SOKU
|
Log in

Privacy Policy

Last updated: May 10, 2026

§1. Data controller

  1. The controller of your personal data is Michał Soczyński, conducting business under the name Michał Soczyński Smash The Code, ul. Kozłowskiego 33/10, 62-064 Plewiska, Poland, VAT ID: PL5732775252 (hereinafter: "Controller").
  2. Contact the Controller on data protection matters: support@soku.pro.
  3. SOKU is not affiliated with or sponsored by YouTube LLC or Google LLC. YouTube™ and Google™ are registered trademarks of Google LLC.

§2. What data we collect

  1. Google account data (during registration):
    • email address,
    • first and last name,
    • profile photo (if available).
  2. YouTube API data (API Data) (after connecting a channel) – data obtained via YouTube API Services, classified as API Data as defined in the YouTube API Services Terms of Service:
    • Channel ID,
    • channel statistics,
    • video list and metadata,
    • video subtitles (if publicly available).
    API Data obtained with the user's consent that is not publicly available via the YouTube API is stored solely to the extent necessary to provide the Service and is deleted when the channel is disconnected or the Account is deleted.
  3. Consent data:
    • date of Terms of Service acceptance,
    • date of Privacy Policy acceptance,
    • date of newsletter consent (optional).
  4. Technical data (automatically):
    • IP address,
    • browser and operating system type,
    • session and CSRF cookies.

§3. Purposes of data processing

We process your data for the following purposes:

  1. Service provision (Art. 6(1)(b) GDPR) – performance of the electronic services agreement:
    • authentication and account management,
    • YouTube channel analysis and statistics presentation,
    • competitor tracking and report generation,
    • AI content generation.
  2. Legitimate interests (Art. 6(1)(f) GDPR):
    • ensuring Service security,
    • analytics and Service improvement,
    • handling complaints and enquiries.
  3. Consent (Art. 6(1)(a) GDPR):
    • sending newsletter (upon consent).
  4. Legal obligation (Art. 6(1)(c) GDPR):
    • fulfilling tax and accounting obligations.

§4. Third parties and AI tools

  1. To provide the Services, your data may be transferred to third parties. Below we explain to whom and to what extent:
    • Google / YouTube – authentication (Google OAuth 2.0) and channel data retrieval (YouTube Data API). Google processes data according to privacy rules set out in its own documentation.
    • OpenAI, Anthropic – we transfer only the content necessary for a specific task (e.g. title text, description), without the User's personal data.
    • Infrastructure providers – data storage on servers (AWS, details below).
    The list of external providers may change as the Service develops.
  2. Data transfers to the USA take place on the basis of standard contractual clauses (SCCs) approved by the European Commission or other appropriate safeguards pursuant to Art. 46 GDPR.
  3. Other data processors acting on behalf of the Controller:
    • Amazon Web Services (AWS) (EU) – server hosting, infrastructure and file storage. Data processed on EU servers. Data protection details are published by AWS in its own documentation.
    • MailerLite (EU) – newsletter delivery. Subscriber data (email address) processed in EU data centres. Privacy terms are described in MailerLite's own documentation.
    • MailerSend (MailerSend, Inc., USA) – transactional emails (e.g. confirmations, notifications). Transfers to the USA based on standard contractual clauses or the EU-U.S. Data Privacy Framework. Privacy terms are described in MailerSend's own documentation.
    • Sentry (Functional Software, Inc., USA) – technical error monitoring for the Service (frontend and backend). Diagnostic data (including stack traces, URLs, browser type) is processed solely for the purpose of fixing errors. Transfers to the USA based on standard contractual clauses. Privacy terms are described in Sentry's own documentation.
    • Creem (creem.io) – payment processing (subscriptions and credit packs). Creem acts as merchant of record and processes payment data (name, email address, billing details) as an independent controller. Transfers to the USA based on standard contractual clauses. Privacy terms are described in Creem's own documentation.

