Privacy Policy
Last updated: February 22, 2026
Introduction
Youfiliate (“we,” “us,” or “our”) operates the website youfiliate.com and the Youfiliate application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service.
Youfiliate is operated from Portugal, within the European Union. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
By using our Service, you acknowledge that you have read and understood this Privacy Policy.
Data Controller
Youfiliate Lisbon, Portugal Contact: andrew@youfiliate.com
What Data We Collect
Account Data
When you create an account, we collect:
- Email address
- Password (stored in hashed form; we never store or have access to your plaintext password)
- Name (if provided)
Payment Data
When you subscribe to a paid plan, payment is processed by Stripe, Inc. We do not store your credit card number, CVC, or full payment details on our servers. Stripe handles all payment processing in compliance with PCI-DSS standards. We receive and store:
- Stripe customer ID
- Subscription status and plan type
- Billing email
- Last four digits of your payment method (for display purposes)
For more information, see Stripe’s Privacy Policy.
YouTube Channel Data
Our Service analyzes publicly available YouTube channel data to identify and report on affiliate links. This includes:
- Publicly available video titles, descriptions, and metadata
- Affiliate links found in public video descriptions
We do not access private YouTube account data. We do not use YouTube OAuth or require access to your YouTube account. All data we analyze is publicly accessible.
Usage Data
We automatically collect certain information when you use our Service:
- IP address
- Browser type and version
- Pages visited and features used
- Date and time of access
- Referring URL
Cookies
We use essential cookies required for the Service to function (e.g., session authentication). We may also use analytics cookies with your consent. You can manage cookie preferences through your browser settings.
How We Use Your Data
We use your personal data for the following purposes:
- To provide the Service — creating and managing your account, processing subscriptions, delivering channel analysis and affiliate link reports.
- To process payments — managing billing and subscriptions through Stripe.
- To communicate with you — sending transactional emails (account confirmations, password resets, billing notifications) via SendGrid.
- To send marketing communications — with your explicit consent, sending product updates, tips, and newsletters. You can unsubscribe at any time.
- To improve the Service — analyzing usage patterns to improve features and user experience.
- To ensure security — detecting and preventing fraud, abuse, and unauthorized access.
Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract performance — processing necessary to provide you the Service you signed up for (account data, payment data, channel analysis).
- Consent — for marketing emails and non-essential cookies. You may withdraw consent at any time.
- Legitimate interest — for usage analytics, security, and Service improvement, where our interests do not override your rights.
Who We Share Data With
We share personal data only with the following categories of service providers, who act as data processors on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment method details |
| SendGrid | Transactional and marketing email | Email address, name |
| Render | Application hosting | Data stored in our database |
| ScraperAPI | Web data collection | Public YouTube URLs |
| Vercel | Frontend hosting | IP address, usage data |
We do not sell your personal data to third parties. We may disclose data if required by law or to protect our legal rights.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
- Account data — retained until you delete your account.
- Payment data — retained as required for tax and legal obligations (typically 7 years for financial records).
- Usage data — retained for up to 24 months, then anonymized or deleted.
- Marketing consent records — retained as long as consent is active, plus a reasonable period after withdrawal for record-keeping.
When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data (“right to be forgotten”).
- Restriction — request that we limit processing of your data.
- Portability — request your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — withdraw consent for marketing emails or cookies at any time.
To exercise any of these rights, contact us at andrew@youfiliate.com. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD) at www.cnpd.pt.
International Data Transfers
Some of our service providers (Stripe, SendGrid, Render, Vercel, ScraperAPI) are based in the United States. Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider’s participation in recognized data protection frameworks.
Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted data transmission (TLS/HTTPS)
- Hashed password storage
- Access controls and authentication
- Regular security reviews
No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us at andrew@youfiliate.com.
Children’s Privacy
Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at: