Privacy Policy
Last updated: June 29, 2026
Resumio takes your privacy seriously. This policy explains what data we process through our website and Chrome extension, why, on what legal basis, for how long, and what your rights are, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (loi Informatique et Libertés).
1. Data controller
The data controller is Nicolas Lemaitre, publisher of resumio.tech and the Resumio Chrome extension. For any questions about your data, contact us at hello@resumio.tech.
2. Data we collect
Account data
- Email address (account creation, login, security).
- Account identifier and email confirmation status.
- Authentication tokens (session) when you sign in from the website or the extension.
Chrome extension
The Resumio Chrome extension runs on YouTube pages and communicates with https://resumio.tech. It does not read your browsing history outside YouTube.
- Data read on YouTube: identifier and title of the current video, and captions/transcripts available on the page.
- Data stored locally in the browser (chrome.storage): preferences (language), session tokens when signed in, subscription plan, free-tier usage counters, and a local cache of recent analyses.
- Data sent to our servers when you run an analysis: transcript, video identifier and title, language preferences, and session token when applicable.
- Pro checkout from the extension: if you subscribe without an existing account, your email address is passed to Stripe through our API to create the payment session; no card details pass through our servers.
Uninstalling the extension removes data stored locally in your browser. Analyses saved to your cloud library remain linked to your account until you delete them or close your account.
Subscription and payment data
- Plan (Free / Pro), Stripe subscription and customer identifiers, subscription status.
- We never store your card details: payment is handled entirely by Stripe.
Usage data
- Number of analyses and chat messages (for quotas and abuse prevention).
- Personal library: analyses you generate and save (title, summary, video identifier, associated transcript).
- Minimal technical data: IP address (anti-abuse fingerprint), server logs, request type.
Analyzed content
- URL or identifier of YouTube videos you submit, and their transcripts, sent to our AI providers to produce the summary.
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Provide the service (analysis, summary, chat, library) | Contract performance (GDPR Art. 6(1)(b)) |
| Manage your account and subscription | Contract performance |
| Manage quotas and prevent abuse / fraud | Legitimate interest (GDPR Art. 6(1)(f)) |
| Send transactional emails (login, receipts) | Contract performance |
| Meet our accounting and legal obligations | Legal obligation (GDPR Art. 6(1)(c)) |
4. Recipients and subprocessors
Your data is never sold. It is shared only with providers strictly necessary to operate the service, acting as subprocessors:
| Provider | Role | Location |
|---|---|---|
| Supabase | Authentication and database (accounts, subscriptions, usage) | European Union (Paris, AWS eu-west-3) |
| Stripe | Payment processing and subscription management | Ireland / United States |
| OpenAI | Summary and chat generation from transcripts | United States |
| Groq | Fallback audio transcription (videos without subtitles) | United States |
| Supadata | YouTube transcript retrieval (fallback) | European Union / United States |
| Resend | Transactional email delivery (login, confirmations) | United States |
| Vercel | Website and API hosting | United States |
Our AI providers (OpenAI, Groq) process transcripts to generate summaries but do not use them to train their models under API usage.
5. Transfers outside the European Union
Some providers (notably OpenAI, Groq, Stripe, Resend, Vercel) are located in the United States. These transfers are covered by appropriate safeguards under the GDPR: European Commission Standard Contractual Clauses and/or participation in the EU–US Data Privacy Framework.
6. Retention periods
- Account and library: while your account is active, then deleted after closure (within a reasonable period).
- Billing data: kept for up to 10 years to meet accounting obligations.
- Technical and anti-abuse logs: limited duration, generally a few months.
7. Your rights
Under the GDPR, you have the following rights: access, rectification, erasure, restriction of processing, objection, and data portability. You may exercise them at any time by writing to hello@resumio.tech.
You can also delete most of your data directly from your account (library, account closure). If you believe your rights are not being respected, you may lodge a complaint with the CNIL (French data protection authority) (www.cnil.fr).
8. Security
We implement appropriate technical and organizational measures to protect your data: encrypted communications (HTTPS), access controls, secure authentication, and trusted providers.
9. Cookies
The site uses only cookies strictly necessary for its operation. For more information, see our cookie policy.
10. Changes
This policy may be updated to reflect changes to the service or regulations. The last updated date is shown at the top of the page.