Privacy Policy

Last updated: April 2026

ICO Registered Data Controller
TubeCMS is registered with the UK Information Commissioner's Office. Registration: ZC099195

1. Introduction

TubeCMS ("we", "our", or "us") operates a hosted website platform for YouTube creators at tubecms.app. When you sign up, we provide you with a fully managed website at {yourname}.tubecms.app that automatically syncs with your YouTube channel.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform. Because TubeCMS is a hosted service (Software as a Service), we store and process your data on our infrastructure (hosted on Microsoft Azure) — unlike self-hosted software, your information is managed by us.

By creating an account or using our platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Account Information

When you sign up for TubeCMS, we collect:

  • Email address — used for authentication, transactional emails, and account recovery
  • Authentication — we use passwordless magic links sent to your email; no passwords are stored
  • Site slug — your chosen subdomain (e.g., yourname.tubecms.app)
  • Plan selection — your current subscription plan (Free, Starter, or Pro)

2.2 YouTube Data

When you connect your YouTube channel via Google OAuth, we access and store:

  • OAuth tokens — access and refresh tokens that allow us to communicate with the YouTube API on your behalf
  • Channel identifier — your YouTube channel ID, used to associate your channel connection with your TubeCMS site
  • Channel information — your channel name, description, subscriber count, and profile image
  • Video metadata — titles, descriptions, thumbnails, tags, publication dates, view counts, and other video metadata returned by the YouTube API for your channel (we only publish public videos)

We access your YouTube data solely to populate and keep your TubeCMS site up to date. The YouTube API may return metadata for all videos on your channel, including private and unlisted videos; however, we do not store or display private or unlisted videos. Any non-public video metadata returned by the API is not imported into your site and is not retained beyond transient processing required to perform the sync. We do not log OAuth tokens or store raw API responses longer than necessary to complete the sync. We do not access your revenue data or any information beyond what is necessary to operate the service.

2.2.2 YouTube Analytics (Media Kit)

If you enable the Media Kit feature (Pro plan), we request an additional YouTube permission (yt-analytics.readonly) to access your YouTube Analytics data. This is a separate, opt-in step — you are prompted to grant this permission only when you choose to enable the Media Kit, and it is not required for any other part of the service.

When granted, we access:

  • Audience demographics — age group and gender distribution of your viewers (last 90 days)
  • Geographic data — top countries by view count (last 90 days)
  • Engagement metrics — views, likes, comments, shares, and average view duration (last 90 days)
  • Watch time — total estimated minutes watched (last 90 days)
  • Subscriber trends — monthly subscribers gained and lost (last 12 months)

This data is cached on our servers for up to 24 hours and is used solely to generate your media kit page and downloadable PDF. We do not access your revenue data (yt-analytics-monetary.readonly is not requested). You can revoke this permission at any time by disconnecting and reconnecting your YouTube channel with only the standard permissions.

Refresh tokens are encrypted at rest and access is restricted to the TubeCMS service.

You can disconnect your YouTube channel at any time from your admin panel. When you disconnect — or if you revoke TubeCMS's access via your Google account settings — we delete YouTube API data from our active systems, including cached video metadata, thumbnails, view counts, and OAuth tokens. Any custom video annotations, tags, and featured video selections you created are also deleted, as they are associated with the YouTube data. Residual copies may remain in encrypted backups for up to 30 days and in CDN caches for a limited period before expiring.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.2.1 Sharing, transfer, and disclosure of Google user data

We do not sell, share, transfer, or disclose Google user data to any third parties, except in the following limited circumstances:

  • Displaying your content — video metadata (titles, descriptions, thumbnails, view counts) obtained from the YouTube API may be displayed publicly on your TubeCMS site only for videos you choose to display (e.g., videos not marked as hidden in your admin settings). This is the core purpose of the service you have authorised. This means visitors to your site (and search engines) may view that published content.
  • Media Kit — if you enable the Media Kit feature, YouTube Analytics data (audience demographics, geographic data, engagement metrics, watch time, and subscriber trends) may be displayed on your public media kit page and included in your downloadable media kit PDF. You control which sections are visible and can disable the page at any time. This data is only displayed because you have explicitly opted in.
  • Infrastructure providers — Google user data may be processed by our hosting provider (Microsoft Azure) and CDN (Cloudflare) solely as part of operating the service. These providers act as data processors and do not have independent access to or use of your Google data.
  • Legal requirements — we may disclose Google user data if required to do so by law, court order, or governmental authority.

