Privacy Policy

Privacy Policy

Gazenest operates the Gazenest browser extension and web dashboard (www.gazenest.com). This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have over it.

1. Data Controller

The data controller is the publisher of this site (see Legal Notice). For any privacy question, contact privacy@gazenest.com.

2. What Gazenest is

Gazenest is a personal-insights and digital-wellbeing product. The extension reads metadata (title, channel, duration) of YouTube videos that you watch in your own logged-in YouTube session in your own browser, and the dashboard turns that into your own weekly reports, focus sessions, and viewing-time insights.

Gazenest does not collect data about anyone other than you and does not automate any action on your YouTube account. The Gazenest server makes only anonymous public-metadata lookups to YouTube-owned domains: an oEmbed call (youtube.com) for channel handles, a YouTube Data API call (googleapis.com) for the channel's public avatar URL, and a download of the avatar image bytes from YouTube's public CDN (googleusercontent.com / i.ytimg.com). These calls carry no user identifier, no watch event, and no PII. Every request involving your YouTube session is made by your own browser, in your own session.

How Fast Import handles your session

If you choose to use the Fast Import feature (see How Fast Import Works), the extension reads your YouTube watch history from inside your own browser tab, using the session you are already logged into. The session credentials (Google cookies such as SAPISID, HSID, SSID) stay inside your browser at all times. They are used locally to sign the same internal request that the YouTube website itself makes, and they are never transmitted to the Gazenest server. Only the resulting video metadata (title, channel, watch date) is sent to your private Gazenest account.

3. Information We Collect

Information you provide directly

  • Email address - used for account creation, authentication, and communication
  • Licence key - used to verify your active subscription
  • Family-plan member emails - if you invite family members (Family plan only)
  • Support messages - if you email us or use the contact form

Information collected automatically by the extension

  • YouTube video metadata - video title, channel name, watch duration, timestamp, whether the video is a Short - read inside your own browser from pages you are actively viewing
  • Device identifier - a random UUID generated on install (for multi-device sync and device-limit enforcement)
  • IP address - logged on sync requests for security and abuse prevention; deleted after 30 days

Information we do NOT collect

  • Your YouTube password or Google credentials
  • Any browsing activity outside YouTube
  • Private messages, comments, or search queries
  • Data about creators, channels, or other YouTube users
  • Payment card details (handled by Lemon Squeezy, LLC as Merchant of Record)
  • Biometrics, location, health, or other GDPR Article 9 special-category data

4. Legal Basis (GDPR Article 6)

Processing Legal basis
Account creation and authentication Contract performance (Art. 6.1.b)
Reading and storing your YouTube viewing activity Your consent (Art. 6.1.a), granted on extension activation
Behavioural profile classification Your consent (Art. 6.1.a) - opt-in, can be disabled
Weekly insight email reports Your consent (Art. 6.1.a) - opt-in only
Security logging (IP, User-Agent) Legitimate interest (Art. 6.1.f) - operating a secure service
Tax and accounting record retention Legal obligation (Art. 6.1.c) - 10 years under French law

You can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

5. Automated Decision-Making and Profiling (GDPR Art. 22)

Gazenest classifies your activity into one of six behavioural profiles (e.g. "Intentional User", "Exploratory Viewer", "Evening Viewer") based on the last 30 days of your own viewing data. This is profiling under GDPR Article 4(4).

The profiling has no legal or similarly significant effect on you. It is shown only to you, on your own dashboard. You can:

  • See which signals fed the classification.
  • Disable behavioural profiling in your settings.
  • Request human review of any classification by emailing privacy@gazenest.com.
  • Object to the profiling at any time.

6. Data Encryption

All personally identifiable information (PII) is encrypted at rest using AES-256-GCM. Your email address and licence key are stored as HMAC-SHA256 hashes for lookup - the plaintext value is never queried directly. All traffic uses HTTPS / TLS 1.3.

7. Data Sharing (Subprocessors)

We never sell, rent, or share your personal data. The only third parties who may receive data are our subprocessors:

  • Lemon Squeezy, LLC - Merchant of Record: payment processing, invoicing (billing data only)
  • OVH SAS - infrastructure hosting provider (encrypted data at rest, France/EU)

The full subprocessor list is published at /page/subprocessors.

