Privacy Policy

Last updated: February 21, 2026

1. Introduction

Univated LTD ("we", "us", "our") is the data controller for personal data collected through Ask it ("the Service"), available at askit.cloud. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data. By using the Service, you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: your name, email address, and hashed password (or Google OAuth account link if you sign in with Google).
  • Usage data: YouTube video URLs you submit for analysis, AI-generated summaries, chat histories, and saved bookmarks associated with your account.
  • Payment data: credit purchases are processed by Stripe. We store transaction records (session and payment identifiers) linked to your account. We do not store your card number or full payment details.
  • Technical data: IP address, browser type, and device information collected automatically through server logs.

3. How We Use Your Data

We use your personal data to:

  • Provide, operate, and maintain the Service.
  • Process credit purchases and manage your account balance.
  • Authenticate your identity and secure your account.
  • Store your analysis history, chat conversations, and bookmarks.
  • Communicate with you about your account or respond to support requests.
  • Enforce our Terms of Service and prevent misuse.

4. Lawful Basis for Processing

We process your personal data on the following lawful bases under Article 6 of the UK GDPR and EU GDPR:

  • Contract: processing is necessary to provide the Service you have signed up for, including account management, credit purchases, and video analysis.
  • Legitimate interests: processing is necessary for our legitimate interests in operating, securing, and improving the Service, provided those interests are not overridden by your rights. This includes essential cookies required for the Service to function.

5. Cookies

The Service uses a small number of cookies, all of which are essential or functional. We do not use advertising, analytics, or tracking cookies.

  • Session cookie: keeps you logged in while you use the Service.
  • XSRF token: protects against cross-site request forgery attacks.
  • Appearance preference: stores your light/dark mode selection (localStorage and cookie for server-side rendering).
  • Sidebar state: remembers whether the navigation sidebar is open or collapsed (cookie).

Because these cookies are strictly necessary for the Service to function, they do not require consent under PECR. We display a notice on your first visit to inform you of their use.

6. Third-Party Services

We share personal data with the following third-party services only as necessary to operate the Service:

  • Google OAuth: for social sign-in. We receive your name and email address from Google. Google's use of your data is governed by Google's Privacy Policy.
  • Stripe: for payment processing. Stripe processes your payment card details directly. See Stripe's Privacy Policy.
  • YouTube Data API: for retrieving video metadata. Your use is subject to YouTube's Terms of Service.
  • AI providers: we send video transcripts to AI model providers to generate analyses. Transcripts may be processed outside the UK. We do not send your personal account data to AI providers.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all associated data — including saved videos, analyses, chat histories, and credit transaction records — is permanently deleted. We may retain anonymised, aggregated data for analytical purposes.

8. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data. You can delete your account at any time through your account settings.
  • Right to data portability: request your data in a structured, commonly-used, machine-readable format.
  • Right to restrict processing: request that we limit how we use your data in certain circumstances.
  • Right to object: object to processing based on our legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days of receipt. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Children's Data

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that data promptly. If you believe we may have collected data from a child under 16, please contact us at [email protected].

10. International Transfers

Some of our third-party service providers (including AI model providers and Stripe) may process data outside the United Kingdom or the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with UK GDPR and EU GDPR requirements.

11. Automated Decision-Making

The Service uses AI models to generate analyses, summaries, and other derivative content from videos you submit. These outputs are informational tools provided for your convenience and do not constitute automated decision-making that produces legal or similarly significant effects on you within the meaning of Article 22 of the UK GDPR and EU GDPR.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS), hashed passwords, CSRF protection, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updated versions will be posted on this page with a revised "Last updated" date. We will notify registered users of material changes by email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

14. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected].