Short version: We collect the minimum needed to run the service — the YouTube URLs you paste, the audio/video you upload, and (if you sign in) your account email. We store this on Google Firebase. We send caption text to Google Gemini and OpenAI Whisper to generate transcripts and explanations. We don't sell your data, don't run ad networks, and don't track you across other sites.
1. Who we are
AI Shadowing is a personal project by an independent developer (referred to as "we" / "I" below). The service is hosted at aishadowing.net and on the Android app. Contact: feedback@aishadowing.net.
2. What data we collect
2.1 If you use the site without signing in
YouTube URLs you submit. When you paste a YouTube link, we extract the video ID and send it to our Cloud Function, which fetches the captions and processes them with AI. The video ID + caption text is cached in our database so the next person who tries the same video gets an instant result.
An anonymous user identifier. When you first open the site, Firebase Authentication creates an anonymous user ID for your browser session. This lets us call our Cloud Functions on your behalf without making you sign up. It is not linked to your real identity.
Basic operational data. Standard server logs (IP address, browser type, request timestamp) generated by Google Cloud infrastructure for security and abuse prevention. We do not run our own analytics.
2.2 If you upload your own audio or video
The files themselves. Uploaded MP3 / MP4 / ZIP files are stored on Google Firebase Storage under your user ID. Only you can read them. If you delete a lesson, the file is deleted from storage.
Their transcripts. Generated transcripts and metadata (title, timestamps) are stored on Firestore under your account.
2.3 If you sign in with email or Google
Your email address and display name. Used for account identification and (if you opt in) password reset emails.
Your library. The list of videos and uploaded files you've practiced with, synced across your devices.
Your settings. Native language, target learning language, playback preferences.
3. Where the data goes
To make the service work, we send specific pieces of your data to a small number of third-party services:
Google Firebase (Authentication, Firestore, Storage, Cloud Functions, Hosting): Hosts the application, stores all user data, runs server-side logic. All data is encrypted at rest. Google's privacy terms apply: firebase.google.com/support/privacy.
Google Cloud Gemini API: We send YouTube caption text (and your clicked words / sentences) to Gemini to clean up the caption formatting and generate grammar explanations. Gemini API does not use this content to train its models. Terms: ai.google.dev/gemini-api/terms.
Google Cloud Text-to-Speech: Sentences you ask to be read aloud are sent to Cloud TTS for synthesis. The audio output is cached by content hash, so the same sentence is only synthesized once across all users.
OpenAI Whisper API: Used as a fallback when a YouTube video has no captions, or for transcribing audio you upload. Audio is sent to Whisper for transcription only; we don't store the audio with OpenAI. Privacy policy: openai.com/policies/privacy-policy.
We do not share or sell your data to advertisers, marketing networks, or any other third party.
4. What we don't do
No advertising networks. No ads.
No cross-site tracking. No third-party analytics like Google Analytics, Meta Pixel, etc.
No selling, renting, or trading of personal data.
No reading or accessing data from other browser tabs or your other apps.
5. Cookies and similar storage
We use the browser's local storage (specifically, IndexedDB and localStorage) for:
Firebase Authentication session tokens (so you don't have to sign in on every page load).
Your preferences (target language, playback settings) so they persist between visits.
The Service Worker cache for the application files themselves (so the site loads instantly on repeat visits).
We do not use cookies for tracking or analytics.
6. Your rights
Depending on where you live, you may have rights under regulations like GDPR (EU/UK), CCPA (California), or similar. In all cases, you can:
Access the data we hold about you (it's mostly visible in the app itself).
Delete your account and all associated data. Email feedback@aishadowing.net with the subject "Delete my account" and we'll process it within 7 days.
Export your data. Email the same address and we'll send you a JSON dump.
Withdraw consent. Stop using the service at any time. Anonymous data is automatically cleared when you clear your browser data.
Object to processing, or restrict processing, by emailing us.
Lodge a complaint with your local data protection authority (e.g., the ICO in the UK, the CNIL in France) if you believe your rights have been violated.
7. Data retention
Anonymous session data: Cleared when you clear browser data. We do not link anonymous sessions to real identity.
Account data: Retained as long as your account is active. Deleted within 7 days of an account deletion request.
Shared transcript cache: Cached transcripts are stored indefinitely as a public cache (the cache contains only the caption text from publicly available YouTube videos — no personal data).
Operational logs: Standard Google Cloud retention (typically 30 days).
8. Children
AI Shadowing is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with information, please email feedback@aishadowing.net and we will delete it.
9. International data transfers
Google Firebase and Cloud Functions run on Google Cloud infrastructure in the United States. By using the service, you consent to your data being processed there. Google maintains GDPR-compliant data transfer mechanisms (Standard Contractual Clauses).
10. Security
All data in transit is encrypted with HTTPS / TLS. All data at rest in Firebase is encrypted using Google-managed keys. Cloud Function calls require Firebase Authentication. We follow Firebase Security Rules to ensure users can only read their own data. We're a small operation and not a hardened enterprise — we follow standard practices, but if you discover a security issue please email us immediately at feedback@aishadowing.net.
11. Changes to this policy
We may update this policy as the product evolves (for example, if we add new features that involve new data, or change which third-party services we use). When we do, we'll update the "Last updated" date at the top of this page. Significant changes will be highlighted in the app or via email if you're a signed-in user.
12. Contact
For any privacy-related question, request, or complaint, email feedback@aishadowing.net. We aim to respond within 7 days.