arrow_back AIR End Screens

Privacy Policy

Effective date: April 20, 2026

1. Introduction

This Privacy Policy describes how REST & VEST LLC, operating as AIR Media-Tech (registered in Sharjah Media City, UAE), collects, uses, stores, and protects your personal data when you use our platform at end-screens.air.io and the accompanying Chrome Extension (collectively, the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you have any questions or concerns, please contact us at [email protected].

2. What Data We Collect

2.1 Account Data

  • Name
  • Email address
  • Avatar (profile picture)
  • Password (hashed)
  • Timezone
  • Locale
  • Two-factor authentication (2FA) secrets and recovery codes

2.2 YouTube Data

Through Google OAuth with scopes youtube.readonly and yt-analytics.readonly, we access:

  • Channel information (name, ID, subscriber count, thumbnail)
  • Video metadata (titles, IDs, publish dates, thumbnails)
  • End screen configurations
  • Analytics data (views, impressions, click-through rates)

2.3 YouTube Studio Data (via Chrome Extension)

When you use our Chrome Extension and initiate a sync, we collect:

  • YouTube Studio authentication credentials (cookies, SAPISID, session tokens, authorization headers)
  • Page ID

All YouTube Studio credentials are encrypted in transit and at rest.

2.4 Payment Data

  • Stripe Connect account ID
  • Transaction history
  • Payment card details are processed exclusively by Stripe and are never stored on our servers

2.5 Technical Data

  • IP address
  • User agent (browser and device information)
  • Session data (stored in the database)
  • Error and performance data (via Sentry)

2.6 Team Data

  • Access grants with assigned roles for collaborative team features

3. How We Collect Data

We collect data through the following methods:

  • Directly from you — when you register, update your profile, or configure settings
  • Google OAuth — using scopes openid, profile, and email for authentication
  • YouTube OAuth — using scopes youtube.readonly and yt-analytics.readonly with offline access to retrieve and refresh YouTube data
  • Chrome Extension — when you initiate a YouTube Studio sync through the extension
  • Automatically — technical data collected during your use of the Service
  • From Stripe webhooks — payment and transaction events sent by Stripe
  • Via YouTube APIs (scheduled jobs) — periodic retrieval of updated channel and video data

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Service delivery — providing and maintaining the core functionality of the platform
  • Marketplace (peer-to-peer) — facilitating end screen placement transactions between creators
  • Campaigns — managing and executing end screen campaigns
  • Team collaboration — enabling multi-user access and role-based permissions
  • Email notifications — sending transactional and service-related communications
  • Security — implementing two-factor authentication (2FA) and email verification
  • Monitoring — error tracking and performance monitoring via Sentry
  • Legal compliance — meeting regulatory and legal obligations

5. Google API Services User Data Policy Compliance

LIMITED USE DISCLOSURE: Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only request access necessary to provide the Service
  • Do not transfer Google user data to third parties, except as necessary to provide or improve the Service, as required by law, or with your explicit consent
  • Do not use Google user data for advertising purposes
  • Do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations

You may revoke our access to your Google account at any time by visiting https://myaccount.google.com/permissions.

6. Chrome Extension Data

Our Chrome Extension collects YouTube Studio authentication credentials only when you initiate a sync action. Specifically:

  • Data is collected only upon user-initiated sync — the extension does not run in the background
  • All collected data is transmitted securely over encrypted connections
  • The extension does NOT collect browsing history, data from other websites, or data from other browser tabs
  • YouTube Studio credentials are stored in encrypted form on our servers
  • You can delete your stored YouTube Studio credentials at any time via your account settings
  • The extension communicates exclusively with end-screens.air.io

7. Data Storage & Security

We implement appropriate technical and organizational measures to protect your data:

  • Restricted access — only authorized personnel can access personal data
  • Password hashing — passwords are stored using secure one-way hashing algorithms
  • Encrypted OAuth tokens — all OAuth tokens are encrypted at rest
  • Encrypted YouTube Studio credentials — all YouTube Studio authentication data is encrypted at rest
  • Encrypted 2FA secrets — two-factor authentication secrets are encrypted at rest
  • Database sessions — sessions are stored in the database, not in cookies
  • HTTP-only SameSite cookies — session cookies are configured as HTTP-only with SameSite attribute
  • Stripe PCI DSS compliance — all payment processing is handled by Stripe, which is PCI DSS compliant

8. Data Retention

  • Account data — retained while your account is active
  • OAuth tokens — retained while your Google/YouTube account is connected
  • YouTube Studio credentials — retained while your account is active, with periodic rotation
  • Marketplace transaction data — retained as required by applicable law
  • Analytics data — retained for reporting purposes
  • Sentry error data — retained per our Sentry configuration settings
  • Account deletion — when you delete your account, all associated data is cascading deleted

Exception: We may retain your name and email address after account deletion as required by law for fraud prevention and anti-money laundering (AML) purposes.

9. Third-Party Services

We integrate with the following third-party services:

Service Purpose Data Shared
Google OAuth Authentication Name, email, avatar
YouTube Data API v3 Channel and video data retrieval OAuth tokens, channel/video queries
YouTube Analytics API Performance analytics OAuth tokens, analytics queries
YouTube Reporting API Bulk reporting data OAuth tokens, report queries
YouTube Studio (via Extension) End screen management Studio authentication credentials
Stripe Connect Payment processing Stripe account ID, transaction data
Sentry Error tracking and monitoring Error data, IP address, user agent
Email provider Transactional email delivery Email address, notification content

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (Google, Stripe, Sentry), the European Union, and other jurisdictions where our service providers operate.

We ensure compliance with applicable data protection regulations, including:

  • GDPR — General Data Protection Regulation (EU 2016/679)
  • UAE Federal Decree Law No. 45 of 2021 — on the Protection of Personal Data

11. Data Protection Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under the GDPR:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — request limitation of how we process your data
  • Right to object — object to certain types of data processing
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to withdraw consent — withdraw your consent at any time where processing is based on consent

We will respond to your request within one month. To exercise any of these rights, please contact us at [email protected].

You may also revoke our access to your Google data at any time via Google Security Settings.

12. Account & Data Deletion

You can delete your account at any time through your account Settings. The process requires password confirmation.

  • Account deletion triggers a cascading delete of all associated data (channels, videos, campaigns, orders, team memberships, OAuth tokens, and YouTube Studio credentials)
  • You must complete all active marketplace orders before deleting your account
  • If you encounter technical issues with deletion, please contact [email protected]

Exception: Your name and email address may be retained as required by applicable law for fraud prevention and anti-money laundering purposes.

13. Children & Minors

The Service is intended for users who are at least 18 years of age. We do not knowingly collect personal data from children under 18. If we discover that we have collected personal data from a child under 18, we will promptly delete that data. If you believe a child under 18 has provided us with personal data, please contact us at [email protected].

14. Cookies

Our Service uses only a single essential session cookie to maintain your authenticated session. This cookie is:

  • Essential — required for the Service to function
  • HTTP-only — not accessible via JavaScript
  • Session-based — expires when your session ends

We do not use tracking cookies, advertising cookies, or analytics cookies. You can manage cookies through your browser settings.

15. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

16. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: [email protected]
  • Company: REST & VEST LLC
  • Address: Sharjah Media City (Shams), Sharjah, United Arab Emirates