Privacy Policy
Last updated: June 20, 2026
Who this applies to
ClickFrame is a link-attribution tool for YouTube creators. This policy describes how we handle data for two groups: the creators who sign up and create links, and the viewers who click those links from a YouTube video description.
What we collect from creators
- Authentication identity. Email address and Google account ID via Google sign-in (Supabase Auth). We use this to sign you in and to associate your account with your YouTube channel.
- YouTube channel data. Your channel ID, channel name, and metadata for your videos (titles, IDs, descriptions, thumbnails, publish dates, privacy status, and view counts). We fetch this via the YouTube Data API after you authorize access.
- Video performance data. Per-video view counts over time, read from the YouTube Analytics API, used to calculate how your links perform (e.g. click-through rate). We read this data only.
- Changes to your video descriptions. When you place or update a link, ClickFrame edits the description of the video you choose — via the YouTube Data API — to insert or update that link. We modify a video's description only when you explicitly ask us to, and we change only the description, never any other part of your video.
- A YouTube refresh token. Stored server-side, used only to refresh access tokens for your channel's API calls. Never exposed to other users. You can revoke it any time from your Google account.
- Links you create. The destinations you add, the slugs you choose, and the videos you place them in.
How we protect your data
We apply the following security measures to protect your information:
- Encryption in transit. All data transmitted between your browser and ClickFrame is encrypted using HTTPS/TLS. Traffic between ClickFrame's components (Cloudflare Workers, Queues, and Supabase) travels over encrypted channels.
- Encryption at rest. Data stored in Supabase Postgres is encrypted at rest by Supabase's infrastructure. Cloudflare KV data is encrypted at rest by Cloudflare.
- Credential handling. Your YouTube refresh token is stored server-side in Supabase and is never exposed to other users or included in client-side responses. Access to it is restricted by row-level security policies tied to your authenticated account.
- Access controls. ClickFrame uses Supabase's row-level security (RLS) to enforce that creators can only access their own data. No cross-account data access is possible at the database layer.
- Minimal data collection. We reduce risk by not collecting IP addresses, cookies, or viewer identity. Query parameters are filtered at the edge before any data is recorded.
- Subprocessor security. Our infrastructure subprocessors, Cloudflare and Supabase, maintain their own security certifications and practices. Links to their respective security documentation are available at cloudflare.com/trust-hub and supabase.com/security.
How we measure our own product (analytics)
To understand how creators use ClickFrame — which pages they visit, where they sign up from, and whether the product is working for them — we use Google Analytics 4 on our marketing site and in the studio. This is ordinary product analytics about your use of our site, and it is completely separate from the click data the product collects on viewers (described below). The two are never combined.
- Analytics cookies. Google Analytics sets cookies to recognize repeat visits and measure usage. We ask for your consent first (see below), and you can decline.
- Usage events. We record events such as page views, account signup, and your first link wrap, along with a few non-identifying details (for example, how many links a wrap created). We use these to measure activation and improve the product.
- Advertising attribution. If you arrive from a Google Ad, the landing link carries a Google Click ID (
gclid). We store it on your account at signup so that, if you later become a paying customer, we can tell Google which ad led to the subscription. It is an opaque advertising identifier, not used for any other purpose. - Your choice (Consent Mode v2). A consent banner lets you accept or decline analytics and advertising measurement. We honor that choice through Google Consent Mode v2 — until you opt in, visitors in the EEA, the UK, and Switzerland are not measured for these purposes. Declining never affects your account or your access to the product.
This is a deliberate, disclosed change from ClickFrame's earlier cookie-free posture, made so we can run advertising responsibly and understand product usage. The viewer-facing click pipeline below remains cookie-free and identity-free as it always has been.
What we collect from viewers (per click)
When a viewer clicks one of your links, we record a single click event at the Cloudflare edge. Each event contains:
- Link identifiers — which link, which destination, which video, which channel. These identify the link, not the human.
- Timestamp and how old the link was at click time.
- Coarse geography, supplied by Cloudflare's edge: country, region, city, continent, timezone. City-level granularity only — no street or postal precision.
- Network class: autonomous-system number and name (e.g. "AS15169 / Google"), plus the Cloudflare data center that served the request.
- Device / browser: device type, operating system and version, browser and version, whether the click came from the YouTube mobile app, and the original User-Agent string.
- Referrer origin: scheme and host only (e.g.
https://www.youtube.com) — no path or query. - An allowlisted query string: only the parameters
vandtare preserved if present. Anything else (utm_*, fbclid, gclid, hashed emails, arbitrary tracking params) is dropped at the edge before the event is recorded. - Bot signals: a Cloudflare bot score (when available) and a derived
is_botverdict.
What we don't collect
- IP addresses. The redirect Worker never reads the viewer's IP. Geographic fields are pre-derived by Cloudflare from the connection and we only see the resolved values.
- Accept-Language. We previously captured this header; it was removed in May 2026 because it can contribute to browser fingerprinting and offers no analytic value beyond timezone/country.
- Arbitrary query parameters. Only an allowlist gets through (see above).
- Cookies. The redirect Worker sets no cookies and reads no cookies.
- Viewer identity. No login, no email, no account link, no cross-site identifier.
How long we keep it
- Creator data is retained as long as your account exists. You can delete your account at any time (see below).
- Click events are retained indefinitely so you can analyze long-term link performance. We may add tiered retention in a future version.
- After account deletion, a 30-day window applies: your destinations, placements, and KV records are removed immediately and links stop resolving, but click rows are hard-deleted by a daily job after 30 days. This window matches Supabase Auth's deletion grace period and lets us reverse accidental deletions.
Who we share it with
We do not sell or share click data with third parties for advertising or analytics. Two infrastructure subprocessors handle the data on our behalf:
- Cloudflare — Workers (redirect + API + consumer), KV, Queues. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
- Supabase — Postgres database, authentication. Supabase's privacy policy: supabase.com/privacy.
We use Google APIs to operate ClickFrame: we read your channel and video metadata via the YouTube Data API, read aggregate per-video view counts via the YouTube Analytics API, and — only when you place or update a link — write to your video descriptions via the YouTube Data API. Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How to export, delete, or correct your data
You can export everything we know about you (creator profile, destinations, placements, video list, and a click summary) from the studio. You can also delete your account from the same screen — see the retention section above for what happens when you do. If you need to correct data manually, email us.
Contact
Questions or requests about your data — including export, deletion, or correction — can be sent to [email protected].
