Privacy Policy

This Policy covers the ScriptLark website at scriptlark.com, its sub-domains, the creator dashboard, and every tool in the Extract · Analyze · Create pipeline (collectively, the “Service”).

It does not cover third-party sites or services—including YouTube and Google sign-in—that we do not control, even when you reach them through a link from ScriptLark or when the Service reads publicly available data from those platforms.

By using the Service, you acknowledge this Policy. If you disagree, please do not use ScriptLark.

We collect personal data in three ways: what you provide, what is generated through your use of the pipeline, and what our systems record automatically.

a) Information you provide

• Account data — when you sign in with Google (or another supported provider), we receive your name, email address, profile picture, and a stable user ID.
• Pipeline inputs — YouTube watch, Shorts, or youtu.be URLs; video or channel IDs; @handles; search keywords; and any prompts you type into analyze or create tools.
• Support messages — content of emails or other correspondence you send us.
• Billing signals — if you subscribe to a paid plan, our payment processor shares status, plan tier, and limited card metadata (e.g., last four digits). We never store full card numbers.

b) Data created when you run the pipeline

• Extract outputs — transcripts, subtitle files, summaries, chapters, and related text pulled from public YouTube pages.
• Analyze outputs — hook and structure breakdowns, comment reads, niche or competitor reports, channel audits, and other AI-generated insights tied to your inputs.
• Create outputs — scripts, hooks, titles, notes, blog drafts, and similar content generated from your topic plus the reference material.
• Workspace history — saved runs keyed to videos, channels, or queries so you can reopen prior work in the dashboard.
• Usage metering — credit consumption, feature limits, and timestamps associated with your account.

ScriptLark processes public page data and captions from YouTube; we do not require you to upload video files, and we do not intend to store full video or audio binaries on your behalf.

c) Automatic technical data

• IP address, approximate location from IP, browser and device type, operating system, referrer, pages visited, and diagnostic logs.
• Cookies and local storage — see Section 6.

d) Third-party sources

• Identity providers you choose for sign-in.
• Infrastructure, security, analytics, AI, and payment vendors that help us operate the Service.

Please do not submit special-category personal data (health, biometric, political, religious, etc.) through ScriptLark.

We use personal data to:

• Authenticate you and operate the Extract · Analyze · Create pipeline you request.
• Fetch public transcript, metadata, and comment data needed to produce tool outputs—without asking you to re-paste the same link at every stage.
• Save workspace history (per-video summaries, chats, notes, scripts, audits, etc.) across sessions.
• Track credits and enforce plan limits for signed-in features.
• Send service messages, security alerts, and (where permitted) product updates.
• Monitor abuse, debug failures, and improve reliability and accuracy of pipeline tools.
• Produce aggregated, de-identified statistics about feature usage.
• Meet legal obligations and defend our rights.

We do not use your private pipeline outputs to train public foundation models for unrelated products, and we do not sell personal data.

Where GDPR or similar laws apply, we rely on:

• Contract — delivering the Service and plan you signed up for.
• Legitimate interests — securing ScriptLark, preventing abuse, and improving the pipeline in ways that respect your rights.
• Consent — where required (e.g., non-essential cookies in opt-in jurisdictions).
• Legal obligation — compliance and enforcement.

Under the PDPA, we collect, use, and disclose personal data with consent or under applicable exemptions.

We share personal data only as needed to run ScriptLark:

• Sign-in providers (e.g., Google) — to verify your identity.
• Cloud hosting, databases, and CDNs — to store accounts, history, and deliver the site.
• AI model providers — your prompts, transcript excerpts, and related inputs may be transmitted to generate analyze and create outputs. Processors are bound by contract to handle data only on our instructions.
• Analytics and email vendors — usage telemetry and transactional messages.
• Payment processors — for Pro and Max subscriptions when checkout is available.

We may also disclose data when required by law, to protect users and ScriptLark, or in connection with a merger or asset sale subject to equivalent protections.

We use cookies and browser storage to:

• Keep you signed in and maintain session security.
• Remember locale preferences and dashboard UI state (e.g., sidebar scroll).
• Measure aggregated traffic and diagnose errors where analytics tools are enabled.

We do not use cross-site advertising cookies or sell browsing profiles. You can block cookies in browser settings, but strictly necessary storage is required for signed-in pipeline features.

ScriptLark is operated from Singapore. Processors may store or compute data in other countries with different privacy laws. Where required, we use contractual safeguards (such as standard contractual clauses) to protect transferred data.

By using the Service, you understand that your data may be processed outside your home country.

• Account data — while your account is active, plus a reasonable period after closure for legal and security needs.
• Workspace history — while your account is active; you can delete individual items in the dashboard. Backups may retain deleted entries briefly before purge.
• Logs — short rolling windows for operations and security.
• Billing records — as required by tax and accounting law.

You may request account deletion under Section 10.

We apply industry-standard safeguards—encryption in transit, access controls, least-privilege practices, and monitoring—to protect personal data. No online service is perfectly secure; keep your sign-in credentials private and notify us if you suspect unauthorized access.

Subject to applicable law, you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent where processing is consent-based.

California residents: we do not sell personal information under the CCPA. You may have rights to know, delete, and limit certain uses as that law provides.

Contact us at [email protected]. We may verify your identity before responding. You may also lodge a complaint with the PDPC of Singapore or your local authority.

ScriptLark is not directed at children under 13, and we do not knowingly collect their personal data. Users aged 13–17 (or below local majority) should use the Service only with a parent or guardian’s consent.

ScriptLark reads publicly available YouTube data—captions, metadata, comments where enabled—to power the pipeline. We are not affiliated with, endorsed by, or sponsored by YouTube, Google LLC, or Alphabet Inc. Their trademarks belong to their owners.

When you follow a link to YouTube or another third party, their privacy policies govern what happens on their sites—not this Policy.

We may update this Policy as ScriptLark evolves. The current version is always at scriptlark.com/privacy with the “Last updated” date shown above. Material changes take effect when posted unless law requires otherwise; continued use means you accept the revised Policy.

Questions or rights requests: [email protected].

This Policy is governed by Singapore law, consistent with our Terms. The English version is authoritative; translations are for convenience only.