1. Who we are
SponsorMetrics ("we", "us") is a YouTube sponsorship analytics platform. Our service helps content creators track sponsorship performance and share reports with brand partners. We are the data controller for personal data collected through this platform.
2. Data we collect
- Account data: email address, Google account profile (name, avatar) collected when you sign in.
- YouTube channel data: channel name, subscriber count, thumbnail. OAuth tokens are stored encrypted (AES-256-GCM).
- Campaign data: video IDs, sponsor names and emails, segment timestamps you enter.
- Analytics data: views, watch time, audience retention, demographics, and traffic sources retrieved from the YouTube Analytics API on your behalf.
- Billing data: Stripe handles payment processing. We store only your Stripe customer ID and subscription status — never raw card numbers.
- Usage data: server logs, error traces for operational purposes.
3. How we use your data
- To authenticate you and provide the service.
- To generate analytics reports and send them to the sponsor emails you specify.
- To manage your subscription and process payments via Stripe.
- To send transactional emails (report delivery, account notifications) via Resend.
- To improve the platform and fix bugs.
We do not sell your data to third parties. We do not use your analytics data for advertising.
4. Data sharing
We share data only with the following sub-processors, each bound by data processing agreements:
- Supabase — database and authentication (EU region)
- Stripe — payment processing
- Resend — transactional email delivery
- Google / YouTube — OAuth authentication and analytics data retrieval
- Vercel — hosting and infrastructure
Report links you share with sponsors expose only the analytics data you have explicitly chosen to include. Sponsors cannot access your account, tokens, or other campaigns.
5. Data retention
We retain your data for as long as your account is active. If you delete your account, all personal data (campaigns, reports, channel connections) is permanently deleted within 30 days, except where retention is required by law (e.g., billing records for 7 years under French tax law).
6. Your rights (GDPR)
If you are located in the European Economic Area, you have the right to:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data.
- Erasure — delete your account and all associated data via Settings → Danger Zone.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
To exercise these rights, contact us at danilson@sponsorsmetrics.com. You may also lodge a complaint with your local supervisory authority (e.g., CNIL in France).
7. Cookies
We use only strictly necessary cookies to maintain your authenticated session (Supabase auth cookies). We do not use advertising, tracking, or analytics cookies.
8. Security
OAuth tokens are encrypted at rest using AES-256-GCM. All data is transmitted over HTTPS. We apply row-level security in our database so users can only access their own data. We do not log or store YouTube token values in plain text.
9. Changes to this policy
We will notify you by email of any material changes. The "last updated" date above reflects the most recent revision.
10. Contact
SponsorMetrics
Email: danilson@sponsorsmetrics.com