We do not use Google user data for advertising, analytics, determining creditworthiness, lending, or any purpose unrelated to providing and operating your TubeCMS site. OAuth tokens are stored securely within your tenant's isolated data and are used exclusively to communicate with the YouTube API on your behalf.

TubeCMS staff do not read your Google user data unless (a) you have given us explicit permission (e.g., when requesting support), (b) it is necessary for security purposes such as investigating abuse, or (c) we are required to do so by law.

2.3 Instagram Data

If you connect your Instagram account via Instagram Login, we access and store:

  • OAuth tokens — access tokens that allow us to communicate with the Instagram API on your behalf
  • Account identifier — your Instagram user ID, used to associate your connection with your TubeCMS site
  • Profile information — your Instagram username, profile picture URL, and follower count
  • Post metadata — captions, media type, image/thumbnail URLs, permalinks, publication dates, like counts, and comment counts for your posts

We access your Instagram data solely to populate and keep your TubeCMS site up to date. We request the instagram_business_basic permission, which provides read-only access — we cannot publish, delete, or modify any content on your Instagram account.

Instagram requires a Business or Creator account for API access. Personal Instagram accounts cannot be connected.

You can disconnect your Instagram account at any time from your admin panel. When you disconnect, we delete your stored OAuth tokens, profile information, and all synced post data from our active systems. Residual copies may remain in encrypted backups for up to 30 days. If you deauthorize TubeCMS from your Instagram settings, we process the deauthorization callback from Meta and automatically remove your data.

If Meta sends a data deletion request on your behalf, we delete all Instagram tokens and synced posts and return a confirmation code as required by Meta’s platform policies.

2.4 TikTok Data

If you connect your TikTok account via TikTok Login, we access and store:

  • OAuth tokens — access and refresh tokens that allow us to communicate with the TikTok API on your behalf
  • Account identifier — your TikTok open ID and unique ID
  • Profile information — your TikTok username, display name, avatar URL, follower count, and profile deep link
  • Video metadata — titles, descriptions, cover images, share URLs, durations, publication dates, view counts, like counts, comment counts, and share counts for your public videos

We access your TikTok data solely to populate and keep your TubeCMS site up to date. We request the user.info.basic, user.info.stats, and video.list scopes, which provide read-only access — we cannot publish, delete, or modify any content on your TikTok account.

You can disconnect your TikTok account at any time from your admin panel. When you disconnect, we delete your stored OAuth tokens, profile information, and all synced video data from our active systems. Residual copies may remain in encrypted backups for up to 30 days.

2.5 Fourthwall Data

If you connect a Fourthwall merch store to your TubeCMS site via OAuth, we access and store:

  • OAuth tokens — access and refresh tokens that allow us to communicate with the Fourthwall API on your behalf
  • Shop name — your Fourthwall shop name, used to display your merch page

Product data (titles, images, prices, availability) is fetched live from the Fourthwall API when visitors view your merch page and is not permanently stored on our servers.

You can disconnect your Fourthwall store at any time from your admin panel. When you disconnect, we permanently delete your stored OAuth tokens and shop name.

2.6 Shopify Data

If you connect a Shopify store to your TubeCMS site via OAuth, we access and store:

  • OAuth access token — allows us to communicate with the Shopify Admin API on your behalf
  • Shop domain — your Shopify store domain (e.g., yourstore.myshopify.com), used to display your merch page

We request only the read_products scope, which provides read-only access to your product catalogue. We cannot modify products, process orders, or access customer data on your Shopify store.

Product data (titles, images, prices, inventory status) is fetched live from the Shopify Admin API when visitors view your merch page and is cached in memory for a short period. It is not permanently stored on our servers.

You can disconnect your Shopify store at any time from your admin panel. When you disconnect, we permanently delete your stored access token and shop domain.

