Privacy Policy for VidFlow

Effective Date: May 12, 2026

1. Introduction

Welcome to the VidFlow. We are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our agent within Superhuman Go and Coda.

2. Information We Collect

To provide our services, we require access to your Google/YouTube account via OAuth 2.0. We request the following scopes:

YouTube Data API: To search for videos, fetch video metadata, read your playlists, and perform authorized write actions (liking, subscribing, saving to playlists).
We DO NOT collect or store your Google passwords. Authentication is handled entirely through Coda's secure OAuth infrastructure.

3. How We Use Your Information

Your data is used strictly to execute the commands you request within the agent (e.g., fetching a transcript to generate a summary or sending a "like" to a video).

We do not sell, rent, or share your personal data or YouTube history with any third parties.
We do not use your data to train AI models.

4. YouTube API Services

Our agent uses YouTube API Services. By using our agent, you are also agreeing to be bound by the YouTube Terms of Service and the Google Privacy Policy.

5. Data Protection and Security Mechanisms

VidFlow takes the security of your data seriously and employs industry-standard encryption protocols to protect all information handled by our services.

Encryption in Transit: All data transmitted between your device and our services is encrypted using Transport Layer Security (TLS/HTTPS), ensuring that your information cannot be intercepted or read by unauthorized parties during transmission.
Secure OAuth Token Storage: OAuth 2.0 access tokens granted by you are stored within isolated, encrypted infrastructure provided by Coda's secure OAuth management layer. These tokens are never exposed, transferred, or made accessible to any third parties under any circumstances.
Access Controls: Access to any operational systems that interact with your credentials is strictly limited to authorized personnel and automated processes required to deliver the requested service functionality.

6. Data Retention and Deletion Policy

VidFlow is designed with a strict data minimization principle. We do not permanently store, harvest, or track Google user data— including but not limited to search logs, playlist data, viewing history, or account structures — on any external servers owned or operated by Sanmark Solutions.

In-Memory Processing: Any video data, metadata, or API responses fetched on your behalf are processed entirely in memory or held in a temporary session cache solely to optimize the performance of your active workspace session. This data is automatically and permanently purged the moment your user session ends.
No Persistent Data Profiles: We do not build, store, or maintain persistent data profiles from your Google account activity. Each interaction is treated as transient and stateless beyond the active session.
Revoking Access & Immediate Deletion: You can immediately revoke VidFlow's access to your Google account at any time by visiting your Google Security Settings. Upon revocation, any associated session tokens are invalidated immediately.
Data Deletion Requests: Users may request the immediate deletion of any temporarily cached metadata or ask privacy questions by emailing our data compliance desk at [email protected]. All requests are processed within 48 hours.

7. Google API Services User Data Policy Compliance

VidFlow's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8. Revoking Access

You can revoke the agent's access to your YouTube account at any time by visiting your Google Security Settings.

9. Contact Us

If you have any questions or concerns about your privacy, please contact the Sanmark Solutions Development Team at [email protected].