Privacy Policy
1. What data we collect
| Data type | What exactly | Why |
|---|---|---|
| Google account | Email, sub ID (unique Google identifier) | User identification, cross-device sync |
| Block events | Channel ID, event timestamp, YouTube page type (home / search / watch) | Personal blocking statistics, improving list quality |
| Subscriptions | Selected filter categories | Syncing preferences across browsers |
| Personal lists | Blacklist / Whitelist, manually added channels | Cross-device sync (linked to your account only) |
| Device ID | Random UUID generated on first launch | Analytics deduplication (not tied to any individual) |
| Discovery data | Channel IDs detected by heuristics (not linked to any specific user) | Expanding and improving the channel database |
Discovery data is anonymous — the discovered_channels table contains no user_id fields. We cannot determine which user "saw" a channel.
2. What we do NOT collect
- YouTube watch history (which videos you watched)
- Video content, comments, or likes
- Passwords or payment information (payments are handled by Stripe separately)
- Data from children under 13 (Google OAuth requires age 13+)
- Browsing history outside supported platforms (YouTube, LinkedIn, X, Reddit)
3. How we use data
- Preference sync — your subscriptions, blocklist, and allowlist are synced across browsers via your account.
- Improving list quality — anonymous discovery data helps expand the channel database without requiring community contributions.
- Statistics for you — you can see how many channels have been blocked and in which categories (shown in the Options page).
- Recommendation training — Pro+ subscribers only, and only when explicitly initiated by the user. We trigger "Don't recommend channel" via the YouTube API on your behalf.
4. Data storage
| Location | What is stored | Physical location |
|---|---|---|
| Server | Accounts, subscriptions, personal lists, aggregated analytics | PostgreSQL on Hetzner, Frankfurt, EU |
| Extension | Blocklist cache, personal lists, settings, discovery queue | IndexedDB + chrome.storage.local — on your device only |
| CDN | Public blocklist (no PII) | Cloudflare edge nodes — caching only, no PII stored |
Our servers are located in Frankfurt, EU. Your personal data does not leave the EU without your consent.
5. Data sharing with third parties
We do not sell or share your personal data with third parties.
- Public statistics — aggregated, anonymous metrics (e.g. "9,956 channels in the database") may be displayed publicly.
- Discovery data — anonymous (no user_id), may be passed to our own database for list expansion.
- Google OAuth — authentication is handled via Google. Google's own privacy policy applies to that interaction.
- Stripe — payment processor. We do not receive or store full card details. Stripe holds its own PCI DSS certification.
- Cloudflare — content delivery network for the public blocklist. Cloudflare does not receive your personal data.
6. Data retention
| Data type | Retention period |
|---|---|
| Account data | Kept while account is active. Deleted on request. |
| Block events | 90 days in detailed form, then aggregated and anonymized. |
| Discovery data | Permanently anonymous (user_id is never recorded from the start). |
| Refresh token | 365 days, automatically purged after expiry. |
| Personal lists (BL/WL) | Kept until account deletion or manual clearing in the Options page. |
7. Your rights (GDPR Art. 15–20)
- Access — view your data on the Options page in the extension, or send a request to privacy@blokari.com.
- Deletion — delete your account in settings or write to privacy@blokari.com. Your data will be deleted within 30 days.
- Export — JSON export is available in Options → Export. Includes your subscriptions and personal lists.
- Portability — import your JSON on any other browser via Options → Import.
- Correction — if you find inaccurate data, contact us and we will correct it.
- Objection — you can opt out of discovery data collection in the extension settings (Options → Privacy).
8. Children's Privacy (COPPA / GDPR)
- Google OAuth requires users to be at least 13 years old to create an account. We rely on this restriction.
- Parental controls are FREE on all plans and do not require a child account.
- We do not knowingly collect data from children under 13. If you believe a child has provided us with data, contact us immediately and we will delete it.
9. Contact
For any privacy-related questions, data deletion or access requests, contact us:
Email: privacy@blokari.com
Website: https://blokari.com
We respond to personal data requests within 30 days as required by GDPR.