2.7 Etsy Data

If you add an Etsy shop to your TubeCMS site, we store:

  • Shop name — your Etsy shop name, used to fetch and display your listings

Product data (titles, images, prices, availability) is fetched from the Etsy API using read-only access when visitors view your merch page and is cached in memory for a short period. It is not permanently stored on our servers. We cannot modify listings, process orders, or access customer data on your Etsy shop.

You can remove your Etsy shop at any time from your admin panel. When you remove it, we delete your stored shop information.

2.8 Site Content

Content you create and manage through your TubeCMS admin panel is stored on our platform, including:

  • Blog posts, updates, and CMS pages
  • Uploaded media (images, favicons)
  • Site settings and customisation preferences (theme, colours, SEO metadata)

2.9 Analytics Data

TubeCMS includes built-in, first-party analytics. We collect the following data for all plans (the level of detail shown in your dashboard varies by plan):

  • Page views — which pages on your site are visited
  • Referrer information — the website or source that directed a visitor to your site
  • Browser and device type — generalised user agent information
  • Country — derived from your IP address at the time of your visit; the IP address itself is not stored

We do not store visitor IP addresses in TubeCMS Analytics reports; however, IP addresses may be processed and retained in our own platform security logs (e.g., login attempts, account deletion records) and by our infrastructure providers (Cloudflare and Azure Application Insights) for security, fraud prevention, and abuse detection.

We do not use any third-party tracking scripts, advertising pixels, or cross-site trackers. Analytics data is stored per-tenant and is only visible to the site owner.

2.10 Contact Form Submissions

If a visitor submits a message through the contact form on your TubeCMS site, we store:

  • The visitor's name and email address (as provided by them)
  • The message content

This data is stored within your tenant database and is accessible only to you as the site owner. A notification email is sent to you via Resend when a new submission is received.

2.11 Email Newsletter Subscribers

If a creator enables email subscriptions on their site (available on Starter and Pro plans), visitors may subscribe to receive blog posts, new video alerts, and live stream notifications by email. When a visitor subscribes, we collect:

  • Email address — provided by the visitor through the subscription form on the creator's site
  • Subscription status — whether the subscriber has verified their email, is pending verification, or has unsubscribed
  • Timestamps — when the visitor subscribed, verified, and (if applicable) unsubscribed

We use a double opt-in process: after a visitor enters their email address, we send a verification email with a confirmation link. The subscriber is only added to the mailing list once they click the link. Verification links expire after 48 hours.

Subscriber email addresses are stored within the creator's isolated tenant data and are also shared with Resend (see Section 4.5) to deliver emails. When a creator sends a newsletter or video notification to subscribers, Resend delivers the email on our behalf.

Subscribers can unsubscribe at any time via the unsubscribe link included in every email. Unsubscribes are processed both in our database and in Resend's audience management.

TubeCMS is the data controller for subscriber data. We collect and manage subscriber email addresses as part of providing the newsletter service. Creators can see aggregate subscriber statistics (counts and trends) but do not have access to individual subscriber email addresses. The lawful basis for processing subscriber data is consent, obtained through the double opt-in process. Subscribers may withdraw consent at any time by unsubscribing.

2.12 Payment Information

If you subscribe to a paid plan (Starter or Pro), payment is processed by Stripe. We store a Stripe customer identifier to manage your subscription, but we do not store your credit card number, CVV, or full card details on our servers. All payment data is handled directly by Stripe in accordance with PCI DSS standards.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the service — create your site, sync your YouTube channel and connected social accounts (Instagram, TikTok), serve your content to visitors
  • Authenticate you — verify your identity when you sign in to your admin panel
  • Send transactional emails — magic link sign-in emails, welcome emails, subscription verification emails, and important account notifications
  • Deliver newsletter emails — send blog posts to subscribers on your behalf when you choose to broadcast
  • Process payments — manage your subscription and billing through Stripe
  • Generate AI blog posts — when you choose to create a blog post from a video, we send the video’s transcript and title to our AI provider (Anthropic) to generate the article (see Section 4.9)
  • Provide analytics — show you first-party visitor statistics for your site
  • Improve the platform — understand usage patterns to fix bugs and develop new features
  • Ensure security — detect and prevent abuse, fraud, and unauthorised access
  • Comply with legal obligations — respond to lawful requests from authorities where required

We will never sell your personal information to third parties. We do not use your data for advertising or profiling purposes.

