Privacy Policy

Last update: May 2026

1. Introduction

Sylario is committed to protecting the privacy of its users. This privacy policy describes how we collect, use and protect your personal data.

2. Data collected

We collect the following data:

  • Identification data: name, surname, email address
  • Payment data: processed by our provider Stripe, we do not store your card numbers
  • Usage data: interactions with the service, generated content
  • Technical data: IP address, browser type, device used
  • Data from connected third-party services: when you connect your YouTube account via Google OAuth, we collect your channel ID, your public videos, their statistics (views, likes, comments, duration), your aggregated analytics (sessions, demographics, geography), as well as the OAuth tokens required to keep this data in sync.

3. Data usage

Your data is used to:

  • Provide and improve our services
  • Manage your account and subscriptions
  • Send you communications related to your usage
  • Ensure platform security
  • Comply with our legal obligations

4. Data sharing

We do not sell your personal data. We share only strictly necessary data with the following subprocessors:

  • Stripe (payments) — Ireland/USA, PCI-DSS certified
  • Resend (transactional email delivery) — USA, Data Privacy Framework compliant
  • Google Workspace (hosting of our contact mailbox) — USA, Data Privacy Framework compliant
  • Laravel Forge / DigitalOcean (application hosting) — Europe
  • Vercel (marketing website hosting) — USA, Data Privacy Framework compliant
  • LinkedIn (publishing the posts you ask Sylario to publish on your behalf) — USA / Ireland, Data Privacy Framework compliant

Google YouTube and LinkedIn are data sources that you authorize us to read from or publish to by connecting your account. They are not recipients: we do not send them any data beyond the API calls strictly required by the features you have enabled.

5. Your rights

In accordance with GDPR, you have the following rights:

  • Right to access your data
  • Right to rectification
  • Right to erasure
  • Right to portability
  • Right to opposition
  • Right to limitation of processing

To exercise these rights, contact us at: privacy@sylario.com

6. Security

We implement technical and organizational security measures to protect your data: at-rest encryption of OAuth tokens and third-party API keys (AES-256), mandatory HTTPS connection, per-project data isolation, regular security audits, and restricted server access (SSH key only). No transmission or storage method is 100% secure, but we follow industry standards to minimize risks.

7. Cookies

We use essential cookies for the service to function and analytical cookies to improve our platform. You can manage your cookie preferences in your browser settings.

8. Connected third-party services (Google / YouTube)

Sylario lets you connect your YouTube channel via Google OAuth to sync your data and power our content analysis services.

YouTube data collected

  • Your channel ID, name and profile picture
  • List of your public videos (title, description, thumbnail, duration, date)
  • Public statistics for each video (views, likes, comments)
  • Aggregated analytics (sessions, watch time, audience demographics, geography)
  • Comments received on the videos we analyze

OAuth tokens

  • We store a Google access_token and refresh_token to enable continuous synchronization.
  • These tokens are encrypted at rest in our database (AES-256) and accessible only to your account.
  • We only request the minimum scopes: youtube.readonly and yt-analytics.readonly (read-only — Sylario cannot modify or publish anything on your channel).

Data retention

  • Your YouTube data is retained as long as your account remains connected.
  • If you disconnect your YouTube account from Sylario, all associated data is deleted within 30 days (backups included).
  • If you revoke access directly from myaccount.google.com, we detect the token invalidation and perform the same deletion.

Google API Services User Data Policy compliance

Sylario's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we never use your YouTube data for advertising, do not sell it, do not transfer it to any third party, and do not use it to train general AI models.

9. Connected third-party services (LinkedIn)

Sylario lets you connect your LinkedIn profile via LinkedIn OAuth 2.0 / OpenID Connect so you can publish posts generated by Sylario directly to your profile, without copy-paste.

LinkedIn data collected

  • Your LinkedIn member ID (sub), first name, last name and profile picture (via the openid profile scope)
  • Your work email address (via the email scope)
  • Metadata of the posts you publish through Sylario: post unique identifier (URN) and publication date. This is used to display "Already published" status and a link to the post, and to prepare the future synchronization of engagement metrics.
  • We do not read your LinkedIn feed, your connections, your messages, or any content you did not create via Sylario.

OAuth tokens

  • We store a LinkedIn access_token and, when available, a refresh_token to publish on your behalf only at your explicit request.
  • These tokens are encrypted in the database (AES-256) and accessible only by your Sylario account.
  • Requested scopes: openid profile email w_member_social (publish posts on your behalf). The r_member_social scope (read your posts for engagement metrics) will be requested later once LinkedIn approves the Community Management API; until then, no reading of your LinkedIn activity takes place.

Actions performed on the member's behalf

  • Sylario only publishes a post on your LinkedIn profile when you explicitly ask it to (click on the "Publish on LinkedIn" button in the UI).
  • No automated, scheduled or background publishing takes place without your action.
  • Each publication is tracked on the Sylario side (URN + timestamp) to prevent accidentally publishing the same content twice.

Data retention

  • Your LinkedIn data (identifiers, tokens) is retained as long as your LinkedIn account is connected to Sylario.
  • If you disconnect your LinkedIn account from Sylario (Settings > Connected accounts > Disconnect), we call the LinkedIn revoke endpoint and delete the local tokens immediately. Other associated data (identifiers, metadata of published posts) is deleted within 30 days (backups included).
  • If you revoke access directly from www.linkedin.com (Settings > Data privacy > Other applications), we detect the invalidation on the next API call and perform the same deletion.

10. Contact

For any questions regarding this privacy policy, contact our data protection officer: dpo@sylario.com or our team: privacy@sylario.com