Privacy Policy

This Privacy Policy explains how Problem Solving Agency Zenahr Barzani ("we", "us", "our") collects, uses, and protects your personal data when you use SpamSmacker ("Service").

We comply with the General Data Protection Regulation (GDPR) and applicable global privacy laws.

This Policy applies to all subdomains, staging environments, and testing deployments under spamsmacker.dev.

1. Data Controller

Problem Solving Agency Zenahr Barzani
Berlin, Germany (address withheld for privacy)
Email: Click to reveal email

2. Personal Data We Collect

We collect the minimum data necessary to operate and improve the Service.

2.1 Account & Authentication Data

• Email address
• Google OAuth profile (name, avatar, Google ID)
• Authentication tokens (Supabase-managed)

2.2 YouTube-Related Data

Collected only after you authorize access via Google:

• YouTube channel IDs
• Public comment text
• Comment metadata (author handle, timestamp, URLs, etc.)
• Public profile elements visible in comments

2.3 Service & Security Data

• IP address
• Browser/user-agent
• Basic analytics from Vercel (non-identifying)
• Error logs (without storing raw user IDs)

2.4 Billing Data

Handled exclusively by Paddle. We never store payment card details.

3. How We Use Your Data

We process your data solely to:

• Provide the Service and analyze comments for spam/scams
• Improve accuracy of moderation assistance (without ML training on your content)
• Audit automated detection decisions
• Help resolve support inquiries
• Maintain security and prevent abuse
• Comply with legal and platform (YouTube API) requirements

We do not:

• Sell personal data
• Use YouTube comment data for ML model training
• Process private YouTube content
• Track users across websites

4. Legal Bases for Processing (GDPR Art. 6)

We rely on:

• Contract performance: operating your account and scans
• Consent: Google OAuth authorization
• Legitimate interests: auditing, fraud prevention, troubleshooting
• Legal obligation: complying with platform rules and applicable laws

5. Data Retention

5.1 Comment Data

Raw comment content and metadata are stored for up to 180 days for legitimate purposes including:

• auditing automated detection
• verifying moderation suggestions
• troubleshooting user reports

After 180 days, comment content is deleted.

5.2 Account Data

Retained until your account is deleted.

5.3 Logs

Kept up to 90 days.

5.4 Tokens

Stored only as long as required to maintain your YouTube connection.

6. How We Share Data

We only share data with essential infrastructure providers:

• Supabase – authentication, session storage
• Vercel – hosting and deployment
• Paddle – billing administration
• Google YouTube API – access to public comments

We minimize sharing and do not share data with advertisers.

7. International Transfers

Some providers may process data outside the EU. We ensure compliance via:

• Standard Contractual Clauses (SCCs)
• GDPR frameworks
• Encryption and strict access controls

8. Your Rights Under GDPR

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion (right to be forgotten)
• Restrict or object to processing
• Withdraw consent at any time
• Request export of your data (portability)
• File a complaint with your local Data Protection Authority

To exercise your rights: Click to reveal email

9. Security Measures

We use modern technical and organizational safeguards including:

• Encryption in transit
• Access control and permission separation
• Environment isolation

No system is completely secure; users must protect their account credentials.

10. Children's Privacy

The Service is not intended for users under 16 years old.

11. Changes to This Policy

We may update this Policy as our service evolves. Material changes will be communicated.

12. Contact

For all privacy-related inquiries: Click to reveal email

By using the Service, you acknowledge that you have read and understood this Privacy Policy.