Lawful bases

Under the UK GDPR and EU GDPR, we process personal data on the following legal bases: (a) contract — to perform our contract with you (providing the Service, processing payments, sending transactional emails); (b) legal obligation — to comply with applicable laws (e.g., financial record-keeping); and (c) legitimate interests — for security, fraud prevention, service reliability, and first-party analytics, where those interests are not overridden by your rights. Where consent is required, we will request it explicitly and you may withdraw it at any time.

Controller and processor roles

TubeCMS is the data controller for Account data, platform operations, and email newsletter subscriber data. For content you publish on your Site and contact form submissions from your Visitors, you are the controller and TubeCMS acts as your processor, processing that data only to host and operate your Site and provide the Service.

4. Third-Party Services

We use the following third-party services to operate TubeCMS. Each has its own privacy policy governing their handling of your data:

4.1 Cloudflare

We use Cloudflare for content delivery (CDN), DDoS protection, and security. Cloudflare processes request data (IP addresses, headers) to route and protect traffic to our platform. We also use Cloudflare Turnstile for bot protection on signup, login, and contact forms. Turnstile may process browser signals to verify that visitors are human; it does not use tracking cookies or advertising identifiers.

On our marketing website (tubecms.app), we use Cloudflare Web Analytics to collect anonymous usage statistics such as page views, referrers, and browser information. Cloudflare Web Analytics does not use cookies, does not collect personal data, and does not track visitors across websites.

Cloudflare Privacy Policy

4.2 Google OAuth (YouTube API)

We use Google OAuth to allow you to connect your YouTube channel. When you authorise TubeCMS, Google shares an access token and, where applicable, a refresh token along with basic channel information. We request the youtube.readonly scope to read your channel and video data. This scope may return metadata for all videos, including private and unlisted; we only store and display public videos (see Section 2.2).

If you enable the Media Kit feature, we request an additional yt-analytics.readonly scope via a separate consent prompt. This provides read-only access to your YouTube Analytics data (demographics, geography, engagement, watch time, and subscriber trends). We do not request the yt-analytics-monetary.readonly scope and therefore cannot access your revenue data. See Section 2.2.2 for full details.

If you revoke TubeCMS's access from your Google account settings, we delete stored tokens and cached YouTube data when we detect the revocation (typically on the next sync attempt). See Section 2.2 for full details.

Google Privacy Policy

4.3 Meta (Instagram API)

We use the Instagram API with Instagram Login (provided by Meta Platforms, Inc.) to allow you to connect your Instagram account. When you authorise TubeCMS, Instagram provides an access token and basic profile information. We request the instagram_business_basic permission to read your profile and post data. This is read-only access — we cannot publish or modify content on your account.

If you deauthorize TubeCMS from your Instagram settings, Meta sends a callback to our servers and we automatically remove your stored tokens and data. Meta may also send data deletion requests on your behalf, which we process by deleting all Instagram data and returning a confirmation code.

Instagram Privacy Policy

4.4 TikTok

We use the TikTok Login Kit and Content Posting API (provided by TikTok Pte. Ltd. / ByteDance) to allow you to connect your TikTok account. When you authorise TubeCMS, TikTok provides access and refresh tokens along with basic profile information. We request user.info.basic, user.info.stats, and video.list scopes to read your profile, follower statistics, and video data. This is read-only access — we cannot publish or modify content on your account.

If you revoke TubeCMS’s access from your TikTok account settings, we delete stored tokens and cached TikTok data when we detect the revocation.

TikTok Privacy Policy

4.5 Resend

We use Resend to send transactional emails, including magic link sign-in emails, welcome emails, and contact form notifications. Resend processes recipient email addresses and message content to deliver these emails on our behalf.

We also use Resend Audiences to manage email newsletter subscribers and deliver broadcast emails on behalf of site owners. When a visitor subscribes to a creator's newsletter, their email address is added to a Resend Audience associated with that creator's site. When the creator sends a newsletter, Resend delivers the broadcast email to all verified subscribers in the audience. Resend provides built-in unsubscribe link handling in broadcast emails.

Resend Privacy Policy

4.6 Fourthwall

If you connect a Fourthwall merch store, we use the Fourthwall API to fetch your product catalogue and display it on your site. We store OAuth tokens securely within your tenant's isolated data and fetch product data live on each page view. No visitor data is shared with Fourthwall through this integration.

