VidBookBack home

Legal

Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains how VidBook ("VidBook", "we", "us") collects, uses, stores and shares information when you use our website at vidbook.ai and our hosted application (collectively the "Service"). By using the Service you agree to the practices described here.

1. Information we collect

We collect only the information required to operate the Service:

  • Account data from our authentication provider (Clerk): your email address, display name, profile image and external identity provider id.
  • Project data you submit: YouTube URLs you paste, the transcripts we extract from them, the AI-generated outlines and chapters, and the exported PDF, EPUB and DOCX files.
  • Billing data from our payment processor (Stripe): customer id, subscription status, last-four payment-card digits. We never see your full card number; Stripe handles payment information directly under PCI-DSS.
  • Usage analytics via PostHog: anonymous events describing which features you used, error rates and aggregate performance. You can opt out at any time from the Settings page. Transcripts and chapter content are never sent to analytics.
  • Server logs: standard request logs (IP, user-agent, path, status, latency) retained for 30 days to debug incidents.

2. How we use it

We use the information above to run the Service, bill subscriptions, generate the books you ask us to generate, prevent abuse and improve quality. We do not sell personal data and we do not use your project content to train any AI model. Transcripts and chapter prose are sent only to Google's Gemini API to produce the book you requested, under Google's data-processing terms.

3. Subprocessors

  • Clerk (authentication)
  • Supabase (database + private object storage)
  • Google Gemini (AI generation)
  • Stripe (billing)
  • PostHog (product analytics)
  • Vercel (hosting + edge network)

4. Your rights

If you reside in the EU, UK or California you have the right to access, correct or delete your personal data, and to export a portable copy of it. Open Settings and use the "Delete account" action to permanently remove your account, projects, transcripts, chapters, exports and Stripe customer record. To export data, email us at support@vidbook.ai and we will send a JSON archive within 30 days.

5. Data retention

Projects and exports remain on your account until you delete them. If you cancel your subscription we keep your data accessible for 90 days so you can resume; after that, projects older than 90 days from cancellation are queued for deletion. Billing records are retained for 7 years for tax compliance.

6. Security

Data is transmitted over HTTPS, stored encrypted at rest, and access-controlled by Postgres row-level filters scoped per user. Exports use short-lived signed URLs (under 10 minutes). We follow the OWASP Top 10 guidance and run automated dependency vulnerability scans on every deploy.

7. Cookies

Authentication uses an httpOnly session cookie set by Clerk. Analytics persistence uses a first-party PostHog cookie + localStorage entry. No third-party advertising cookies are set. You can opt out of analytics in Settings.

8. Children

The Service is not directed at children under 16 and we do not knowingly collect personal data from anyone under 16.

9. Changes

If we materially change this policy we will notify signed-in users by email at least 14 days before the change takes effect.

10. Contact

Questions go to support@vidbook.ai.