Privacy Policy
Last updated: May 25, 2026
What LectureLoop Does
LectureLoop is a Chrome extension and web service that generates structured study packs — summaries, timestamped notes, flashcards, and quizzes — from YouTube videos. This policy explains what data we collect, how we use it, who we share it with, and your rights regarding your information. It applies to users worldwide.
LectureLoop is operated by LectureLoop LLC, a US limited liability company located at 522 W Riverside Ave Ste N, Spokane, WA 99201, United States (“LectureLoop”, “we”, “us”, “our”).
If you have questions about this policy or want to exercise your rights described below, contact us at [email protected].
Information We Collect
Account information (when you sign in with Google)
- Your email address and Google account ID, used to identify and authenticate your account
- Your subscription tier, status, and weekly usage count, stored in our database to deliver the service and enforce plan limits
Subscription information (only if you subscribe to a paid plan)
- Your Stripe customer ID and subscription ID, used to link your account to your subscription
- Subscription period dates and payment status, used to determine your access to paid features
- We do not collect or store your payment card information. Card details are entered directly into Stripe’s secure payment forms and never reach our servers.
Video generation activity
When you generate a study pack, we send a reference to the YouTube video you selected (such as the video ID) to our backend server so we can produce your study pack. We do not send full URLs, browsing history, content from other pages, or any other tracking information.
Local storage on your device
Generated study packs are cached locally in your browser using Chrome’s built-in storage (chrome.storage). This data stays on your device unless you explicitly choose to export, share, or sync it. Your preferences (such as display settings) are also stored locally.
We do not collect
- IP addresses for tracking (logs are short-lived for security/operational purposes only)
- Behavioral analytics, advertising identifiers, or marketing cookies
- Information about videos you watch but do not generate a study pack from
- Data from any other websites or browser tabs
Why We Collect This Information
We process your information for the following purposes:
| Purpose | Legal basis (GDPR) |
|---|---|
| To provide and operate the LectureLoop service | Performance of a contract with you |
| To authenticate your account | Performance of a contract with you |
| To enforce subscription limits and process payments | Performance of a contract with you |
| To respond to your support requests | Legitimate interest in supporting our users |
| To detect and prevent fraud, abuse, or security incidents | Legitimate interest in protecting the service |
| To comply with legal obligations (tax, accounting, lawful requests) | Compliance with legal obligations |
We do not process your data for marketing, advertising, or behavioral profiling, and we do not make automated decisions that produce legal or similarly significant effects about you.
AI Processing
To generate your study pack, we send content from the YouTube video you selected to Anthropic, our AI provider, which analyzes it to produce the summary, notes, flashcards, and quiz. Anthropic processes this content under their privacy policy and does not retain it for model training under our agreement.
We do not send your personal information, account details, email, or any other identifying data to Anthropic — only the video content needed to generate your study pack. Anthropic does not know who requested the study pack.
- Anthropic privacy policy: https://www.anthropic.com/legal/privacy
Payment Processing
Paid subscriptions are processed by Stripe, Inc., our payment provider. When you subscribe:
- You enter your payment information directly on Stripe’s secure checkout page
- Stripe collects and processes your name, email, billing address, payment card details, and similar information needed to process the payment
- Stripe shares back with us only the information we need to grant access: a customer ID, a subscription ID, your plan tier, and payment status
- Stripe may set cookies during checkout for fraud prevention and session continuity
We never see, store, or process your full payment card information. Stripe’s privacy practices govern data they collect.
- Stripe privacy policy: https://stripe.com/privacy
Authentication via Google
LectureLoop uses Google Sign-In so you can log in with your Google account. When you sign in:
- Google authenticates your identity and shares your email address and account ID with LectureLoop
- Google’s own privacy policy governs Google’s processing of your information
- Revoking LectureLoop’s access from your Google account (https://myaccount.google.com/permissions) will sign you out
Google privacy policy: https://policies.google.com/privacy
How We Share Your Information
We do not sell or rent your personal information. We share information only with the third parties necessary to deliver the service:
- Google — for sign-in authentication
- Anthropic — for AI generation of study pack content (video content only; no personal information)
- Stripe — for payment processing (only if you subscribe to a paid plan)
- Google Cloud Platform — our hosting provider, where our backend servers and database run
We may also share information when required by law, valid legal process, or to protect the rights, property, or safety of LectureLoop, our users, or others.