Fourthwall Privacy Policy

4.7 Shopify

If you connect a Shopify store, we use the Shopify Admin API to fetch your product catalogue and display it on your site. We store your OAuth access token securely within your tenant's isolated data and fetch product data live on each page view. We request only the read_products scope (read-only access to products). No visitor data is shared with Shopify through this integration.

Shopify Privacy Policy

4.8 Etsy

If you add an Etsy shop, we use the Etsy API to fetch your active listings and display them on your site. Product data is fetched live on each page view using read-only access. No visitor data is shared with Etsy through this integration.

Etsy Privacy Policy

The term “Etsy” is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.

4.9 Microsoft Azure

TubeCMS is hosted on Microsoft Azure. Azure provides the compute, storage, and networking infrastructure that runs the platform. We also use Azure Application Insights to collect server-side diagnostic data (such as request URLs, response times, errors, and IP addresses) to monitor performance and reliability. No client-side tracking scripts are used.

Microsoft Privacy Statement

4.10 Stripe

We use Stripe to process subscription payments for paid plans (Starter and Pro). When you enter payment details, they are sent directly to Stripe and are never transmitted to or stored on our servers.

Stripe Privacy Policy

4.11 Anthropic (AI Blog Post Generation)

When you use the AI blog post feature, we send the video’s transcript text and title to Anthropic (the company behind the Claude AI model) to generate a blog article. This is an optional feature that you choose to use — no data is sent to Anthropic unless you click the button to generate an article.

The transcript is not stored by TubeCMS after generation; it is fetched, sent to Anthropic, and discarded. Only the resulting article is saved as a draft in your admin panel. Under Anthropic’s API terms, inputs and outputs sent via their API are not used to train their models.

Anthropic Privacy Policy

International transfers

Our infrastructure providers may process personal data outside the UK and EEA. Where this occurs, we rely on appropriate safeguards (such as standard contractual clauses and/or adequacy decisions) to protect personal data in accordance with applicable data protection law.

5. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:

  • Tenant isolation — each TubeCMS site's data is isolated using database-level security policies. Your data is filtered and protected at the database layer, ensuring no other tenant can access it.
  • Encryption in transit — all connections to TubeCMS are encrypted via HTTPS/TLS. We enforce HSTS with a one-year maximum age.
  • Passwordless authentication — we use magic links sent via email instead of passwords, eliminating the risk of password theft or credential stuffing.
  • OAuth token storage — YouTube, Instagram, TikTok, Fourthwall, and Shopify OAuth tokens are stored securely within your tenant's isolated data and are used only to communicate with their respective APIs.
  • Upload security — uploaded files are validated by magic bytes and extension allowlist, SVG files are sanitised to remove scripts and event handlers, and file sizes are enforced per plan.
  • Content Security Policy — we enforce a strict CSP header to mitigate cross-site scripting attacks.
  • Rate limiting — login, signup, and contact form endpoints are rate-limited to prevent abuse.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any vulnerabilities or breaches.

6. Your Rights

Depending on your location, you may have the following rights under applicable data protection laws, including the General Data Protection Regulation (GDPR):

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete personal data
  • Right to erasure — request deletion of your personal data (see also Section 8 on data retention)
  • Right to restrict processing — request that we limit how we use your data in certain circumstances
  • Right to data portability — request your data in a structured, commonly used, machine-readable format
  • Right to object — object to our processing of your personal data for certain purposes
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at privacy@tubecms.app. We will respond to your request within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For UK users, this is the Information Commissioner’s Office (ICO). TubeCMS is registered with the ICO under registration number ZC099195.

You can also take the following actions directly from your TubeCMS admin panel:

  • Disconnect your YouTube channel — revokes OAuth access and deletes stored tokens and video metadata
  • Disconnect your Instagram account — deletes stored OAuth tokens, profile data, and all synced post data
  • Disconnect your TikTok account — deletes stored OAuth tokens, profile data, and all synced video data
  • Disconnect your Fourthwall store — deletes stored OAuth tokens and shop name
  • Disconnect your Shopify store — deletes stored access token and shop domain
  • Remove your Etsy shop — deletes stored shop information
  • Delete your account — permanently removes your tenant, database, uploaded files, and all associated content (see Section 8 for details on minimal records we retain)

7. Cookies

TubeCMS uses only essential cookies that are strictly necessary for the platform to function. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics.

