David’s Sling

DIRECT LINE

hello@davidslingmedia.com
YTIGLI
● § 00 · PRIVACY POLICY · LEGAL

Privacy policy.

How we collect, use, and protect your information.

1. Introduction

David's Sling Media (“we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website davidslingmedia.com (the “Site”) or use our services.

2. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, church name, church size, and any other information you voluntarily provide through our contact forms, audit request forms, or direct communication.
  • Usage Data: Browser type, operating system, pages visited, time spent on pages, referring URLs, and other standard analytics data collected automatically through cookies and similar technologies.
  • YouTube Channel Data: Publicly available information from YouTube channels you submit for audit or management purposes.

3. How We Use Your Information

We use the information we collect to:

  • Respond to your inquiries and provide requested services
  • Perform YouTube channel audits you have requested
  • Send relevant follow-up communications about our services
  • Improve our website, services, and user experience
  • Comply with legal obligations

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information with trusted third-party service providers who assist us in operating our website and delivering our services, provided they agree to keep your information confidential. We may also disclose information when required by law or to protect our rights.

5. Cookies & Tracking

Our Site may use cookies and similar tracking technologies to enhance your browsing experience and collect usage data. You can control cookie preferences through your browser settings. Note that disabling cookies may affect some features of the Site.

6. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Third-Party Links

Our Site may contain links to third-party websites, including YouTube, social media platforms, and others. We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict the processing of your personal information. To exercise these rights, please contact us at production@davidslingmedia.com.

9. Children's Privacy

Our Site and services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised “Last updated” date. We encourage you to review this policy periodically.

11. YouTube API Services & Google User Data

When a client authorizes our application to manage their YouTube channel, we use the YouTube Data API v3 under the OAuth 2.0 scope https://www.googleapis.com/auth/youtube. This section describes how we handle YouTube user data — in addition to the general practices above.

What we do on your behalf

  • Upload finished sermon, worship, and podcast videos to your channel.
  • Set custom thumbnails generated by our production pipeline.
  • Add new uploads to your existing playlists.
  • Update title, description, tags, category, and the scheduled publish date on videos we have uploaded for you.
  • Read your existing video and playlist lists for scheduling de-duplication.

What we store

  • OAuth 2.0 access and refresh tokens, encrypted at rest using AES-256-GCM.
  • The channel ID and channel title returned by Google after authorization.
  • Metadata of videos we have uploaded so our scheduler can avoid double-booking publish slots.

We do not store video bytes from your channel, comments, analytics, or audience data.

How long we keep it

We retain OAuth tokens only for the duration of the active service contract. On contract termination, or when you click Disconnectin our admin console, we (a) call Google's token revocation endpoint and (b) delete the encrypted tokens from our database within 24 hours.

Where it lives

Encrypted tokens are stored in our PostgreSQL database hosted on Hetzner Online GmbH (Germany). The encryption key is held in our application's runtime environment, separate from the database. All API traffic uses TLS 1.2+. Cloudflare Inc. (USA) fronts our backend as an edge tunnel; neither sub-processor has independent access to plaintext tokens.

Limited Use compliance

David's Sling Media's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we do not:

  • Use YouTube user data for advertising of any kind.
  • Allow humans to read YouTube user data, except (a) with your explicit consent, (b) for security purposes, (c) to comply with applicable law, or (d) for aggregated internal operations within the Limited Use requirements.
  • Transfer YouTube user data to third parties except as necessary to provide the user-facing features described above.
  • Use YouTube user data to train generalized AI/ML models.

How to revoke our access

At any time, you may:

  • Click Disconnect in our admin console — this revokes our tokens with Google and deletes them from our database.
  • Visit https://myaccount.google.com/permissions on Google's site and remove David's Sling Media from the list of authorized apps.
  • Email production@davidslingmedia.com requesting deletion of your YouTube user data; we will action the request within 7 days and confirm by email.

Further reading

12. Dropbox & Dropbox User Content

When a client authorizes our application to access their Dropbox, we connect through the Dropbox API using OAuth 2.0 with the scopes files.content.read, files.content.write, and files.metadata.read. This grants access to the user's full Dropbox so we can collect raw production assets and deliver finished work back to the same account. This section describes how we handle Dropbox user content — in addition to the general practices above.

What we do on your behalf

  • Read and download raw footage, audio, and other source assets you place in Dropbox for your production.
  • Upload finished sermon, worship, and podcast videos, thumbnails, and related deliverables back into your Dropbox.
  • List folder and file metadata to detect new uploads and avoid reprocessing files we have already handled.

What we store

  • OAuth 2.0 access and refresh tokens, encrypted at rest using AES-256-GCM.
  • The Dropbox account ID and the paths of folders designated for your project.
  • File names, paths, sizes, and content hashes of assets we have processed so our pipeline can avoid duplicate work.

Source files are downloaded transiently for processing and are not retained after the corresponding deliverable is produced. We do not store your Dropbox files, folder structure, or account data beyond the metadata described above, and we do not access files outside the folders designated for your project.

How long we keep it

We retain OAuth tokens only for the duration of the active service contract. On contract termination, or when you click Disconnectin our admin console, we (a) call Dropbox's token revocation endpoint and (b) delete the encrypted tokens and associated file metadata from our database within 24 hours.

Where it lives

Encrypted tokens are stored in our PostgreSQL database hosted on Hetzner Online GmbH (Germany). The encryption key is held in our application's runtime environment, separate from the database. All API traffic uses TLS 1.2+. Cloudflare Inc. (USA) fronts our backend as an edge tunnel; neither sub-processor has independent access to plaintext tokens.

How we use Dropbox content

We use Dropbox user content solely to provide the user-facing production services described above. Specifically, we do not:

  • Use Dropbox content for advertising of any kind.
  • Allow humans to access Dropbox content, except (a) with your explicit consent, (b) for security purposes, (c) to comply with applicable law, or (d) as part of producing the deliverables you have engaged us for.
  • Sell, rent, or transfer Dropbox content to third parties.
  • Use Dropbox content to train generalized AI/ML models.

How to revoke our access

At any time, you may:

  • Click Disconnect in our admin console — this revokes our tokens with Dropbox and deletes them from our database.
  • Visit https://www.dropbox.com/account/connected_apps on Dropbox's site and remove David's Sling Media from the list of connected apps.
  • Email production@davidslingmedia.com requesting deletion of your Dropbox data; we will action the request within 7 days and confirm by email.

Further reading

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

David's Sling Media
production@davidslingmedia.com

← BACK TO INDEX