§5. Cookies

  1. Essential (technical) cookies – required for the Service to function:
    • Session cookies – placed on the User's device to maintain the logged-in session; deleted when the browser is closed or the session expires.
    • CSRF cookies – placed on the User's device to protect against Cross-Site Request Forgery attacks; required for secure request processing.
    These cookies do not require your consent. Disabling them in browser settings may prevent use of the Service.
  2. Analytical, marketing and tracking cookies (Google Analytics) – the Service uses Google Analytics (provider: Google Ireland Limited / Google LLC), which places analytical, marketing and tracking cookies on your device. They are used to:
    • analyse traffic in the Service and how Users use it,
    • optimise Service content and functionality,
    • measure the effectiveness of marketing activities (including remarketing).
    Processing data through Google Analytics is based on your consent (Art. 6(1)(a) GDPR). Data may be transferred to Google LLC (USA) based on standard contractual clauses. Full information on cookies and privacy for this product is published by Google in its own documentation. The Service also uses Meta Pixel (provider: Meta Platforms Ireland Limited / Meta Platforms, Inc.), which places marketing and remarketing cookies on your device. These are used to measure ad effectiveness, run remarketing campaigns and build audience segments on the Meta platform. Processing is based on your consent (Art. 6(1)(a) GDPR). Data may be transferred to Meta Platforms, Inc. (USA) based on standard contractual clauses. Full information on processing and privacy is published by Meta in its own documentation.
  3. You can withdraw consent to analytical, marketing and tracking cookies at any time in the cookie settings of the Service or in your browser settings. Disabling essential cookies may limit or prevent use of the Service.

§6. Data retention periods

  1. Account data – for the duration of Service use and up to 30 days after Account deletion.
  2. Private YouTube API data – for the duration of Service use. Deleted after disconnecting the channel or deleting the Account.
  3. Billing data – for the period required by tax law (5 years from the end of the tax year).
  4. Consent data – for the duration of Service use and up to 3 years after Account deletion (for evidentiary purposes).
  5. Session cookies – until the session ends or the browser is closed.
  6. Analytical, marketing and tracking cookies (Google Analytics) – in accordance with service settings and Google policy (up to 24 months).
  7. Marketing and remarketing cookies (Meta Pixel) – in accordance with service settings and Meta policy.

§7. User rights

Under the GDPR you have the following rights:

  1. Right of access (Art. 15 GDPR) – you have the right to obtain information about whether we process your data and to receive a copy.
  2. Right to rectification (Art. 16 GDPR) – you have the right to request correction of inaccurate or completion of incomplete data.
  3. Right to erasure (Art. 17 GDPR) – you have the right to request deletion of your data ("right to be forgotten").
  4. Right to restriction of processing (Art. 18 GDPR) – you have the right to request restriction of data processing in certain cases.
  5. Right to data portability (Art. 20 GDPR) – you have the right to receive your data in a structured format and transfer it to another controller.
  6. Right to object (Art. 21 GDPR) – you have the right to object to processing based on legitimate interests.
  7. Right to withdraw consent – you can withdraw consent to data processing (e.g. newsletter) at any time, without affecting the lawfulness of processing before withdrawal.
  8. Right to lodge a complaint – you have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, https://uodo.gov.pl.

To exercise your rights, contact us: support@soku.pro. We will respond within 30 days.

§8. Data security

  1. We apply appropriate technical and organisational measures to protect personal data, including:
    • data transmission encryption (HTTPS/TLS),
    • secure storage of passwords and tokens,
    • restricted data access (principle of least privilege),
    • regular software updates,
    • access logging and monitoring.

§9. Newsletter

  1. The newsletter is sent only to people who have given separate consent - during registration in the Service or via the signup form on the homepage.
  2. The newsletter contains information about Service updates, new features and YouTube tips.
  3. Consent may be withdrawn at any time via the unsubscribe link in the email or by contacting the Controller.

§10. YouTube API Services

  1. The Service uses YouTube API Services (YouTube Data API). By using the Service, you accept the YouTube Terms of Service.
  2. Information about how Google processes your data is contained in Google's privacy documentation.
  3. You can revoke the Service's authorisation to access your Google account and YouTube data at any time in Google connection settings (https://myaccount.google.com/connections?filters=3,4&hl=en). After revoking authorisation, the Service will no longer retrieve new data from your YouTube account.
  4. Procedure for deleting YouTube data stored by the Service: (a) disconnect your channel in the Service panel – this deletes the associated API Data, or (b) delete your Account – contact us at support@soku.pro; your data will be permanently deleted within 30 days. Please note that revoking OAuth authorisation (item 3 above) does not automatically delete data stored by the Service – for that, please contact the Controller.

§11. Changes to the Privacy Policy

  1. The Controller reserves the right to amend this Privacy Policy.
  2. Users will be notified of changes by electronic means at least 30 days in advance.
  3. Continued use of the Service after changes take effect constitutes acceptance of those changes.

§12. Contact

For matters relating to personal data protection, please contact us:

  1. Email: support@soku.pro
  2. Postal address: Michał Soczyński Smash The Code, ul. Kozłowskiego 33/10, 62-064 Plewiska, Poland