Privacy Policy

GuardMyVideos is operated by Ellan Duncan t/a GuardMyVideos, a sole trader registered in England. When we say “we”, “us”, or “our” in this policy, we mean GuardMyVideos. When we say “you” or “your”, we mean you as a user of our service.

If you have any questions about this policy or how we handle your data, you can contact us at: contact@guardmyvideos.com

Regional notices: Sections 8–11 describe rights that may apply depending on where you live (United Kingdom, European Economic Area, United States, and other regions). Manage cookie preferences and US opt-out choices at Your privacy choices.

We collect the following information when you use GuardMyVideos:

Account information: Your email address and, if you sign in with Google, your name and profile picture as provided by Google. If you create an account with a password, we store a securely hashed version of that password — we never store passwords in plain text.

Scan data: The YouTube video URLs you submit for scanning, the search keywords you enter, and the results generated by each scan (including match scores and analysis). We also store whether you indicated each scan was for your own original video or for a link you were checking without claiming ownership — so we can show accurate history and exports. For some scans we also retrieve relevant public comments on candidate videos to surface viewer-reported plagiarism signals. We store this to show you your scan history and to enforce usage limits on your account tier.

Usage data: The number of scans you have run in the current billing period, your subscription tier, and basic interaction data such as when you last logged in.

Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your card details — Stripe handles this securely. We receive only a confirmation of payment status and your Stripe customer ID.

Technical data: Standard server logs including your IP address, browser type, and the pages you visit. This is collected automatically by our hosting provider (Vercel) and our database provider (Supabase).

We use your data to:

Provide and operate the service — running scans, displaying results, managing your account and subscription tier. Enforce usage limits based on your plan. Process payments through Stripe for paid subscriptions. Send you essential service emails such as account confirmation, password resets, and important changes to the service or these terms. Power the on-site support chat by sending your recent chat messages to the Anthropic Claude API to generate replies (messages are not used to train Anthropic’s models). Improve the service by understanding how it is used in aggregate (we do not sell or share individual usage data).

We will never sell your personal data to third parties. We will never use your submitted video URLs or scan results for marketing purposes.

GuardMyVideos uses the following third-party services to operate:

Supabase (database and authentication) — stores your account data and scan history. Based in the EU/US. Vercel (hosting) — serves the website and API routes. YouTube Data API (Google) — used to search for videos, retrieve public metadata (titles, descriptions, statistics, duration), list caption track availability, and in some cases fetch top-level public comments for plagiarism signals. We send your search keywords and video identifiers to Google’s API. To reduce quota usage and latency, identical search queries may be served from a short-lived server-side cache that does not identify you personally. Not every type of data visible on YouTube can be retrieved or downloaded under a standard API-key integration; our processing stays within the access Google permits for our integration. Anthropic Claude API — used to analyse video similarity and to generate support chat replies. For scans we send video titles, descriptions, tags, text derived from public metadata (and transcript-related signals where available), and sometimes static thumbnail images (from public thumbnail URLs) to Claude for comparison. Anthropic does not use this data to train their models. Stripe (payments) — processes paid subscriptions. Stripe’s privacy policy applies to payment data. PostHog (product analytics) — when you accept optional analytics cookies, we may send aggregate usage events (such as page views) to PostHog. PostHog does not run until you consent, and we do not use it for advertising.

Each of these services has its own privacy policy, and we encourage you to review them.

GuardMyVideos uses AI to produce similarity scores for each scan you run. These scores are generated automatically by comparing permitted public metadata, transcript-related text where available, and sometimes thumbnail imagery, using the Anthropic Claude API. Under UK GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing where those decisions produce legal or similarly significant effects.

Our scan scores are indicators provided to assist your own judgement — they do not constitute legal determinations and we do not take any automated action against third parties based on them. You remain in full control of any decisions or actions you take based on scan results. If you have questions about how a score was produced, contact us at contact@guardmyvideos.com.

Under UK data protection law, we process your data on the following bases:

Contract: Processing your account and scan data is necessary to provide you with the service you signed up for. Legitimate interest: Server logs and basic analytics help us keep the service secure and operational. Consent: If we ever send marketing emails (we currently do not), we will ask for your explicit consent first.

We retain your account data and scan history for as long as your account is active. If you delete your account, we delete your profile, scan history, and operational log rows tied to your account identifier promptly as part of that process, and remove your authentication record. We may retain a single anonymised event (with no user identifier) so we can measure how many accounts are closed. Broader anonymised, aggregated statistics may be retained indefinitely for service improvement.

Server logs are typically retained for up to 30 days by our hosting providers.

If you are in the United Kingdom, under UK GDPR you have the right to:

Access the personal data we hold about you. Rectify any inaccurate data. Erase your data (“right to be forgotten”). Restrict processing in certain circumstances. Port your data to another service. Object to processing based on legitimate interest.

To exercise any of these rights, contact us at contact@guardmyvideos.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data has been mishandled.

If you are in the European Economic Area (EEA) or, where EU GDPR applies by law, this section supplements sections 2–7. We are the data controller for your personal data.

Legal bases

We process personal data on the bases in section 6: performance of a contract (providing the service), legitimate interests (security and essential operations, balanced against your rights), and consent where required (for example optional analytics cookies or any future marketing).

Your rights

Under EU GDPR you may have the right to access, rectify, erase, restrict processing, data portability, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You may lodge a complaint with your local data protection supervisory authority. UK residents may also use the ICO as described in section 8.

To exercise these rights, contact contact@guardmyvideos.com with the subject line “EEA privacy request”. We will respond within one month unless applicable law allows an extension.

