Back
AttentionLeak

Privacy Policy

Effective Date: 13 May 2026

AttentionLeak (“we,” “our,” or “the Service”) is operated by its individual developer and provides automated attention-scoring analysis for publicly available YouTube videos. This Privacy Policy describes what information we collect, how we use it, and the choices available to you. By using the Service you agree to the practices described herein.

1. Information We Collect

Account Data.When you register or sign in via AWS Cognito, we receive your email address and a unique account identifier (“sub”). We store a SHA-256 hash of your identifier — never the raw identifier — to maintain your credit balance and purchase history.

Usage Data. We log which video IDs you submit for analysis, the resulting numerical attention scores, and which analyses you have purchased. We do not record keystroke patterns, browsing history, or any off-platform activity.

Payment Data. Credit purchases are processed by PayU. We receive only a transaction confirmation and the quantity of credits purchased. Raw card numbers, bank account details, and full payment instrument data are handled exclusively by PayU and are never transmitted to or stored by AttentionLeak.

Technical Data. AWS API Gateway and CloudFront may log your IP address and user-agent string for security and abuse-prevention purposes. These logs are retained for a maximum of 90 days and are not used for advertising profiling.

2. Information We Expressly Do Not Collect

AttentionLeak does not download, store, host, or retain any raw video files, audio streams, or private video metadata. Analysis is performed transiently in memory during the scoring pipeline; source media is discarded immediately upon completion. No copy of any YouTube video is persisted on our infrastructure.

We do not collect biometric data, sensitive personal information, data from minors, or any information not described in Section 1 above.

3. How We Use Your Information

  • To authenticate your session and maintain your credit balance.
  • To deliver and display attention scores you have requested or purchased.
  • To process payments and prevent fraudulent credit usage.
  • To cache numerical scores and basic video metadata (title, creator name) for performance — so a previously scored video is returned immediately without re-running the full analysis pipeline.
  • To investigate abuse, enforce our Terms of Use, and comply with applicable law.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

Scores and metadata (title, creator name, attention score, signal breakdown) are retained indefinitely to power the public leaderboard and to avoid redundant re-analysis. If you request deletion of a private video you uploaded, the associated record will be removed within 30 days.

Account data (email hash, credit balance, purchase records) is retained for as long as your account remains active. You may request account deletion by emailing [email protected]; we will process the request within 30 days.

API Gateway access logs are automatically purged after 90 days.

5. Cookies and Local Storage

Session cookies are set by AWS Cognito to maintain your authenticated session. These are strictly necessary and cannot be opted out of without losing access to authenticated features.

Browser local storage is used to cache your theme preference (light/dark) and to record which Pro analyses you have unlocked, so the UI can display purchased content without an additional network request.

6. Third-Party Services

  • YouTube Data API. Video metadata is fetched via the YouTube Data API and is subject to Google’s Privacy Policy.
  • PayU.Payment processing. Subject to PayU’s privacy policy.
  • AWS (Amazon Web Services). Infrastructure provider (Lambda, DynamoDB, S3, CloudFront, Cognito). Data is processed in the us-east-1 region. AWS is certified under ISO 27001 and SOC 2.

7. Data Security

All data in transit is encrypted via TLS 1.2 or higher. Data at rest in DynamoDB is encrypted using AWS-managed keys. Access to production infrastructure is restricted by IAM roles with least-privilege policies. We conduct periodic reviews of these controls, but no security measure is infallible. You use the Service at your own risk.

8. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you. To exercise any of these rights, email [email protected]with the subject line “Privacy Request.” We will respond within 30 days.

9. Children’s Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this page. Continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact

For questions or concerns about this Privacy Policy, contact us at [email protected].

Terms of Use·Contact Us·Home