SublarkSublark

Privacy Policy

Last updated: January 7, 2026

1. Introduction

Sublark ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Sublark, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information from Creators (Account Holders)

When you sign up as a Creator, we collect:

  • Google Account Information: Email address, name, and profile picture via Google OAuth
  • YouTube Channel Data: Channel name, channel ID, profile picture, subscriber count, video count, and information about uploaded videos
  • OAuth Tokens: Access and refresh tokens to maintain your YouTube connection (stored securely)

2.2 Information from Subscribers

When someone subscribes to a Creator's email list, we collect:

  • Email Address: The email address provided during subscription
  • Subscription Status: Whether the subscription is active, pending, or unsubscribed
  • Engagement Data: Email opens and clicks (for analytics)

2.3 Automatically Collected Information

We automatically collect certain information when you use our Service:

  • Log Data: IP address, browser type, operating system, referring URLs, and access times
  • Device Information: Device type, unique device identifiers
  • Usage Data: Pages visited, features used, and actions taken
  • Cookies: Session cookies for authentication and preferences

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our Service
  • Authenticate users and manage accounts
  • Send email notifications on behalf of Creators
  • Process and track email engagement
  • Detect and prevent fraud or abuse
  • Communicate with you about the Service
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience

4. YouTube API Services

Our Service uses the YouTube API Services. In addition to our Privacy Policy, your use of YouTube data is also governed by the Google Privacy Policy: https://policies.google.com/privacy

We use YouTube API data solely to:

  • Display your channel information on your public subscribe page
  • Detect when you upload new videos
  • Access video metadata (title, description, thumbnail) to generate email notifications
  • Send notifications to your subscribers about new uploads, driving traffic back to your YouTube videos

You can revoke our access to your YouTube data at any time through the Google security settings page: https://security.google.com/settings/security/permissions

4a. AI-Generated Content

Sublark uses artificial intelligence (AI) to generate email content on behalf of Creators. When a Creator uploads a new video:

  • We access the video's title, description, and thumbnail from YouTube
  • Our AI generates a brief email notification summarizing the video in a conversational tone
  • The email includes a link directing subscribers to watch the video on YouTube

Creators can preview and edit AI-generated content before sending, or enable automatic sending. AI-generated emails are designed to inform subscribers about new content and drive engagement with the Creator's YouTube channel.

4b. Advertising in Emails

Sublark is a free service supported by advertising. Emails sent through our platform may contain:

  • Brand-safe sponsored content or advertisements
  • Promotional messages from vetted advertising partners

We share advertising revenue with Creators. Advertisements are clearly labeled and placed separately from the Creator's content. We do not sell subscriber email addresses to advertisers. Ad partners may receive aggregated, anonymized performance data (e.g., click rates) but not individual subscriber information.

4c. Email Click Tracking and Engagement

To provide a better experience and ensure advertising quality, we track engagement with emails sent through our platform:

What We Track

  • Link Clicks: When you click a link in an email from a Sublark creator, we record that you clicked the link before redirecting you to the destination
  • Click Timestamps: The date and time of your click
  • IP Address (Hashed): We collect and hash your IP address using a one-way cryptographic function. This means we cannot recover your actual IP address—we only use the hash to detect patterns that may indicate fraud
  • Technical Headers: We analyze request headers (user-agent, accept-language) to filter out automated systems like link scanners, security tools, and email preview bots

Why We Track Clicks

  • Engagement Measurement: We use click data to determine which subscribers are actively engaged with email content. Advertisers only pay for ads shown to engaged subscribers (those who have clicked a link in the last 90 days or subscribed within the last 14 days)
  • Fraud Prevention: We use hashed IP addresses and click patterns to detect and prevent fraudulent activity, such as fake clicks or bot traffic
  • Analytics for Creators: Creators can see aggregate click rates and engagement metrics in their dashboard

How to Opt Out

If you prefer not to have your clicks tracked, you can unsubscribe from any creator's email list using the unsubscribe link at the bottom of every email. Unsubscribing removes you from the creator's list and stops all future email communications and tracking from that creator.

Privacy-First Design:

We designed our click tracking with privacy in mind. IP addresses are immediately hashed using a secure one-way function—we never store or access your actual IP address. Click data is used solely for engagement measurement and fraud prevention, never for advertising targeting or sale to third parties.

5. Google OAuth and Limited Use Disclosure

Sublark's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use Disclosure:

We only use data obtained through Google APIs to provide and improve the Sublark service as described in this policy. We do not use data obtained from Google APIs to target advertisements, nor do we share Google API data with third parties for advertising purposes.

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • With Service Providers: Third-party vendors who help us operate our Service (e.g., hosting, email delivery, analytics)
  • For Legal Compliance: When required by law, regulation, or legal process
  • To Protect Rights: To protect the rights, property, or safety of Sublark, our users, or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication and YouTube API access
  • Supabase: For database and authentication infrastructure
  • Vercel: For web hosting and deployment
  • Resend: For transactional email delivery
  • OpenAI API: For generating email content summaries. Data sent to the OpenAI API is subject to their Business Terms, which prohibit the use of API data for training their models. We do not allow third-party AI models to use Google User Data for training purposes.
  • Google Analytics: For website analytics (if enabled)

These services have their own privacy policies governing their use of your data.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze usage patterns
  • Track email opens and clicks

You can control cookies through your browser settings, but disabling cookies may affect the functionality of our Service.

9. Google Analytics

We may use Google Analytics to analyze website traffic and usage patterns. Google Analytics collects data such as:

  • Pages visited and time spent on pages
  • Traffic sources and referral information
  • Device and browser information
  • Geographic location (country/city level)

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

10. Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide our Service
  • Required by law or for legitimate business purposes

Subscriber data is retained until the subscriber unsubscribes or the Creator deletes their account. You can request deletion of your data at any time.

11. Data Security

We implement appropriate security measures to protect your data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure storage of OAuth tokens
  • Row-level security in our database
  • Regular security audits
  • Access controls and authentication

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Export your subscriber list in CSV format
  • Objection: Object to certain processing of your data
  • Withdrawal: Withdraw consent at any time

To exercise these rights, please contact us at privacy@sublark.com.

13. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing personal data includes: consent, contract performance, legitimate interests, and legal obligations.

14. CCPA Compliance (California Users)

If you are a California resident, you have the following rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to equal service and price

We do not sell your personal information. To exercise your rights, contact us at privacy@sublark.com.

15. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

16. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Third-Party Disclaimer:

Sublark is an independent service and is not affiliated with, endorsed by, or sponsored by YouTube, Google LLC, or Alphabet Inc. YouTube and Google are registered trademarks of Google LLC. All third-party trademarks, service marks, and logos are the property of their respective owners.

← Back to Home