Privacy Policy for Reaction Bridge

Last Updated and Effective Date: 2024-07-20

Your privacy and trust are of the utmost importance to us. This Privacy Policy outlines our firm commitment to transparency and data protection in compliance with applicable regulations, including the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for the "Reaction Bridge" browser extension ("the App") is:

Martin Piontek
[Ihre Straße und Hausnummer, falls zutreffend]
[Ihre PLZ und Stadt, falls zutreffend]
Germany
Email: mjrduff@googlemail.com

2. Principle of Data Minimization and Purpose Limitation

Our core philosophy is the **Principle of Least Privilege and Data Minimization**. We only request access to data that is strictly necessary for the App's single, clearly defined purpose: to allow users to interact with original YouTube videos from within a reaction video.

3. Permissions Requested and Their Strict Purpose

During the authentication process, you will be asked to grant the App a permission scope from Google. Due to the structure of the YouTube Data API, we are required to request the broad https://www.googleapis.com/auth/youtube.force-ssl scope to enable the comment-posting functionality.

The consent screen from Google will describe this permission as allowing the App to "See, edit, and permanently delete your YouTube videos, ratings, comments and captions." We want to be unequivocally clear about how we use this permission:

• ✅ **WE DO USE** this permission to:
  • Read your channel information to display the active account.
  • Read your rating and subscription status for a video.
  • Post, edit, and delete **your own comments** initiated by you through the App.
  • Add videos to your "Watch Later" playlist.
  • Rate videos (Like/Dislike) on your behalf.
• ❌ **WE DO NOT AND WILL NEVER USE** this permission to:
  • View, edit, upload, or delete your videos.
  • Manage your captions.
  • Access any personal information beyond your public channel name and ID.
  • Perform any action without your explicit interaction (e.g., a button click).

The App's code contains no functionality to perform the actions marked with ❌. We are obligated to request the broad scope but are committed to using it only for the narrow purposes listed above.

4. Data Storage and Processing

No personal data is processed or stored on any external servers. All API interactions occur directly between your browser and Google's servers. The only data the App stores is the ID of a comment you post, which is saved locally on your device using the secure `chrome.storage.local` API. This data is not transmitted to us or any third party.

5. Data Sharing and Disclosure

We declare unequivocally: **We do not sell, rent, share, transfer, or disclose any of your Google user data to any third parties for any reason.**

6. Your Rights under GDPR

As a user, you have comprehensive rights regarding your data:

• The Right to Withdraw Consent: You can revoke the App's access at any time via your Google Account permissions page. This will immediately prevent the App from accessing your data.
• The Right of Access, Rectification, and Erasure: Since we do not store your personal data, these rights are primarily exercised through your own YouTube account.

7. Data Security

All communication between the App and the Google YouTube Data API is encrypted using Transport Layer Security (TLS/SSL). Authentication is handled via the industry-standard OAuth 2.0 protocol, ensuring we never have access to your password.

8. Contact and Complaints

If you have any questions about this policy or our privacy practices, please contact the data controller at the email address listed in Section 1. You also have the right to lodge a complaint with a supervisory authority.

← Back to Homepage