Back

Privacy Policy

Last updated: April 30, 2026

1. Introduction

PermaMusic ("we", "us", "our") is a YouTube playlist management tool operated from the European Union. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data Controller

The data controller responsible for your personal data is PermaMusic, reachable via [email protected].

3. Data We Collect

When you use PermaMusic, we collect:

  • Google account data: name, email address, profile picture, and Google ID, obtained through Google OAuth 2.0 authentication.
  • YouTube data: channel information, playlist metadata (titles, privacy status, thumbnails), and video metadata (titles, positions, uploader names, thumbnails). We request read-only access and never modify your YouTube content.
  • Technical data: IP address, browser user agent, and session information, stored in our database-backed session system.
  • Cookies: a session cookie for authentication, a theme preference cookie (light/dark/system), and a sidebar state cookie.
  • Analytics data (with consent): if you accept analytics cookies, we collect anonymized usage data such as page views, session duration, and general interaction patterns via Google Analytics and PostHog. This data is not linked to your personal identity.

4. Legal Basis for Processing

We process your data based on:

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR): session management, security measures, and service improvement.
  • Consent (Art. 6(1)(a) GDPR): analytics cookies are only activated after you explicitly accept them via the cookie banner. You can withdraw consent at any time by clearing your browser cookies.

5. How We Use Your Data

  • Authenticate you via Google OAuth
  • Sync and display your YouTube playlist and video data
  • Detect deleted videos and attempt to recover their titles
  • Send a welcome email when you create your account
  • Maintain your session and preferences

6. Third-Party Services

We share data with the following third parties:

  • Google / YouTube API: to authenticate you and fetch your playlist data (read-only). Subject to Google's Privacy Policy.
  • Resend: to deliver transactional emails (welcome email). Your email address and name are shared.
  • Cloudflare: for encrypted database backups stored on Cloudflare R2.
  • Filmot (filmot.com): to recover titles and channel names of deleted YouTube videos. Only video IDs are shared, no personal data.
  • findyoutubevideo.thetechrobo.ca: to recover titles of deleted YouTube videos as a fallback source. Only video IDs are shared, no personal data.
  • Google Analytics: if you accept analytics cookies, anonymized usage data (page views, session duration) is sent to Google. Subject to Google's Privacy Policy.
  • PostHog: if you accept analytics cookies, anonymized usage data is sent to PostHog for product analytics. Subject to PostHog's Privacy Policy.

We do not sell your data to any third party.

7. Data Security

Your YouTube OAuth tokens are encrypted at rest. Sessions use HTTP-only cookies with CSRF protection. All connections are served over HTTPS.

8. Data Retention

We retain your data for as long as your account is active. You remain logged in until you explicitly log out. When you delete your account, all associated data (channel, playlists, videos, sessions) is permanently deleted from our systems.

9. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten") — available via account deletion in settings
  • Restrict processing of your data
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time by revoking Google OAuth access or deleting your account

To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the updated policy.