Privacy Policy

Last updated: April 2026

Dootlabs AI Private Limited (“Deepgrip”, “we”, “us”) respects your privacy. This policy explains how we collect, use, and protect your information.

1. Information We Collect

We collect account information (name, email), uploaded video content, usage analytics, and technical data (IP address, browser type) to provide and improve our services.

2. How We Use Your Data

Your data is used to provide transcription, search, and analytics services. We process video content using AI models to generate transcripts, summaries, and insights.

3. Data Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We operate to SOC 2 Type II controls, with the formal third-party audit in progress. Video content is stored in secure, access-controlled infrastructure with tenant-isolated storage per workspace.

4. Data Retention

Video content is retained according to your plan's retention policy. Account data is retained for the duration of your account plus 30 days after deletion.

5. Third-Party Services

Deepgrip uses enterprise-grade AI infrastructure operated by audited subprocessors under data processing agreements. Your data is not sold to third parties. A current subprocessor list is available on request for enterprise procurement.

5a. Data we collect from connected social platforms

When you connect Deepgrip to a third-party platform (YouTube, Facebook, Instagram, LinkedIn, X / Twitter), we collect only what is needed to power the publish & analytics features you authorise.

Meta (Facebook Pages & Instagram Business):

  • List of Pages you administer (Page name, Page ID) — to populate the publishing target picker
  • Your Instagram Business account name and ID — same purpose, for Instagram publishing
  • Posts that Deepgrip itself published on your behalf and their performance metrics (impressions, reach, engagement) — to power the analytics tab
  • Your business association binding — Meta requires this scope as a prerequisite for the others
  • Encrypted access tokens — stored at-rest with AES-256, scoped to your workspace

YouTube (Google APIs): when you connect your YouTube channel, we request the following Google scopes and use the data only for the purposes listed below:

  • youtube.readonly — to list videos already on your YouTube channel so they can be imported into Deepgrip's transcript and search index. Read-only on your own channel only.
  • youtube.upload — to publish AI-generated short-form clips that you have explicitly approved inside Deepgrip back to your own YouTube channel as Shorts. Each upload is initiated by an explicit user action.
  • userinfo.profile — to display your Google account name and photo in Deepgrip's UI to confirm which YouTube identity is connected.
  • Encrypted access & refresh tokens — stored at-rest with AES-256, scoped to your workspace.

Google API Services User Data Policy — Limited Use compliance. Deepgrip's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We do not use YouTube data to train any general-purpose AI / ML models, or any models that serve users other than the data's owner.
  • We do not transfer YouTube data to third parties except as needed to provide the user-facing functionality the user explicitly requested, comply with applicable law, or as part of a merger / acquisition / sale of assets with prior user notice.
  • We do not use YouTube data for serving advertising, including personalised, retargeted, or interest-based ads.
  • We do not allow humans to read YouTube data unless: (a) the user has provided explicit opt-in consent for specific data; (b) it is necessary for security purposes (such as investigating abuse); (c) it is required for legal compliance; or (d) the data has been aggregated and anonymised so it can no longer be linked to an individual.

LinkedIn: profile name & ID, encrypted tokens for w_member_social posting.

X / Twitter: handle, user ID, encrypted tokens for posting.

We do NOT collect:

  • Posts you published outside of Deepgrip on any connected platform
  • Direct messages or private content
  • Friend lists, follower lists, contacts, or any data about other users
  • Pages, channels, or accounts you do not administer
  • Any data from cross-account aggregation

Tokens are revoked immediately when you disconnect the integration in /app/settings, request account deletion, or revoke access via the platform's own account-settings page. Tokens auto-expire per each platform's policy (typically 60 days for long-lived tokens).

Detailed deletion instructions: https://deepgrip.ai/data-deletion

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting privacy@deepgrip.ai.

7. Contact

For privacy inquiries, contact us at privacy@deepgrip.ai.