ShortZap
Get started

Privacy Policy

Last updated: May 2026

1. Introduction

At ShortZap.ai, we are committed to protecting your privacy. This Privacy Policy explains how we handle information related to your use of our service, including our use of YouTube API Services and TikTok API Services.

2. YouTube and TikTok API Services

ShortZap.ai uses API services from both YouTube and TikTok to enable video publishing and management features. By using our service, you acknowledge that:

3. Data Collection and Usage

We follow the principle of minimum scope usage: we only request the OAuth scopes strictly required to enable video upload to your connected platforms (such as youtube.upload for YouTube and the equivalent TikTok content publishing scopes), and no others.

The data we access via YouTube and TikTok APIs is limited to:

  • OAuth access and refresh tokens for the accounts you authorize
  • Basic account metadata (such as channel or profile ID and display name)
  • The upload status and video ID of content you publish through ShortZap.ai

YouTube and TikTok are handled differently because of how each platform's API works:

  • YouTube — videos you schedule are uploaded directly to your channel on your behalf. ShortZap performs the upload using your authorized OAuth token at the time you scheduled
  • TikTok — ShortZap prepares and submits videos for publishing using the TikTok Content Posting API. Publishing requires user interaction and/or approval through TikTok's native publishing flow, and ShortZap does not publish content automatically without user action

For TikTok specifically:

  • We only access data necessary to support user-initiated video publishing to TikTok
  • We do not access follower lists, messages, analytics, or unrelated account data
  • We do not read, modify, or delete existing TikTok content
  • We do not automate likes, follows, comments, views, or any engagement actions on TikTok

We do not access your watch history, search history, subscriptions, comments, private playlists, or analytics data of channels you do not own. We do not read or upload videos that you did not initiate through ShortZap.ai.

We do not store, cache, or download YouTube or TikTok video content obtained via the APIs. Videos you publish through ShortZap.ai are generated by our service; we do not retrieve or retain copies of videos already on YouTube or TikTok.

We do not sell, rent, or transfer YouTube or TikTok user data to third parties.

4. Data Storage and Retention

For YouTube and TikTok API Services data:

  • OAuth tokens (access and refresh tokens) are encrypted at rest and in transit using industry-standard encryption
  • Tokens are only used by backend systems to perform actions you request (such as publishing videos), and are never exposed to client-side code or logged in plaintext
  • We retain tokens only while your account remains connected so we can upload on your behalf when you schedule videos
  • Account metadata (channel/profile ID, display name) and uploaded video references are retained for up to 30 days after your last use of the service, after which they are deleted automatically
  • You can immediately delete all stored data and revoke ShortZap.ai's access by going to Settings → Connections and clicking Disconnect next to the connected account, or by emailing [email protected]. Disconnecting immediately revokes and deletes the associated tokens, and metadata is purged within 7 days
  • You can additionally revoke access at any time via your Google security settings page (for YouTube) or your TikTok connected apps page (for TikTok)

5. Device Data Collection

We collect the following data from your device to enable our services:

  • Browser type and version
  • Operating system information
  • Screen resolution and device type (for optimal video rendering)
  • Connection information required for video uploads

6. Google API Services User Data Policy — Limited Use

ShortZap.ai's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine learning models
  • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features of ShortZap.ai, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users
  • We do not use Google user data for serving advertisements
  • We do not allow humans to read Google user data, unless we have obtained your affirmative consent, it is necessary for security purposes (such as investigating abuse), it is required to comply with applicable law, or the data (including derivations) has been aggregated and anonymized

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our processing operations, including encryption of sensitive data and secure API communications.

8. Third-Party Services and Sub-processors

To deliver the service we share limited data with the following sub-processors. Each is contractually bound to handle data in accordance with this policy and the Google API Services User Data Policy:

  • Cloudflare — CDN, edge compute, and DDoS protection
  • Cloud storage and database providers — encrypted storage of account data, refresh tokens, and rendered video assets
  • OpenAI, ElevenLabs, and similar AI providers — used strictly for generating script text, voiceover audio, and visual assets for videos you create. No Google user data, YouTube account data, OAuth tokens, or YouTube video content is ever sent to these providers
  • YouTube and TikTok — used to publish videos you explicitly choose to upload via ShortZap.ai. We only transmit the video file and minimal metadata required for publishing (such as caption text and posting parameters you provide)
  • Polar.sh — our Merchant of Record for payment processing on paid plans. We do not store or process payment card details directly; all payment information is handled by Polar.sh under their own privacy practices

Our service may also contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

9. Cookies and Analytics

We use a small number of strictly-necessary cookies for authentication and session management. We may also use privacy-respecting analytics to understand aggregate product usage. We do not use cookies to track you across other websites and we do not sell your data.

10. Your Rights and Choices

You have the right to:

  • Access your YouTube data stored by ShortZap.ai
  • Request deletion of your stored YouTube data via Settings → Connections → Disconnect, or by emailing [email protected]
  • Revoke ShortZap.ai's access to your YouTube account through your Google security settings
  • Receive a copy of your stored data
  • If you are in the EU/UK or California, exercise additional rights under the GDPR/UK GDPR or CCPA, including the right to object to processing and the right to lodge a complaint with your supervisory authority

11. Children's Privacy

ShortZap.ai is not directed to children. You must meet the minimum age required by YouTube and Google in your country to create an account (13 in the United States, and as required by local law elsewhere — for example, 16 in much of the European Union). We do not knowingly collect personal information from anyone below the applicable minimum age.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].

By using ShortZap.ai, you agree to the collection and use of information in accordance with this policy.