LEGAL

Privacy Policy

How clickt handles your data, your audience's data, and the data captured on your funnels.

Last updated · 2026-06-16

1. Who we are

Clickt (Pty) Ltd (the "service", "we", "us", "our") is a private company registered in South Africa. We operate the clickt YouTube attribution platform for creators selling courses, coaching, and SaaS products. The service operates at clickt.link and app.clickt.link.

For privacy questions, contact support@clickt.link.

2. What data we collect

2.1 Account data (data about you, the customer)

When you sign up:

  • Email address and name (if you provide one)
  • A securely stored password
  • Workspace settings and preferences
  • Billing details (processed by our payment provider; we never store your card number)

2.2 YouTube data (via Google sign-in, with your consent)

When you connect a YouTube channel through Google sign-in, we request the minimum set of permissions needed for the features you use:

  • Permission to read your channel data (your videos, their metadata, transcripts, and public stats)
  • Permission to update your video descriptions, only when you trigger the bulk-update feature yourself

We store:

  • Channel metadata (channel ID, title, custom URL)
  • Per-video metadata (title, description, tags, transcript, publish date, public view count)
  • A secure connection token that lets us keep your channel connected, stored encrypted at rest

You can revoke our access at any time via your Google account settings or by disconnecting the channel in your clickt dashboard.

2.3 Audience data (captured on your funnels)

When your audience clicks a tracked link and lands on your funnel, clickt captures the following information:

  • The tracked link identifier
  • The page URL (path only)
  • The referring URL when the browser provides it
  • Device class (mobile / desktop / tablet)
  • Country-level location (we don't store full IP addresses)
  • Browser user-agent string
  • An anonymous session identifier

When your audience submits a form on your funnel (newsletter, lead magnet, checkout):

  • Email address (encrypted at rest; we never store the plaintext email in our database)
  • The tracked link identifier associated with the session

When your audience completes a conversion (purchase):

  • Transaction ID, amount, currency
  • Email (same encryption story as above)
  • Conversion timestamp

We do not capture: full IP addresses, payment-card numbers, browsing history on your site, names, addresses, phone numbers, or any field other than the email a visitor enters on your forms. clickt observes only what's needed for sale attribution.

2.4 Consent

clickt honours a consent signal that you configure. For audiences in the EU and UK, the default is to capture only anonymous pageview data until consent is signalled. You, the customer, choose the consent posture for your audience from your clickt dashboard.

3. Why we collect it

  • Account data, to operate the service, authenticate you, and bill you.
  • YouTube data, to provide the per-video attribution and bulk-update features you signed up for. YouTube data is used only to deliver the service to you and is not used for any other purpose, including but not limited to: training AI models, selling to third parties, or any use beyond what's needed to render your dashboard.
  • Audience data, to attribute sales to the videos that drove them. This is the core function of the service.

We do not:

  • Sell any data
  • Train AI models on YouTube data or your audience's data
  • Share data with advertising networks
  • Use data for any purpose beyond delivering the service to you

4. How long we keep it

  • Account data, retained while your account is active; deleted within 30 days of account closure.
  • YouTube connection tokens, retained while your connection is active; deleted within 7 days of disconnection.
  • YouTube data (channel and video metadata, descriptions, transcripts, thumbnails), refreshed via re-imports or deleted within 30 days of the last refresh in line with Google's YouTube API Services Developer Policies. On disconnect or account deletion, this data is deleted within 7 days. You can request immediate deletion at support@clickt.link and we'll complete it within 7 days.
  • Audience event data, retained while your workspace is active. On workspace closure, retained 90 days then deleted.

5. How we protect your data

We take reasonable and appropriate measures to protect all data, including Google user data, against unauthorised access, disclosure, alteration, or loss:

  • Encryption in transit. All data moving between your browser, your audience's browsers, and our systems is encrypted using TLS (HTTPS).
  • Encryption at rest. Sensitive data is encrypted at rest. YouTube connection tokens and audience email addresses are encrypted using AES-GCM; email is encrypted under a per-workspace key, and we never store plaintext email or raw connection tokens in our database.
  • Access controls. Human access to Google user data is restricted to you and users you invite to your workspace, and to clickt staff with a legitimate operational need under a confidentiality obligation.
  • Secure infrastructure. The service runs on hardened, access-controlled cloud infrastructure, and credentials and encryption keys are held as managed secrets, separate from the data they protect.

Security procedures are in place to protect the confidentiality of your data. No method of transmission or storage is perfectly secure, but we work to protect your data using industry-standard safeguards.

6. Service providers

We work with a small number of trusted third-party service providers to operate the service, covering things like infrastructure hosting, transactional email, payment processing, and operational monitoring. Each provider is bound by appropriate data protection terms.

7. Your rights

Under applicable privacy law (including GDPR, UK GDPR, and CCPA):

  • Access, request a copy of your data
  • Rectification, correct inaccurate data
  • Erasure, delete your account and associated data
  • Portability, export your data in machine-readable format
  • Restriction / objection, limit how we process your data

Email support@clickt.link. We respond within 30 days for general privacy requests and within 7 days for YouTube-data deletion requests per Google's YouTube API Services requirements.

8. YouTube API Services compliance

clickt's use of information received from YouTube APIs adheres to the YouTube API Services Terms of Service and the Google Privacy Policy.

8.1 Limited Use of Google user data

clickt's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data (including YouTube API data) only to provide and improve the per-video attribution and bulk-update features described above. We do not use it for any other purpose.
  • We do not sell Google user data.
  • We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising.
  • We do not use Google user data to develop, improve, or train generalised or non-personalised AI/ML models.
  • We do not transfer Google user data to any third party except (i) to provide or improve the service via the service providers referenced above, (ii) where required by law, or (iii) as part of a merger or acquisition with prior notice to you.
  • Human access to Google user data is restricted to (i) you and users you've invited to your workspace, (ii) clickt staff with legitimate operational need under a confidentiality obligation, (iii) where required by law, and (iv) where necessary to address security or abuse concerns.

8.2 Revocation and deletion

  • Revoke clickt's access to your Google account at any time via the Google Account permissions page.
  • Disconnect a channel inside the clickt dashboard at any time. Your stored YouTube data is deleted within 7 days of disconnect.
  • Request full data deletion by emailing support@clickt.link. YouTube-data deletion is completed within 7 days; broader account deletion within 30 days.

8.3 Refresh and retention

YouTube data we store is refreshed on each import. Data not refreshed within 30 days is deleted from our systems per Google's YouTube API Services Developer Policies.

9. Changes to this policy

We'll email you at least 30 days before any material change. The current version is always at clickt.link/privacy with the date in the page metadata.