Privacy Policy

1. Information we collect and how

YHome.me (the “Service”) authenticates members with Google OAuth. When you sign in, we collect only what you allow on Google’s consent screen, within that scope.

• Google account identifiers: the stable account identifier Google provides for your Google account, and your email address
• Profile: display name, profile image URL
• YouTube channel data (read-only, as you approve on Google’s consent screen): for channels you own—channel IDs, handles, and basic public metadata (title, description, thumbnail, statistics, topics, and similar fields available from Google’s public YouTube services)
• YouTube Analytics (read-only, as you approve): for your channels only, metrics Google makes available through YouTube Analytics (for example shares, impressions, and related figures). We do not access private analytics for other people’s channels.
• Sessions and logs: a first-party session cookie to keep you signed in, your last sign-in time, and server access logs (timestamps, IP address, browser User-Agent)
• Google OAuth refresh token: may be stored so we can refresh YouTube Analytics data (for example per-video share counts) for channels you own. It may be used after you sign out for scheduled refresh; you can end this by deleting your account or revoking access in your Google account.

We do not collect Google passwords, payment data, contact books, or any categories not listed above.

Sign-in, our policies, and Google’s permissions. When you continue to Google and approve the permissions on Google’s screen, you authorize Google to share with us only what that screen describes (for example read-only YouTube or Analytics access). By completing member sign-in and using YHome.me as a signed-in member, you agree to the Terms of Service and acknowledge the Privacy Policy. You can withdraw Google’s access at any time in your Google Account permissions.

YouTube Analytics and other non–public API data. Metrics we receive through YouTube Analytics, YouTube Reporting, or similar authorized Google APIs (data that is not available from anonymous public YouTube pages alone) are used to operate analytics and statistics inside the Service—for example to refresh owner-appropriate figures such as share counts or thumbnail performance. We do not publish raw private API payloads for download, resell them, or expose another person’s restricted analytics. Where we show such information, it appears only as derived values in in-service screens (not as verbatim third-party API dumps), and only for accounts and roles the feature is designed for (for example the signed-in owner of that channel, or members with eligible access).

2. Google OAuth scopes, YouTube API use, and Limited Use

For member sign-in we use Google OAuth and request only the scopes below (we do not request broader YouTube scopes such as uploading videos or managing your YouTube account beyond read-only access described here). We may also call Google’s servers using a server-side YouTube Data API key to retrieve public channel, video, playlist, and comment resources for registered channel handles; that does not grant access to your private Google account data unless you sign in and authorize OAuth as described here.

• OpenID Connect, email, profile (openid, email, profile): verify your identity, create and secure your member account, and show your name and profile image in the Service.
• YouTube (read-only) (https://www.googleapis.com/auth/youtube.readonly): list channels you own (for example via mine=true channel requests), read public metadata for your owned and registered channels, and operate channel pages, content lists, playlists, and comments within the Service. We do not use this scope to upload, edit, or delete YouTube content on your behalf.
• YouTube Analytics (read-only) (https://www.googleapis.com/auth/yt-analytics.readonly): retrieve analytics metrics for channels you own as exposed by Google’s APIs, to power owner-appropriate statistics inside the Service (for example share-related or impression-related figures where implemented). We do not use this scope to obtain analytics for other users’ channels.

Offline access and refresh tokens. Where we request access_type=offline and Google issues a refresh token, we store and use it only to refresh the YouTube / Analytics access described above (for example scheduled refresh of owner analytics fields), until you revoke access or request deletion.

Google API Services User Data Policy (including Limited Use). Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements for restricted scopes where applicable. In particular: we use Google user data received through these APIs only to provide or improve user-facing features of the Service, maintain security, and comply with applicable law; we do not sell that data; we do not use it for third-party advertising, personalized advertising, or interest-based advertising; we do not transfer it to third parties except as described in this policy (for example infrastructure subprocessors acting on our instructions), with your direction where applicable, or as required by law. Human access to such data is limited to personnel who need it to operate, secure, or support the Service (or as law requires). We do not use Google OAuth tokens or YouTube Analytics responses to train generalized third-party machine-learning models; optional AI features (when offered) process only the text you submit for that specific request, as described for the Gemini API in Section 5 below.

YouTube API Services. The Service’s use of YouTube API Services and related data is subject to Google’s YouTube API Services Terms of Service. Members should also comply with the YouTube Terms of Service.

Children. The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly solicit or collect personal information from children in that age group for OAuth sign-in.

International processing. Google processes data on Google’s infrastructure; our hosting and database may be located in jurisdictions we or our providers select. Where cross-border transfers apply, we rely on appropriate mechanisms described by Google and our processors as relevant.

