Privacy Policy

5.1 What we access

• File metadata: name, ID, mimeType, size, modifiedTime, thumbnail link.
• File content (download) only for user-selected files to enable ad creation and uploads.

5.2 What we do not do

• No editing, moving, deleting, or sharing of your Drive files.
• No background scanning or indexing of your Drive — we can only access files you explicitly select. This is enforced at the scope level by drive.file.
• No access to any files beyond those you open or select through the app.

5.3 Data handling, retention, and deletion

• Temporary file copies created for processing are discarded after upload/processing.
• Minimal metadata and optional thumbnails may be cached to improve UX and are automatically purged within 30 days.
• You may disconnect Google Drive access at any time via your Google Account settings; upon disconnect, tokens are revoked and associated Drive identifiers and caches are deleted on our side.

5.4 Compliance (Google API Services User Data Policy)

• We comply with Google's API Services User Data Policy, including Limited Use.
• We do not use Google Drive data to develop, improve, or train generalized AI/ML models.
• Human access to user data is restricted and allowed only with explicit consent, to fulfill legal obligations, or for security/debugging purposes strictly as necessary.
• You can revoke access at any time at myaccount.google.com/permissions.

5.5 YouTube API Access & Use

Scopes used:

• https://www.googleapis.com/auth/youtube — full YouTube account access, required to upload videos and assign them to user-selected playlists
• https://www.googleapis.com/auth/youtube.readonly — read channel identity and fetch the user's playlist library for selection
• https://www.googleapis.com/auth/youtube.upload — upload videos to the user's YouTube channel

When you connect your YouTube account, getsoma.ai allows you to upload video creatives directly to your own YouTube channel from within the platform, streamlining your ad ops workflow.

5.6 What we access

• Channel name, profile picture, and channel ID — displayed in the UI to confirm which account is connected.
• User's playlist list — fetched via youtube.readonly to let the user select a target playlist before uploading.
• Upload capability and playlist assignment — the youtube scope is used exclusively to upload videos and insert them into the user-selected playlist via playlistItems.insert. No other write operations are performed.

5.7 What we do not do

• We do not modify, delete, or manage any existing videos, playlists, channel settings, comments, or subscriptions.
• We do not perform any write operations beyond video upload and playlist assignment.
• We do not upload videos or modify playlists without explicit user action.
• We do not share YouTube data with third parties or use it for advertising targeting or AI/ML purposes.

5.8 Data handling, retention, and deletion

• OAuth tokens are stored encrypted (AES-256 at rest, TLS in transit) and retained until you explicitly disconnect your YouTube account, at which point the token is revoked and deleted from our systems.
• Video files are deleted from our servers immediately upon upload completion or failure — we do not retain your video content.
• Upload action metadata (timestamp, status, video title) is retained for support and audit purposes.

5.9 Compliance (YouTube API Services Terms of Service)

• We comply with the YouTube API Services Terms of Service and Google API Services User Data Policy, including Limited Use requirements.
• We do not use YouTube user data to develop, improve, or train generalized AI/ML models.
• Human access to user data is restricted and allowed only with explicit consent, to fulfill legal obligations, or for security/debugging purposes strictly as necessary.
• You can revoke YouTube access at any time at myaccount.google.com/permissions or from within Soma's account settings.