Privacy Policy

Virality Labs is a YouTube content optimization platform. We analyze video content — via direct upload or YouTube URL — to predict viral potential, generate AI-powered suggestions, and help creators grow their channels.

We are the data controller for personal data provided directly to us (account information, uploaded content). For data processed on your behalf (e.g., your subscribers' data if you share channel statistics), you remain the data controller and we act as a data processor.

We are committed to transparent, minimal data collection and will never sell your personal information to third parties.

We do not use your content or analysis results to train third-party AI models without explicit consent. Aggregated, anonymised statistics (e.g., "average viral score in the Gaming category") may be used internally.

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with equivalent data protection laws, we rely on the following legal bases:

• ▸Contract (Art. 6(1)(b) GDPR): Processing necessary to provide the service you signed up for — account creation, video analysis, report generation, credit management.
• ▸Legitimate Interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, product analytics, and improving the service — where these interests are not overridden by your rights.
• ▸Legal Obligation (Art. 6(1)(c) GDPR): Retaining certain financial records to comply with tax and accounting regulations.
• ▸Consent (Art. 6(1)(a) GDPR): Non-essential cookies and marketing communications — where we have obtained your explicit consent. You may withdraw consent at any time.

We do not sell, rent, or trade your personal data. We share data only with the sub-processors listed below, each bound by a Data Processing Agreement and appropriate safeguards:

A full list of specific sub-processors is available on request at hello@virality-labs.com.

We may also disclose data when required by law (e.g., court order, regulatory request) or to protect the safety, rights, or property of Virality Labs, our users, or the public. We will notify you of such requests to the extent permitted by law.

• ▸Uploaded video files: Deleted immediately after analysis completes, or within 24 hours — whichever is sooner.
• ▸Audio files (extracted for transcription): Deleted as soon as transcription is returned, typically within minutes.
• ▸Analysis reports & results: Retained while your account is active. You can delete individual reports at any time from your dashboard.
• ▸Account data (email, profile): Retained while your account is active, and for up to 30 days after deletion to allow recovery. Permanently purged thereafter.
• ▸Payment records: 7 years to comply with accounting and tax regulations (processed by Polar; we retain only plan/status metadata).
• ▸Thumbnail images (uploaded videos): Retained while the corresponding report exists. Deleted when you delete the report or your account.
• ▸YouTube channel stats cache: Up to 24 hours from last sync. Deleted immediately when you disconnect your channel or close your account.
• ▸Analytics data: Retained for up to 14 months by our analytics provider. Data is anonymised at the point of collection.
• ▸Server logs (IP, access logs): Up to 90 days for security purposes, then purged.

Virality Labs is operated from and data is primarily processed in the United States. If you access the service from the EEA, UK, or other regions with data transfer restrictions, your data will be transferred internationally.

We rely on the following safeguards for international transfers:

• Standard Contractual Clauses (SCCs) — for transfers to processors established in the US, where the processor has executed SCCs with us or their customers.
• Data Privacy Framework (DPF) — where applicable sub-processors (e.g., Google, Cloudflare) are certified under the EU-U.S. Data Privacy Framework.
• Adequacy decisions — where the European Commission has determined the recipient country provides adequate protection.

You may request a copy of the relevant transfer mechanism by contacting us at hello@virality-labs.com.

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@virality-labs.com. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice).

Most account data (email, reports) can be managed directly from your Account Settings. Account deletion is available in Settings → Delete Account.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following additional rights:

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it.
• Right to Delete — request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct — request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioral advertising. No opt-out is required.
• Right to Limit Use of Sensitive Personal Information — we do not collect or process sensitive personal information as defined under CPRA (e.g., social security numbers, precise geolocation, biometric data).
• Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a verifiable consumer request, email hello@virality-labs.com with subject line "CCPA Request". We will verify your identity before processing. You may also designate an authorised agent to submit requests on your behalf.

Categories of personal information collected in the past 12 months: Identifiers (email, IP), commercial information (subscription, credits), internet/electronic activity (usage logs, pages visited), inferences drawn from usage data. No sensitive personal information as defined by CPRA.

Virality Labs is not directed to individuals under the age of 16 (or 13 in jurisdictions that permit it with parental consent). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@virality-labs.com and we will delete it promptly.

We implement industry-standard technical and organisational measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit
• AES-256 encryption for data at rest
• Passwords stored as hashed and salted digests — never in plaintext
• Strict access controls — principle of least privilege across all internal systems
• Uploaded video and audio files isolated in ephemeral directories and purged immediately after processing
• No raw payment card data ever touches our servers — handled exclusively by our PCI-compliant payment processor
• Regular dependency audits and security reviews

Despite these measures, no internet transmission is 100% secure. If you discover a security vulnerability, please disclose it responsibly to hello@virality-labs.com.

In the event of a data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and notify affected users without undue delay (GDPR Art. 34).

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Effective date" at the top of this page
• Send an email notification to registered users
• Display an in-app banner for 14 days after the change takes effect

Your continued use of the service after the effective date constitutes acceptance of the updated policy. If you do not agree, you may close your account before the effective date.

For any privacy-related questions, requests, or complaints, please contact us:

If you are an EU/UK resident and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority:

• EU: Your national DPA (list at edpb.europa.eu)
• UK: Information Commissioner's Office (ICO) at ico.org.uk