: • Access your YouTube data without your explicit action • Modify or delete your existing YouTube content • Share your YouTube data with third parties (except as required for the upload functionality) • Use your YouTube data for advertising or marketing purposes • Train AI/ML models with your YouTube data

• Validate your software license • Enforce concurrent session limits based on your tier • Provide customer support • Send license-related notifications

• Improve software stability and performance • Fix bugs and technical issues • Develop new features based on usage patterns • Ensure security and prevent abuse

We DO NOT share your Google user data with any third parties, except: • YouTube API: We transmit your video content and metadata directly to YouTube's servers when you initiate an upload. This is necessary for the core functionality of the service. • No other sharing: Your YouTube account information, channel data, and video metadata are never shared with advertisers, data brokers, or other third parties. Your Google user data is used ONLY within EidosStack software running on your own infrastructure.

• Lemon Squeezy (payment processing): We share your email and purchase information with our payment processor to complete transactions. We do not store your credit card information.

We may use the following service providers: • Cloud infrastructure (for license server only): AWS or similar providers host our license validation server • Email service: For sending license keys and account notifications • Analytics: Anonymized usage data for product improvement These providers are contractually obligated to protect your data and use it only for the specified purposes.

We may disclose your information if required by law, court order, or government regulation.

EidosStack is designed as self-hosted software: • Your video content, projects, and media files are stored ONLY on your own computer or server • We do not have access to your content files • All video processing happens locally on your infrastructure

Our license validation server stores: • License keys and activation status • Email addresses (encrypted) • Hardware identifiers (hashed) • Session data (temporary, expires after 24 hours of inactivity) This data is stored on secure servers with: • Encryption at rest (AES-256) • Encryption in transit (TLS 1.3) • Regular security audits • Access controls and authentication • Automated backups

YouTube OAuth tokens and refresh tokens are stored: • Locally on your device/server (encrypted) • Never transmitted to our servers • Used only for API calls to YouTube on your behalf • Automatically refreshed as needed We implement industry-standard security measures to protect your OAuth credentials.

• Google OAuth tokens: Stored until you disconnect your YouTube account or revoke access • License data: Retained for the lifetime of your license plus 7 years for legal compliance • Session data: Automatically deleted after 24 hours of inactivity • Telemetry data: Aggregated and anonymized after 90 days • Email communications: Retained for 2 years

You can request deletion of your data at any time: • YouTube connection: Disconnect your YouTube account in EidosStack settings or revoke access at https://myaccount.google.com/permissions • License data: Email privacy@eidosstack.com to request account deletion • Right to be forgotten: We will delete your personal data within 30 days of your request (except data required for legal compliance) To delete your data: 1. Email privacy@eidosstack.com with subject "Data Deletion Request" 2. Include your email address and license key 3. We will confirm deletion within 30 days

• Inactive licenses: Data for licenses inactive for 3+ years may be archived • Revoked licenses: Associated data deleted after 90 days • Failed sessions: Automatically cleaned up after 24 hours