Privacy Policy
This Privacy Policy explains the types of personal information processed by the MAOL service (hereinafter "Service"), the purposes, retention periods, and users' rights.
1. Information We Collect
The Service processes the following information.
- Information provided through Google OAuth authentication:
Google account unique identifier (sub), email address, name, profile picture - Information collected through YouTube API
(Scope used: https://www.googleapis.com/auth/youtube.readonly)
Information about channels the user subscribes to and 'liked' video channels (channel ID, channel name). ※ Video content and video IDs are not stored; only channel-level information is stored. The channel-level information is stored in a Cloudflare D1 database. - Information generated within the Service:
User identifier within the Service, preference scores, matching results, channel ranking information, and other analytical data - Authentication and session information:
Google OAuth access token is stored as an HttpOnly cookie for login maintenance and API calls. This token expires within a maximum of 24 hours and is automatically discarded upon expiration. Google OAuth refresh token is not stored. - Access and security-related information:
IP address, browser/device information (User-Agent), access/error logs
2. Purpose of Processing
The Service uses collected information only for the following purposes.
- Providing YouTube channel-based preference and matching features
- Providing user profiles and matching result screens
- Account identification, login processing, and user management
- Billing and payment processing for paid features
- Ensuring service stability and preventing fraudulent use
- Statistical analysis and feature improvement
- The Service complies with the Google API Services User Data Policy. YouTube data is used only for in-service matching and analysis with user consent, and is not used for advertising, resale, or provision to third parties.
3. Retention and Deletion
- Upon account withdrawal, data directly related to Service use, including matching records, scores, channel analysis data, and paid feature usage records, will be deleted.
- Channel-level information collected through the YouTube API is stored in a Cloudflare D1 database and will be deleted upon account withdrawal or when the user emails a deletion request. Once the request is received, it is permanently deleted within 7 days.
- To prevent re-registration abuse and fraudulent use, Google account identifier (sub), nickname, and profile image URL are retained for up to 7 days from the time of withdrawal processing and automatically deleted after this period.
- Access and error logs are managed according to Cloudflare infrastructure's retention policies. (Service operators cannot arbitrarily modify or delete them; they are automatically managed according to Cloudflare policies)
4. Third-Party Disclosure and In-Service Sharing
- We do not provide users' personal information to external third parties except as required by law.
- Some user profiles and analysis results may be shared with other users to provide Service features. Sharing is limited to in-service matching/comparison screens when the feature is executed, and full profiles are not otherwise made public. Information that may be shown includes nickname, profile image, and YouTube channel analysis results (common channel list, etc.), and it is not used or disclosed for advertising, resale, or provision to third parties.
- When integrating with TossPayments for payment processing, only the following information is transmitted:
Payment amount, order ID, order name, URLs for payment result notification (successUrl, failUrl).
Direct personal information such as user's email, name, or Google account information is not transmitted.
5. Processing Delegation
The Service delegates the following tasks to external parties for stable provision.
- Infrastructure and data storage: Cloudflare Pages, Cloudflare Workers, Cloudflare D1
- User authentication: Google OAuth
- Payment processing: TossPayments
When delegation partners change, we will announce related information through this page.
6. Security Measures for Personal Information
The Service applies the following technical and administrative protective measures for personal information protection.
- HTTPS-based transport layer encryption
- Access control for personal information and operational data
- Server and administrator access restrictions and minimum privilege principle
- Management of access and error logs generated during Service operation
7. User Rights
- Users can request access to and deletion of their personal information.
- Upon service withdrawal request, personal information will be deleted unless separate retention is required by applicable laws.
- Personal information inquiries or deletion requests can be made via the following email.
[email protected]
8. Changes to Privacy Policy
This Privacy Policy may be changed in accordance with applicable laws or Service operation policies. We will announce through in-service notices or this page when there are significant changes.
Effective Date: December 16, 2025