3. Purposes of use

• Identify members and maintain signed-in sessions
• Map YouTube channels you own to your account (for owner-only features)
• Collect public data for registered channels (videos, playlists, comments), provide analytics, and—for owned channels only—store metrics from YouTube Analytics such as share counts when tokens and permissions allow
• Operate the Service in compliance with Google and YouTube API policies and applicable law
• Grant operator (admin) privileges when your email matches configured admin addresses
• Prevent abuse, respond to incidents, and investigate security issues

4. Storage location and retention

• Member account: email; Google’s stable account identifier for you; display name; profile image URL; account grade and status; last sign-in time; and, when you connect YouTube Analytics, an OAuth refresh token used only to refresh the analytics you authorized
• Account and channel links: which YouTube channels are tied to your account, and whether each link is for a channel you own or one you saved as a favorite
• Owned-channel public metadata: cached public channel details for channels you own, as returned by Google’s public YouTube services (for example titles, descriptions, and thumbnails)
• Owned-channel analytics fields: values such as per-video share counts from YouTube Analytics when we collect content for channels you own—updated only when your permissions and tokens allow
• Session data: kept in server memory or a short-lived server store, and discarded when the browser session ends or you sign out

Member records are deleted without undue delay when you request account deletion. Where applicable law requires retention (e.g. access logs), we keep only what is necessary for the required period, separately from active service data.

5. Third parties and processors

We do not sell or share your personal information with unrelated third parties. We call the following external services solely to operate the Service:

• Google OAuth / YouTube Data API: sign-in and metadata for channels you own
• YouTube Analytics API: analytics for your channels, within the scope you approved and where the feature is implemented
• Google Gemini API: optional AI analysis of comments when you explicitly request it. We send only the text needed for analysis and do not include direct personal identifiers in that request.

Each provider applies its own privacy policy when you use their services. Google’s handling of data is described in the Google Privacy Policy.

6. Your rights and controls

You may access, correct, or delete your information as described below.

• Sign out: use the account menu (top right) to end your session immediately.
• Disconnect Google: revoke YHome.me’s access on your Google Account permissions page. The consent screen will appear again on your next sign-in.
• Delete member data: email us below to request deletion; we will remove member, mapping, and session data without undue delay.
• Public channel data: data we store about public channels, videos, and comments is a cache of information YouTube makes public. To request removal of cached data for a channel you own, contact us at the same email.

7. Security

All traffic uses HTTPS. Session cookies use HttpOnly and SameSite protections where configured. Database access is limited to authorized operators, and API keys are stored in server environment variables—not in client-side code.

8. Cookies and similar technologies

We use cookies and similar technologies that are stored on your device to operate the Service, understand aggregate traffic, and—depending on your choices—deliver or personalize advertising and on-site content. This section describes what we do for signed-in members versus visitors who are not signed in.

Members (signed in). When you create an account or sign in with Google, you agree to this Privacy Policy and our Terms of Service, which together describe how we use session and security-related cookies (and related identifiers) to keep you signed in, protect accounts, and run member features. We do not show the separate bottom-of-screen cookie consent banner to signed-in members because that consent is covered by your acceptance of this policy at sign-in (you can still control cookies in your browser settings).

Visitors (not signed in). If you have not signed in and our site has not yet recorded a choice for the first-party cookie yhome_cookie_consent, we may show a consent notice in Korean. By choosing “동의” (Accept), you allow us to use cookies for: providing the Service; improving service quality; traffic and usage analysis; and—where we implement them—serving ads and tailoring displayed content and ads using cookies or similar data on our domains. By choosing “필수만 허용” (Essential only), we limit use to what we reasonably need to run the Service, perform security and abuse prevention, and basic measurement without using that choice to enable optional advertising or advertising personalization features tied to that banner. You can change your mind by clearing that cookie in your browser (the notice may appear again on a future visit) or by contacting us.

Other first-party cookies. Regardless of the banner, we may use additional first-party cookies or storage for operational needs—for example a session cookie while you are signed in, short-lived channel visit counters so we do not double-count visits within a short window, or diagnostics. Clearing cookies may sign you out or reset preferences.

Relationship to Google API data. Restrictions in Section 2 on personalized advertising and transfers apply to information received from Google APIs and Google sign-in as described there. Cookie-based advertising or personalization for anonymous visitors, where offered, is a separate, site-level mechanism and is subject to the choices in this section and the notice shown on the Service.

9. Contact / requests

For privacy questions, access, deletion, or correction requests, contact us below. We aim to respond within seven business days.

• Email: sean@oddm.co.kr
• Service: https://yhome.me

10. Changes to this policy

When this policy changes, we update the effective date on this page. For material changes, we may also post a notice in the Service or email the address on your account.