We do not share your information with advertisers, data brokers, or for any other party’s own purposes.
International Data Transfers
LectureLoop’s servers are hosted in the United States (Google Cloud Platform, us-west1 region). If you access LectureLoop from outside the United States, your information will be transferred to, stored in, and processed in the United States.
For users in the European Economic Area (EEA), the United Kingdom, or Switzerland: this transfer is necessary to provide you the service you’ve requested (GDPR Art. 49(1)(b)). Our subprocessors (Anthropic, Stripe, Google Cloud) maintain their own safeguards for international data transfers, including Standard Contractual Clauses where applicable.
We do not currently maintain a designated EU representative under GDPR Art. 27. If you are an EU resident and need to contact us about data protection, please email [email protected].
Data Retention
We keep your information only as long as needed to provide the service or as required by law:
- Account information — kept while your account is active; deleted within 30 days of account deletion request
- Subscription/payment records — kept for as long as required by US tax and accounting law (typically 7 years), after which they are deleted
- Server logs (security/operations) — kept for up to 90 days
- Local cache on your device — controlled by you; clearable through Chrome’s extension storage or by uninstalling the extension
You can request deletion of your account and associated data at any time by contacting [email protected].
Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
For all users
- Access — request a copy of the information we hold about you
- Correction — ask us to correct inaccurate information
- Deletion — request that we delete your account and associated information
- Withdraw consent — sign out and uninstall the extension at any time
Additional rights for EEA, UK, and Swiss residents (GDPR / UK GDPR / FADP)
- Restriction — request that we limit how we process your information
- Portability — receive your information in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Lodge a complaint with your local supervisory authority. EEA users can find their authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users: ICO at https://ico.org.uk
Additional rights for California residents (CCPA / CPRA)
- Right to know what categories of personal information we have collected, sources, purposes, and recipients
- Right to delete personal information we have collected
- Right to correct inaccurate personal information
- Right to opt-out of sale or sharing of personal information — note: LectureLoop does not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of
- Right to non-discrimination for exercising your CCPA rights
To exercise any of these rights, email [email protected] with the request and the email address associated with your LectureLoop account. We will respond within 30 days (45 days for California requests, with possible extension as permitted by law).
We may need to verify your identity before fulfilling certain requests, typically by confirming you control the email address on your account.
Children’s Privacy
LectureLoop is not directed to children under the age of 13 (or 16 in the EEA where required by local law). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact [email protected] and we will delete the account promptly.
If you are between 13 and 18 (or the age of majority in your jurisdiction), we recommend you review this policy with a parent or guardian before using LectureLoop.
Cookies and Similar Technologies
The LectureLoop extension does not set or use cookies. All extension data is stored using Chrome’s chrome.storage API on your device.
The LectureLoop website (lectureloop.app) does not currently use analytics or marketing cookies. Essential cookies may be set briefly during the Stripe checkout flow for fraud prevention; these are controlled by Stripe under their privacy policy.
If we add analytics or marketing technologies in the future, we will update this policy and, where required, request your consent.
Security
We use standard security measures to protect your information:
- TLS/HTTPS encryption for all data in transit between your device and our servers
- Encrypted storage for sensitive data at rest
- OAuth-based authentication (we never see your Google password)
- PCI-compliant payment processing via Stripe (we never see your card details)
- Access controls limiting which personnel can access user data
- Regular security updates to our backend infrastructure
No system is perfectly secure, but we work to maintain industry-standard protections. In the event of a data breach affecting your information, we will notify affected users and relevant authorities as required by applicable law.
Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will update the “Last updated” date at the top and, for significant changes, notify users via email or through the LectureLoop extension/website.
Continued use of LectureLoop after a policy update constitutes acceptance of the revised policy.
Contact
For privacy questions, data subject requests, or any concerns about this policy:
- Email: [email protected]
- Mail: LectureLoop LLC, 522 W Riverside Ave Ste N, Spokane, WA 99201, United States
We aim to respond to all inquiries within 30 days.