Privacy Policy

Seya — Chrome Extension · Last updated: March 1, 2026

What Seya Does

Seya is a Chrome extension that generates AI-powered knowledge extracts from YouTube videos. Extracts are saved to your personal dashboard and can optionally be delivered to Slack or Telegram.

Data We Collect

When you click "Extract," the following data is sent to our servers:

• Video information — URL, title, channel name, and timestamp of the video you are watching
• Google account info — email address, display name, and profile picture (used for authentication and display in the extension)
• Delivery preferences (optional) — if you enable delivery, your chosen channel (Slack or Telegram) and the associated webhook URL or chat ID
• Channel following — when you follow a YouTube channel, we store the channel name, URL, and thumbnail, and periodically check for new videos to generate extracts
• Dashboard usage data — when you use the dashboard at appseya.com, we collect anonymous interaction data (pages viewed, features used) and session recordings to improve the product. Inputs are masked in recordings. No cookies are used, and no analytics data is collected inside the Chrome extension itself.

We do not collect browsing history, video watch history, or any data from pages other than the video you explicitly choose to extract.

How We Use Your Data

• Authentication — Your Google account is used solely to identify you and protect access to your preferences.
• Extraction — Video URL is sent to a transcript service, then the transcript is processed by OpenAI to generate a structured extract.
• Delivery — Your extracts are saved to your dashboard. If you configure delivery, they are also sent to your Slack or Telegram channel.
• Logging — We store a log of extraction requests (video URL, status, timestamp) tied to your user ID for debugging purposes.

Legal Basis for Processing

• Contractual necessity (Art. 6(1)(b) GDPR) — When you click "Extract," you request the service. We process your video data and account information to fulfill that request.
• Consent (Art. 6(1)(a) GDPR) — Delivery to Slack or Telegram is optional. By configuring a delivery channel, you consent to us sending extracts there.
• Legitimate interest (Art. 6(1)(f) GDPR) — We retain extraction logs for debugging and abuse prevention. We also collect anonymous dashboard usage analytics and session recordings to understand how the product is used and improve the experience.

Third-Party Services

Seya relies on the following third-party services to function. Here is what each service receives:

• Google — Authentication (OAuth 2.0 sign-in). Receives your email, name, and profile picture.
• Database and authentication provider — Stores your profile, preferences, extracts, and request logs. Hosted in the EU.
• Transcript extraction service — Receives the YouTube video URL to fetch its transcript.
• OpenAI — AI processing. Receives the transcript and video metadata to generate your extract. OpenAI does not train on data sent via its API.
• Workflow automation service — Receives video URL, title, channel name, and your user ID to coordinate the extraction pipeline.
• Slack / Telegram — Extract delivery. Receives the generated extract only when you enable delivery.
• Analytics service — Collects anonymous dashboard usage data and session recordings (with masked inputs) to help us improve the product. No cookies are stored. Does not run inside the Chrome extension. Hosted in the US.

Each service processes data according to its own privacy policy. When you delete your account, all data stored in our database is permanently deleted. Third-party services may retain their own processing logs per their respective retention policies.

Data Retention

• Account & profile — retained until you delete your account.
• Extracts — retained until you delete your account. Accessible via the dashboard at appseya.com.
• Delivery preferences (webhook URL, chat ID) — retained until you remove them or delete your account.
• Extraction logs (video URL, status) — retained for up to 12 months for debugging, then automatically deleted.
• Dashboard analytics — anonymous usage data and session recordings are retained for up to 12 months.

Data Security

• All communication uses HTTPS encryption.
• Authentication tokens are stored locally in your browser's secure extension storage.
• Database access is protected by Row Level Security — you can only access your own data.
• No passwords are stored — authentication is handled entirely through Google Sign-In.

Your Rights

Under the GDPR and similar data protection laws, you have the following rights:

• Access — View all your extracts, preferences, and followed channels on the dashboard at appseya.com.
• Deletion — Permanently delete your account and all associated data from Settings > Delete account. We will respond within 30 days.
• Portability — Request a copy of your data in a portable format by emailing us.
• Objection — Object to data processing by contacting us at the email below.
• Restriction — Request that we limit how we process your data by contacting us.
• Revocation — Revoke Google Sign-In access from your Google Account permissions page.

Permissions Explained

• activeTab — Allows the extension to read the current YouTube page URL and title when you click the extract button. No other tabs or pages are accessed.
• storage — Stores your authentication session and preferences locally in the browser.
• identity — Enables Google Sign-In via Chrome's built-in authentication flow.
• Host permissions (youtube.com) — Required to inject the content script on YouTube pages. The extract button only activates on video pages (youtube.com/watch).
• Host permissions (supabase.co) — Required to communicate with the authentication and preference storage backend.
• alarms — Used to check extraction status in the background after you click extract (polls every 30 seconds for up to 3 minutes).

Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top will reflect the most recent revision.