We may also disclose data when required by a lawful order from a competent authority.

8. Data Retention

Data Retention period
Account data (email, licence key, settings) While subscription is active
YouTube viewing data (videos, scores, sessions) While subscription is active. All videos are stored permanently; display is filtered by your plan's history window.
Sync log IPs 30 days, then automatically deleted
Closed accounts Permanently deleted within 30 days of closure
Backups Rotating 30-day window; deletions purged from backups within 30 days
Tax and accounting records 10 years (French legal obligation)

9. Your Rights (GDPR)

As a data subject under the GDPR you have the right to:

  • Access your data (Art. 15) - "Export my data" in your dashboard
  • Rectify inaccurate data (Art. 16) - edit it in your dashboard or email us
  • Erase your data at any time (Art. 17) - "Delete my account" in your dashboard
  • Restrict processing (Art. 18)
  • Portability (Art. 20) - export in JSON format
  • Object to processing based on legitimate interest (Art. 21)
  • Withdraw consent for email reports, behavioural profiling, or any consent-based processing at any time
  • Not be subject to a decision based solely on automated processing (Art. 22) - see section 5

To exercise any right, use your dashboard or contact us. We respond within 30 days. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

10. International Transfers

Customer data is hosted on OVH servers in the European Union. Some subprocessors (e.g. Lemon Squeezy, LLC) are located outside the EU; transfers to those subprocessors are protected by the EU Standard Contractual Clauses (SCCs) and additional safeguards where required.

11. Cookies

What Is a Cookie?

A cookie is a small text file stored in your browser when you visit a website. It allows the site to remember information about your visit.

Our Cookies (Strictly Necessary)

Cookie Purpose Duration
PHPSESSID Maintains your dashboard login session Browser session (deleted on close)
_csrf_token Protects forms against cross-site request forgery Browser session

These cookies are essential for the service to function. They do not track you, collect personal data, or share anything with third parties.

Third-Party Cookies

Gazenest does not load any Lemon Squeezy scripts on its own pages, so no Lemon Squeezy cookies are set on our domain. When you click a "Buy" or "Subscribe" button, you are redirected to a checkout page hosted on lemonsqueezy.com, where Lemon Squeezy may set its own cookies for fraud prevention and payment processing, governed by the Lemon Squeezy Buyer Terms.

We do not use analytics cookies, advertising cookies, or social media tracking pixels.

Browser Extension

The Gazenest extension uses your browser's local storage (not cookies) to store your JWT authentication token, extension settings and preferences, and pending sync data. This data stays on your device and is never shared with anyone except the Gazenest sync server.

Managing Cookies

You can control or delete cookies through your browser settings. Disabling the essential cookies above will prevent you from accessing your Gazenest dashboard.

12. Children and Family Plans

Gazenest is intended for users aged 15 or over (the digital-consent age in France under GDPR Article 8 and the Loi Informatique et Libertes).

For Family plans, the plan owner can invite up to 4 additional members. If a member is under 15, the plan owner confirms that they have parental authority and consent. Family-plan members see only their own dashboard data. The plan owner sees aggregated scores for each member, never video titles or per-video details.

We do not knowingly accept users from the United States who are under 13 (COPPA). If we discover such a registration, we will delete the account.

13. The Browser Extension

The extension stores in your browser's local storage your access token, refresh token, a random device identifier, your plan feature flags, the list of YouTube video IDs you have already watched (for "watched" badges across devices), and your settings cache. You can clear it at any time by signing out, uninstalling the extension, or clearing your browser's extension storage.

The extension requests only the Chrome / Firefox permissions strictly necessary to run on YouTube pages (storage, activeTab, tabs, scripting, alarms) and to communicate with our servers.

14. Changes to This Policy

We will notify registered users by email of any material changes before they take effect.

15. Contact

For any privacy question or to exercise your rights: privacy@gazenest.com. For general contact: use our contact form.

Last updated: 9 June 2026