Privacy Policy

Last Updated: October 28, 2025

Your privacy is our priority. This policy explains exactly what data we collect, how we use it, and your rights.

📑 Quick Navigation

1. Data Collection 2. Data Storage 3. How We Use Data 4. Google OAuth 5. Security Measures 6. Your Rights 7. Cookies & Storage 8. Third-Party Services 9. Legal Compliance

1. 📊 What Data We Collect

✅ Data We DO Collect

Download Logs (Permanent Storage)

File ID: Identifier of the downloaded file
File Name: Name of the file downloaded
IP Address: Your internet connection's IP address
User Agent: Browser and device information
Download Time: Timestamp of when download occurred
Is Free: Whether the file was a free download

Purpose: Track downloads, prevent abuse, and maintain security

Temporary Verification Data (Auto-Deleted)

Access Token: Temporary token from Google (in browser memory only)
Unlock Token: Hashed token proving subscription (expires in 1 hour)
Session Storage: File ID being verified (cleared when tab closes)

Duration: Cleared automatically when browser tab closes or after 1 hour

❌ Data We DO NOT Collect

📧

Google Email Address

We never store your Gmail or Google account email

👤

Google Account Name

Your name or profile information is not stored

🎬

YouTube Channel Name

Your YouTube identity is not saved

🔑

OAuth Access Tokens

Tokens are temporary and never saved to database

🔐

Refresh Tokens

We don't request or store long-term access tokens

🔒

Passwords

We NEVER see or handle your Google password

2. 💾 How We Store Data

🌐 Client-Side (Your Browser)

Data	Storage Location	Duration	Purpose
Access Token	JavaScript variable	Page session only	Check YouTube subscription
File ID	sessionStorage	Until browser tab closed	Track which file to verify
Unlock Token	sessionStorage	1 hour	Prove subscription verified

Note: sessionStorage = Automatically cleared when browser tab closes. NOT permanent storage.

🖥️ Server-Side (Our Database)

// From download_free_file.php (lines 134-143)
INSERT INTO download_logs (
    file_id,          // Which file was downloaded
    file_name,        // File name
    ip_address,       // User's IP address
    user_agent,       // Browser information
    download_time,    // Timestamp of download
    is_free          // Whether file was free (1) or not (0)
)

Why We Store This:

Prevent abuse (excessive downloads from same IP)
Track file popularity and usage statistics
Investigate potential security issues
Comply with legal requirements

3. 🎯 How We Use Your Data

✅ Primary Purpose: Subscription Verification

We use temporary access tokens ONLY to check if you are subscribed to our YouTube channel. Nothing else.

📊 Download Tracking

Download logs help us understand which files are popular and prevent abuse (e.g., excessive downloads).

🔒 Security & Abuse Prevention

IP addresses and timestamps help identify and block malicious activity or automated bots.

⚖️ Legal Compliance

We maintain logs to comply with legal requirements and respond to valid legal requests.

❌ What We DON'T Do With Your Data

We DO NOT sell your data to third parties
We DO NOT share your data with advertisers
We DO NOT send marketing emails (we don't have your email)
We DO NOT track you across other websites
We DO NOT create user profiles for advertising

4. 🔐 Google OAuth 2.0 Process

How Google OAuth Works:

1 You click "Verify Subscription"

Our website redirects you to Google's official servers.

2 Login on Google's Official Site

You log in at accounts.google.com - We NEVER see your password.

3 Grant Permission

Google asks: "Allow this app to check YouTube subscriptions?" - You decide.

4 Google Returns Authorization Code

Google redirects you back to our site with a one-time code (expires in seconds).

5 Server Exchanges Code for Token

Our server securely exchanges the code for a temporary access token (in memory only).

6 Check Subscription Status

We ask YouTube API: "Is this user subscribed?" - Response: Yes or No.

7 Token Deleted, Download Unlocked

Access token is deleted. If subscribed, you get a temporary unlock token for download.

🔒 What Google Knows:

Our website requested to check YouTube subscriptions
Which Google account was used for login
You granted permission to our app

You can revoke this permission anytime at: https://myaccount.google.com/permissions

5. 🛡️ Security Measures

🔐 HTTPS Encryption

All data transmitted between your browser and our server is encrypted using TLS/SSL (HTTPS protocol).

⏱️ Temporary Tokens

Access tokens are stored only in browser memory and automatically deleted when page closes or refreshes.

✅ Server-Side Validation

All unlock tokens are validated on our server before allowing downloads (format, expiration, file match).

🏆 Industry Standards

OAuth 2.0 is used by Google, Facebook, Twitter, GitHub, and all major platforms for secure authentication.

🔒 No Password Storage

We never see, handle, or store your Google password. Login happens entirely on Google's servers.

🚫 Minimal Permissions

We only request permission to check YouTube subscriptions. No email, profile, or other data access.

6. 🎛️ Your Rights & Control

🔓 Right to Revoke Access

You can revoke our app's permission to check YouTube subscriptions at any time.

Manage Google Permissions →

📋 Right to Access Data

You can request a copy of what download logs we have associated with your IP address.

🗑️ Right to Deletion

You can request deletion of download logs. We'll comply unless legally required to retain them.

❓ Right to Information

You have the right to know what data we collect and how we use it (explained in this policy).

⚠️ Right to Object

You can object to data processing. However, this may prevent you from using the download verification service.

7. 🍪 Cookies & Browser Storage

What We Use:

Storage Type	What's Stored	Duration	Purpose
sessionStorage	File ID, Unlock Token	Until tab closed (max 1 hour)	Track verification state
JavaScript Memory	Access Token	Page session only	Check YouTube subscription

❌ What We DON'T Use:

No tracking cookies - We don't track you across websites
No advertising cookies - No data shared with advertisers
No localStorage - No permanent browser storage
No third-party cookies - Except Google OAuth (required for login)

8. 🔗 Third-Party Services

We Use Only ONE Third-Party Service:

🔐

Google OAuth 2.0 & YouTube API

Used for:

User authentication (login)
Checking YouTube subscription status

Privacy Policy: https://policies.google.com/privacy
Terms of Service: https://policies.google.com/terms

✅ We DO NOT use analytics, advertising, or tracking services.

9. ⚖️ Legal Compliance

🇪🇺 GDPR Compliance (EU Users)

Minimal Data Collection: We only collect what's necessary (IP, timestamp, file info)
User Consent: You consent before OAuth process starts
No Personal Google Data: Email, name, and YouTube data are NOT stored
Clear Purpose: Data used only for subscription verification and abuse prevention
Right to Access & Deletion: You can request your data or deletion

🔐 Google's API Terms

Official Google APIs: We use Google's official OAuth 2.0 and YouTube Data API
Best Practices: Following OAuth 2.0 security best practices
No Unnecessary Data: Not storing tokens or personal information
User Control: Users can revoke access anytime from Google account

📜 Data Retention

We retain download logs for:

Standard Retention: Up to 1 year for abuse prevention and analytics
Legal Compliance: Longer if required by law
Upon Request: Deleted earlier if you request and no legal obligation exists

📞 Questions or Concerns?

If you have any questions about this Privacy Policy or how we handle your data, please contact us.

We're committed to protecting your privacy and being transparent about our practices.