International transfers

When data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or adequacy decisions, as described in section 15.

This section supplements the rest of this policy if you are a resident of the United States and a state privacy law applies to our processing of your personal information (for example, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), or similar laws in Colorado, Connecticut, Virginia, Utah, and other states). It does not replace your rights under UK GDPR where those also apply to you.

Categories of personal information we collect

In the preceding 12 months we have collected the categories below from you and from your use of GuardMyVideos. These correspond to the descriptions in sections 2–4 above.

Identifiers — such as your email address, name and profile picture (if you sign in with Google), account ID, and IP address. Customer records — such as your subscription tier, scan counts for the current billing period, and Stripe customer ID (we do not store full card numbers). Commercial information — such as payment status and plan type. Internet or other electronic network activity — such as pages visited, browser type, login timestamps, and support chat messages you send on the site. Other information you provide — such as YouTube video URLs, search keywords, scan results (including match scores and analysis), ownership indicators you select per scan, and related scan history.

We do not knowingly collect sensitive personal information as defined under California law (such as government ID numbers, precise geolocation for cross-context advertising, or biometric identifiers for identification).

Sources

We collect this information directly from you when you register, run scans, subscribe, or contact support; automatically when you use the service (including through our hosting and database providers); from Google when you use Google sign-in; and from our payment and infrastructure providers as needed to operate the service.

Purposes for collection and use

We use the categories above for the business purposes described in section 3: to provide and operate GuardMyVideos, enforce plan limits, process subscriptions, send essential service communications, operate support chat, keep the service secure, and understand aggregate use to improve the product. We do not use your scan content for cross-context behavioral advertising.

Disclosure to service providers

We disclose personal information to the categories of recipients listed in section 4 (including Supabase, Vercel, Google/YouTube, Anthropic, Stripe, and PostHog where applicable) so they can process it on our behalf under contract. We do not sell your personal information and we do not share it for cross-context behavioral advertising. We will never sell your personal data to third parties.

Retention

Retention periods are described in section 7.

Your US privacy rights

Depending on your state, you may have the right to: know what personal information we collect, use, and disclose; access a copy of the personal information we hold about you; request deletion of personal information we collected from you (subject to exceptions such as completing a transaction or complying with law); request correction of inaccurate personal information; opt out of the sale or sharing of personal information (not applicable here, as we do not sell or share for cross-context behavioral advertising); limit use of sensitive personal information (not applicable as described above); and not receive discriminatory treatment for exercising these rights.

To submit a request, email contact@guardmyvideos.com with the subject line “US privacy request” and tell us which right you wish to exercise. We will verify your request (for example by confirming control of the email address on your account) and respond within the timeframe required by applicable law, and in any event within 45 days unless an extension is permitted and we notify you. You may delete your account in the app where that option is available, which initiates deletion as described in section 7.

If you use an authorized agent to submit a request on your behalf where your state allows this, the agent must provide written proof of authorization and we may still require you to verify your identity directly.

If we deny your request, you may have the right to appeal our decision by replying to our response email. If you are unsatisfied after an appeal, you may contact your state attorney general. California residents may also contact the California Attorney General.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request certain information about disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

Do Not Sell or Share / targeted advertising

We do not sell personal information and do not share it for cross-context behavioral advertising or targeted advertising. You can review this and manage analytics preferences at Your privacy choices (including for browsers that send a Global Privacy Control signal).

Financial incentives

We do not offer financial incentives in exchange for the collection or sale of personal information.

If you are outside the UK, EEA, and United States, we still apply appropriate safeguards to protect your personal data. The following summaries may apply depending on your location.

Canada (PIPEDA and provincial laws)

You may request access to and correction of your personal information, and challenge our compliance with applicable Canadian privacy law. Contact us at contact@guardmyvideos.com with the subject line “Canada privacy request”.

Australia (Privacy Act 1988)

You may request access to and correction of personal information we hold about you. If you believe we have mishandled your data, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

Brazil (LGPD)

Where LGPD applies, you may have rights to confirm processing, access, correct, anonymise, block, delete, and port data, and to withdraw consent. Contact us with the subject line “Brazil privacy request”.

Other jurisdictions

We will honour reasonable privacy requests consistent with applicable local law. Email contact@guardmyvideos.com and tell us your country or region.

GuardMyVideos uses essential cookies required for authentication and session management. We do not use advertising cookies or any cookies that track you across other websites.

Optional analytics (Google Analytics and PostHog) run only if you accept them in our cookie banner or on Your privacy choices. This data is used solely to improve the website in aggregate. We configure analytics to anonymise IP addresses where supported and we do not use analytics for advertising.

If your browser sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of sale or sharing and we do not enable optional analytics unless you later choose otherwise where law permits.

If you prefer not to be tracked by Google Analytics, you can install the Google Analytics opt-out browser add-on or disable analytics on our privacy choices page.

We do not alter our data collection practices in response to browser Do Not Track signals beyond the measures described above.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, including a description of the nature of the breach and steps we recommend you take to protect yourself.

Where US or other applicable law requires notification to regulators or affected individuals, we will do so in line with those requirements.

GuardMyVideos is not intended for use by anyone under 16 years of age in the UK and EEA. We do not knowingly collect personal data from children under 13 in the United States (COPPA) or under the minimum age required in your jurisdiction. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Some of our third-party providers (Vercel, Supabase, Anthropic, Stripe, PostHog, Google) may process data outside your country, including in the United States. Where UK or EEA law applies, we use appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or adequacy decisions where available.

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or by displaying a notice in the app. The “last updated” date at the top of this page will always reflect the most recent version.