Privacy Policy
Effective date: April 22, 2026
§1. Data Controller
The Controller of your personal data is Mateusz Lisiewicz (the "Controller").
Contact for data-protection matters:
- Email: kontakt@checkerai.ai
- Postal address: will be added after business registration — until then please use email for formal correspondence.
§2. What data we collect
Data you provide voluntarily:
- Email address — at Account registration.
- Password — stored only as a one-way cryptographic hash. No one, including administrators, has access to the plaintext password.
- First name / nickname — optional, shown in your Account.
- Search queries (YouTube creator names, channel URLs) typed into the search bar.
- Bug reports — content, optional email, the page the error happened on.
Data collected automatically:
- IP address — stored in security event logs for abuse protection.
- User-Agent — only on bug reports, for diagnostics.
- Access logs — standard server logs maintained by our hosting provider.
- Session cookies — required to keep you logged in; we don't use marketing or tracking cookies.
§3. Purposes and legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the Service (Report generation, Account) | Art. 6(1)(b) — contract performance |
| Handling complaints and bug reports | Art. 6(1)(b) + (f) |
| Service security (event logs, anti-abuse) | Art. 6(1)(f) — legitimate interest |
| Legal obligations (accounting) | Art. 6(1)(c) |
| Communicating with you | Art. 6(1)(b) or (a) — consent |
§4. Recipients
We rely on the following categories of processors that may handle your data on our behalf:
- AI provider: OpenAI, Inc. (USA) — content analysis of public channels. We do not send your email or password.
- Application hosting: Vercel, Inc. (USA/EU) — application infrastructure.
- Database hosting: Neon, Inc. (EU) — storage of Account and Report data.
- Public YouTube data: Google LLC (USA) — access to public YouTube metadata.
The list is updated as our providers change. The latest version is always available at this URL.
§5. Transfers outside the EEA
Some of our processors (OpenAI, Google, Vercel) are based in the USA. Transfer basis: European Commission Standard Contractual Clauses (SCC) and the EU–US Data Privacy Framework (for certified providers).
§6. Retention
| Data | Period |
|---|---|
| Account (email, hash, credits) | Until you delete the Account |
| Event logs | 90 days |
| Bug reports | 12 months |
| Reports | Until Account deletion; public reports anonymously |
| Accounting records | 5 years |
§7. Your rights
Under GDPR you have the right to:
- Access your data (Art. 15).
- Rectification (Art. 16).
- Erasure ("right to be forgotten", Art. 17).
- Restriction of processing (Art. 18).
- Data portability (Art. 20).
- Object (Art. 21).
- Lodge a complaint with the Polish data protection authority (uodo.gov.pl) or your local supervisory authority.
To exercise any right, email kontakt@checkerai.ai. We respond within 30 days.
§8. Profiling and automated decisions
We do not make automated decisions producing legal effects based on your data. Reports concern YouTube channels, not you.
§9. Cookies and local storage
We only use technical cookies strictly necessary to operate the Service — keeping you logged in and gating admin panel access (admins only).
We do not use marketing, profiling or third-party tracking cookies that would require your consent (e.g. Google Analytics, Facebook Pixel).
§10. Children
The Service is intended for adults only and is not directed to children under 13 (US COPPA) or under 16 (EU GDPR Art. 8). We do not knowingly collect personal data from children. If you believe your child has registered, email kontakt@checkerai.ai — we will promptly delete the account and confirm deletion in accordance with COPPA requirements.
§11. Data security
We apply appropriate technical and organisational measures to protect your data: encrypted transport (HTTPS/TLS), industry-standard one-way password hashing, a protected admin panel, rate limiting, and access logs for audit purposes.
§12. Changes to this Policy
We will notify you by email of material changes at least 14 days in advance. The current version is always published at this URL.
§13. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know what personal information we collect and how it is used.
- Right to delete personal information we hold about you.
- Right to correct inaccurate personal information.
- Right to opt out of the “sale” or “sharing” of personal information.
- Right to non-discrimination for exercising these rights.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. The categories of data we collect are listed in §2 above.
To exercise any right, email kontakt@checkerai.ai. We respond within 45 days (CCPA) or 30 days (GDPR) — whichever is shorter for your jurisdiction. We do not discriminate against California residents who exercise their privacy rights.