Back to ViewHook

Privacy Policy

Last updated: February 23, 2026

1. Introduction

ViewHook ("we", "us", "our") is an AI-powered thumbnail design tool for YouTube creators. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Data We Collect

Account information

  • Email address (used for authentication and communication)
  • Display name (optional, for personalization)
  • Avatar URL (optional, for profile display)

YouTube channel data

  • Channel ID, handle, name, and avatar (public data from YouTube)
  • Thumbnail analysis results (color palettes, typography patterns, layout tendencies)

Design session data

  • Chat messages between you and the AI design agent
  • Canvas states (your thumbnail designs)
  • Uploaded assets (images you provide)
  • AI-generated assets (images created during sessions)

Usage data

  • Thumbnail creation counts and detailed asset usage
  • Feature usage patterns (for improving the service)

Payment information

Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store your full credit card number.

3. How We Use Your Data

  • Providing and maintaining the ViewHook service
  • Authenticating your account and managing sessions
  • Analyzing your YouTube channel style to personalize AI design suggestions
  • Processing payments and managing subscriptions
  • Sending transactional emails (welcome, usage alerts, receipts)
  • Enforcing usage limits based on your subscription tier
  • Improving the service through anonymous, aggregated analytics

4. Cookie Usage

We use cookies to operate the service. Here is a full inventory of cookies used:

CookieCategoryPurposeDuration
sb-*-auth-tokenStrictly NecessarySupabase authentication sessionSession
vh_consentStrictly NecessaryStores your cookie consent preferences365 days
vh_ui_prefsFunctionalRemembers UI preferences (theme, panel sizes)365 days
vh_analyticsAnalyticsAnonymous usage tracking365 days

5. Third-Party Services

We share data with the following third-party providers, each under their own privacy policies:

  • Supabase — Database hosting, authentication, and file storage. Your account data, session data, and uploaded assets are stored in Supabase.
  • Stripe — Payment processing. Stripe handles all payment card data. We only receive your customer ID and subscription status.
  • Resend — Transactional email delivery. Your email address is shared with Resend to deliver account-related emails.
  • AI Providers — We use third-party AI models (such as Anthropic Claude, OpenAI, and image generation services) to power the design agent. Your chat messages and design context are sent to these providers to generate responses and images. These providers process data according to their own privacy policies and do not use your data for training.

6. Data Retention

  • Account data is retained for as long as your account exists.
  • Design sessions and canvas states are retained indefinitely until you delete them or your account.
  • Usage logs are retained for billing cycle tracking and are pruned after 13 months.
  • Shared library assets remain anonymously even if you delete your account.
  • When you delete your account, all personal data (profile, sessions, assets, channel data, consent records, preferences) is permanently removed.

7. Your Rights

Under the GDPR and similar data protection regulations, you have the following rights:

  • Right of access — You can request a copy of all personal data we hold about you.
  • Right to rectification — You can update your profile information at any time in Settings.
  • Right to erasure — You can delete your account and all associated data from Settings > Account.
  • Right to data portability — You can request an export of your data by contacting us.
  • Right to restrict processing — You can manage cookie preferences at any time through the consent banner or Settings > Privacy.
  • Right to object — You can opt out of analytics cookies at any time.

8. Data Security

We implement industry-standard security measures including encrypted connections (TLS), row-level security in our database, secure authentication via Supabase Auth, and role-based access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the revised policy.

10. Contact

For privacy-related requests, questions, or concerns, contact us at [email protected].