Privacy Policy

Last updated: July 2, 2026

This Privacy Policy explains what information WatchGist (“WatchGist”, “we”, “us”) collects, how we use it, and the choices you have. It applies to the WatchGist browser extension and website (together, the “Service”). By using the Service you agree to the practices described here.

Who we are

WatchGist is an AI assistant that generates summaries of, and lets you chat about, YouTube videos from inside your browser. The Service is operated by an independent developer, who acts as the data controller for the personal data described below. You can reach us any time at support@watchgist.com.

Information we collect

We collect only what we need to run the Service:

  • Video content you ask us to process. When you request a summary or send a chat message, the extension sends the transcript of the video you are watching — along with its title, channel name, and description — to our servers so we can generate a response. Chat messages you type are sent with the transcript to produce answers.
  • Account information. If you sign in with Google, we receive and store your name, email address, and profile image, plus the authentication tokens needed to keep you signed in.
  • Session and technical data. To keep you signed in securely we store session tokens together with the IP address and browser user-agent associated with each session, and related timestamps.
  • Usage data. We count how many summaries and chat messages you use each month to enforce plan limits. If you use the Service without an account (free trial), we store a randomly generated device identifier created by the extension and daily counters tied to your IP address, solely to apply trial limits and prevent abuse.
  • Billing data. Subscriptions are processed by Polar, our merchant of record. We store your Polar customer and subscription identifiers and your plan status (e.g. free/pro, renewal date). We do not receive or store your full card details.
  • Data stored on your device. The extension keeps a few items in your browser’s local storage: your sign-in token, your output-language preference, and the random device identifier described above. This data stays in your browser and is only sent to us as part of the requests above.

How we use your information

  • To provide summaries, chat answers, and the rest of the Service.
  • To authenticate you and keep your session secure.
  • To enforce plan and trial limits, and to detect and prevent abuse, fraud, and technical problems.
  • To process subscriptions and manage billing through Polar.
  • To cache generated results so repeated requests are faster and cheaper (see “Caching” below).
  • To respond to your support requests and to comply with legal obligations.

We do not sell your personal data, we do not use it for advertising, and we do not track your general browsing history. The extension only runs on YouTube pages, and only to provide the features above.

Legal bases for processing

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR: performance of our contract with you (to deliver the Service you request); our legitimate interests (to secure the Service, prevent abuse, and improve performance); your consent where required; and compliance with legal obligations.

AI processing and service providers

We do not build our own AI models. To generate summaries and answers we send the video transcript and related metadata to OpenAI for processing. We rely on the following providers (sub-processors), who process data only on our behalf:

ProviderPurposeData involved
OpenAIGenerating summaries and chat answersTranscript, video metadata, chat messages
NeonDatabase hostingAccount, usage, subscription, and cached data
VercelApplication and website hostingRequests and technical data in transit
GoogleSign-in / authenticationName, email, profile image
PolarPayments and subscription managementBilling details, plan status

OpenAI processes transcripts to generate output and, per its API terms, does not use data submitted through its API to train its models.

Caching

To keep the Service fast and affordable, a generated summary and the suggested questions for a video are cached by video and output language, and may be reused to serve other users who request the same video in the same language. These caches store the generated text keyed to a public YouTube video identifier — they are not linked to your account or identity.

Sharing and disclosure

We share personal data only with the sub-processors listed above, and otherwise only when required to: to comply with applicable law or a valid legal request; to enforce our terms or protect the rights, safety, and security of our users and the Service; or in connection with a merger, acquisition, or sale of assets, in which case we will notify you before your data becomes subject to a different privacy policy.

International data transfers

Our providers may process and store data in countries other than the one you live in, including the United States. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for these transfers.

Data retention

  • Account, usage, and subscription data are kept for as long as your account is active, and are deleted when you delete your account (see “Your rights”), except where we must keep records to meet legal or accounting obligations.
  • Anonymous trial counters are kept to enforce trial limits; IP-based daily counters reset each day.
  • Cached summaries and suggestions are retained to serve future requests and are refreshed when our generation changes.
  • Sessions expire automatically and are removed when you sign out.

Security

Data is transmitted over encrypted connections (HTTPS) and stored with our hosting and database providers. We restrict access to personal data to what is necessary to operate the Service. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information.

Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise any of these rights, or to delete your account and its associated data, email us at support@watchgist.com from the address associated with your account, and we will respond within a reasonable time. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

Cookies

The website uses only essential cookies needed to keep you signed in and to operate core features. We do not use advertising or third-party tracking cookies. The extension does not use cookies; it stores the limited items described in “Data stored on your device”.

Google user data (Chrome Web Store Limited Use)

WatchGist’s use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. We use the Google account data you share only to sign you in and identify your account. We do not transfer or sell this data, and we do not use it for advertising or any purpose unrelated to providing the Service.

Children’s privacy

The Service is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect means you accept the updated policy.

Contact

Questions about this policy or your data? Email us at support@watchgist.com.