The cookies we set include:

  • Authentication cookie — keeps you signed in to your admin panel. This is a session cookie set when you log in and removed when you log out or it expires.
  • Anti-forgery token (CSRF) — protects form submissions against cross-site request forgery attacks. This is a security cookie required by the framework.

Cloudflare and Cloudflare Turnstile may also set strictly necessary security cookies or signals to distinguish genuine visitors from bots. These do not track users across websites.

Because all cookies used on the platform are strictly necessary for the operation or security of the service and do not track users across websites, they do not require consent under GDPR or the ePrivacy Directive. No cookie banner is necessary.

8. Data Retention

We retain your data for as long as your account is active and as needed to provide you with our services:

  • Account data — retained for the lifetime of your account. When you delete your account, all associated data is removed from our active systems, including your database, uploaded files, and tenant directory.
  • YouTube data — retained while your channel is connected. If you disconnect your channel or revoke access, we delete OAuth tokens and all cached YouTube data (video metadata, thumbnails, view counts, and any custom annotations or tags) from our active systems. Residual copies may remain in encrypted backups for up to 30 days.
  • Instagram data — retained while your account is connected. If you disconnect your Instagram account, we delete OAuth tokens, profile data, and all synced posts from our active systems. If you deauthorize TubeCMS from Instagram or Meta sends a data deletion request, we process it automatically. Residual copies may remain in encrypted backups for up to 30 days.
  • TikTok data — retained while your account is connected. If you disconnect your TikTok account, we delete OAuth tokens, profile data, and all synced videos from our active systems. Residual copies may remain in encrypted backups for up to 30 days.
  • Fourthwall data — OAuth tokens and shop name are retained while your store is connected. If you disconnect your Fourthwall store, tokens and shop name are deleted immediately. Product data is fetched live and is not stored.
  • Shopify data — your access token and shop domain are retained while your store is connected. If you disconnect your Shopify store, the token and domain are deleted immediately. Product data is fetched live and is not stored.
  • Etsy data — shop information is retained while your shop is added. If you remove your Etsy shop, shop information is deleted immediately. Product data is fetched live and is not stored.
  • Analytics data — retained for the lifetime of your account. Raw page view records (which do not contain IP addresses) are automatically deleted after 30 days. Aggregated daily statistics are kept indefinitely.
  • Newsletter subscriber data — retained within your tenant database for the lifetime of the subscription. Unsubscribed records are marked as unsubscribed and retained for suppression purposes (to avoid re-subscribing someone who opted out). Subscriber data is also held in the associated Resend Audience; Resend handles suppression of unsubscribed contacts automatically. When you delete your account, all subscriber data is removed from our database and the associated Resend Audience is deleted.
  • Contact form submissions — retained within your tenant database until you delete them or delete your account.
  • Payment records — Stripe customer identifiers are retained for as long as needed to manage your subscription and comply with financial record-keeping obligations. Stripe retains payment data in accordance with its own retention policies.
  • Deleted accounts — when an account is deleted (whether by you or through account management), we remove all tenant data (database, uploads, configuration) from our infrastructure. We retain a minimal audit record of the deletion event itself — including your email address, plan, account creation date, IP address, and the date of deletion — for security, fraud prevention, and legal compliance purposes. This record does not include any of your site content, uploaded files, or visitor data. Some data may also persist in encrypted backups for a limited period before expiring.

Where an account is suspended or a subscription is cancelled (e.g., cancellation, failed payment), retention and deletion timelines follow the Terms of Service Section 11 (Data Retention, Export and Deletion).

9. Children's Privacy

TubeCMS is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@tubecms.app and we will promptly delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

  • We will update the "Last updated" date at the top of this page
  • For material changes, we will notify you by email or through a notice on the platform
  • Continued use of TubeCMS after changes take effect constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Business details:
Jonathan Howell t/a TubeCMS
61 Bridge Street, Kington, HR5 3DJ, United Kingdom
ICO registration: ZC099195