Privacy Policy

Last updated: April 6, 2026

1. Overview

Rundown ("we," "us," "our") operates the Rundown web application and related services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we receive and store:

  • Your name, email address, and profile photo (from your Google profile)
  • A unique Google account identifier
  • OAuth access and refresh tokens (encrypted at rest) to access the YouTube Data API on your behalf

2.2 YouTube Data

We request read-only access to your YouTube subscriptions. Specifically, we access:

  • The list of YouTube channels you are subscribed to
  • Public metadata about videos published by channels you follow within our service (titles, descriptions, thumbnails, publication dates)

We do not access your watch history, liked videos, playlists, comments, or any private YouTube data. We cannot post, delete, or modify any content on your YouTube account.

2.3 AI-Generated Summaries

We process publicly available video content through large language models to generate summaries. These summaries are stored in our database and associated with the video, not with individual users. Summaries are shared across all users who follow the same channel.

2.4 Usage Data

We collect standard server logs (IP addresses, request timestamps, user agents) for security and operational purposes. We do not use third-party analytics or tracking services at this time.

3. How We Use Your Information

  • To provide the service: importing your subscriptions, generating summaries for videos from channels you follow, and delivering your feed and digest emails.
  • To send digest emails: if you enable this feature, we send a daily email to your Google email address containing summaries of recent videos.
  • To maintain and improve the service: debugging issues, monitoring performance, and improving summary quality.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data Storage and Security

  • Google OAuth tokens are encrypted at rest using AES-256-GCM before being stored in our database.
  • Session tokens are hashed (not stored in plaintext) in the database.
  • All communication between your browser and our servers is encrypted via HTTPS/TLS.
  • Our database is hosted on Supabase with network-level access controls.
  • We use Row Level Security (RLS) policies to ensure users can only access their own data.

5. Third-Party Services

We use the following third-party services to operate Rundown:

  • Google OAuth and YouTube Data API: to authenticate you and access your subscription list.
  • AI model providers: to generate video summaries from publicly available video content. Video content is processed through these providers' APIs; no personal user data is sent.
  • Resend: to deliver digest emails. Your email address is shared with Resend for this purpose.
  • Supabase: to host our PostgreSQL database.
  • Railway: to host our application infrastructure.

6. Data Retention

  • Account data: retained as long as your account is active.
  • Google tokens: retained while your account is connected. Immediately invalidated when you disconnect.
  • Video summaries: retained as a shared resource and not tied to individual user accounts.
  • Session data: expires after 30 days of inactivity.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request correction of inaccurate personal data.
  • Right to erasure: you may request deletion of your personal data. Contact us at the email below.
  • Right to restriction: you may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: you may request your data in a structured, machine-readable format.
  • Right to object: you may object to processing of your personal data.
  • Right to withdraw consent: you may withdraw consent at any time by disconnecting your account.

To exercise any of these rights, contact us at privacy@getrundown.xyz. We will respond within 30 days as required by law.

The legal basis for processing your data is your consent (Article 6(1)(a) GDPR), which you provide when you sign in with Google and grant access to your subscription data. For digest emails, the legal basis is also consent, which you can withdraw at any time from the Settings page.

You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit) if you believe your rights have been violated.

8. Additional Rights

  • Disconnect: you can disconnect your Google account at any time from the Settings page. This stops all future data access and processing.
  • Revoke access: you can revoke Rundown's access from your Google Account permissions page at any time.
  • Email preferences: you can enable or disable digest emails from the Settings page.

9. International Data Transfers

Our infrastructure is hosted on servers that may be located outside the EEA (including the United States). By using the Service, you acknowledge that your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place in accordance with GDPR requirements.

10. Children's Privacy

Rundown is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact:

Email: privacy@getrundown.xyz