Privacy Policy for Tortma

Last Updated: June 18, 2026

Overview

Tortma (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our Chrome extension and related services.

Information We Collect

1. YouTube Data

When you organize videos with Tortma, we access and process the following YouTube data:

  • Video Metadata: video ID, title, channel name, thumbnail URL, description, and duration (if available).
  • Playlist Information: playlist names and IDs so we can display available playlists and add videos to your selected playlists.
  • YouTube Account: your Google account email obtained through Google OAuth to identify your account, access your playlists, and perform playlist operations on your behalf.

2. Authentication Data

  • Google OAuth: your Google account email, temporary OAuth access tokens (1-hour expiry), and encrypted OAuth refresh tokens stored in Supabase.

3. Usage Data

  • Drop Counter: number of videos organized per day, tier level (Free/Pro/Max), and last login timestamp.
  • License Information: if you activate a license key, we store a hashed license key, activation date, and associated tier level.

4. Device Data

  • Extension Logs: error messages, performance metrics, browser version, and operating system (used for debugging only).

How We Use Your Information

  • Core Functionality: to enable drag-and-drop video organization to your YouTube playlists.
  • AI Categorization: to suggest appropriate playlists using the OpenRouter API.
  • Usage Limits: to enforce tier-based drop limits — Free: 15/day, Pro: 30/day, Max: 75/day.
  • License Verification: to validate and activate license keys.
  • Service Improvement: to identify bugs and improve extension performance.

Data Storage & Security

Where Data is Stored

  • Supabase PostgreSQL: user profiles, drop counts, and license information.
  • Chrome Storage API: temporary caching of video metadata (15-second expiry).
  • Google Servers: YouTube OAuth tokens and playlist data.

Encryption

  • OAuth refresh tokens are encrypted at rest in Supabase.
  • Access tokens are stored temporarily in Chrome storage (1-hour expiry).
  • All data transmission uses HTTPS.

Data Retention

  • Drop Records: retained for 90 days for usage analytics.
  • OAuth Tokens: refresh tokens retained until you sign out.
  • License Keys: retained while active and deleted upon deactivation.
  • User Profile: retained until account deletion.

Third-Party Services

We use the following third-party services to operate Tortma:

  1. Supabase

    Purpose: user authentication, database storage, and Edge Functions.

    Data Shared: user email, drop counts, license information.

    https://supabase.com/privacy
  2. Google / YouTube

    Purpose: OAuth authentication and playlist access.

    Data Shared: your YouTube account and playlists.

    https://policies.google.com/privacy
  3. OpenRouter

    Purpose: AI-powered video categorization.

    Data Shared: video title, channel name, and description.

    https://openrouter.ai/privacy
  4. Gumroad

    Purpose: license key validation.

    Data Shared: license key (hashed).

    https://gumroad.com/privacy

Your Rights

You have the right to:

  • Access: request a copy of your personal data.
  • Deletion: request deletion of your account and associated data.
  • Opt-Out: disable or uninstall the extension at any time.
  • Transparency: understand how your data is used.

To exercise these rights, contact us at [email protected].

Data We Do NOT Collect

  • Browsing History: we do not track which videos you watch.
  • Personal Information: Beyond your Google account email used for authentication, we don’t collect names, phone numbers, physical addresses, or government IDs.
  • Analytics: We don’t use Google Analytics or similar tracking services to monitor your behavior. Limited technical data (error messages, browser version, OS) may appear in extension logs solely for debugging.
  • Cookies: we do not use cookies for tracking purposes.
  • Video Content: we do not store or analyze video content itself.

Security Measures

  • All API calls use HTTPS encryption.
  • OAuth access tokens expire after 1 hour.
  • OAuth refresh tokens are encrypted in Supabase.
  • The extension only runs on YouTube domains.
  • We request minimal permissions (YouTube access only).
  • We conduct regular security audits of our code.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

  • Updating the “Last Updated” date.
  • Posting the new policy in the extension.
  • Requesting your consent if required by law.

Contact Us

For privacy concerns or data requests, contact us at: [email protected]
Website: https://tortma.com

Compliance

Tortma complies with:

  • Chrome Web Store Developer Program Policies
  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • YouTube Terms of Service
← Back to home