Privacy Policy

We do not sell your personal information. We do not publish anything to YouTube on your behalf. We do not use your images to train public models. You can delete saved thumbnail history where the product supports it, and you can request account deletion by contacting us. We operate first-party analytics on infrastructure we control (using Amazon Web Services) so we can measure and improve thumbrival.com — not for selling your data or for ad retargeting by ThumbRival.

Account information

When you register, we collect information such as your name, email address, and authentication details. If you sign in with Google OAuth, we receive profile information from Google as permitted by your consent and Google’s policies.

Thumbnail images (user content)

You may upload thumbnail images to preview them in simulated YouTube-style feeds, receive AI-generated feedback, compare versions (including A/B-style workflows), generate shareable score cards, and (on supported plans) save items to history. ThumbRival does not upload or publish your thumbnails to YouTube.

Depending on your plan and features used, images may be processed in memory only or stored (for example, in AWS S3 for signed URL access) so you can revisit history. Free and Starter usage may not persist images after a session the same way Pro history does — see in-product behavior and Section 4 below.

Website and product analytics (first-party)

We operate our own analytics to understand how visitors use thumbrival.com. We load a script served from an endpoint in our AWS account (API Gateway, 7p2fqwatp7.execute-api.us-east-1.amazonaws.com, tracker.js). The script is configured to send categories of events such as page views, scroll-related activity, and session summaries (as set via data-collect on the tag) into pipelines we control. We use that information for our own operations: traffic measurement, reliability, product improvement, and understanding how features are used. It is not used for advertising or sold by ThumbRival. This is not a third-party ad or behavioral targeting network. Technical data (such as IP address, user agent, timestamps, and page URLs) may be processed as part of those events, depending on how we implement the collector.

Usage and service data

We process data needed to run the Service: for example, search terms you enter for competitive context, scoring and comparison requests, plan tier, timestamps, and similar operational records stored in our database. We may log limited technical data (such as IP address, user agent, and route) for security, abuse prevention, debugging, and aggregate reliability metrics.

Payments

Paid subscriptions are processed by Stripe. We do not store your full card number on our servers; Stripe handles payment data under its own terms and privacy notice.

• Provide previews, AI scoring, comparisons, history, and sharing features.
• Authenticate users, manage accounts, and enforce plan limits.
• Process subscriptions and billing through Stripe.
• Send transactional messages (e.g., password reset, billing notices). Marketing emails only if you opt in where applicable.
• Protect the Service, detect abuse, and comply with law.
• Improve reliability and product experience using aggregated or de-identified insights where possible.
• Operate first-party analytics (see Section 1) that we control to understand traffic, engagement, and sessions on thumbrival.com.

We do not use your images to train public models. AI inference is performed through our third-party AI provider to deliver results to you, not to sell your content or build a public training dataset for ThumbRival.

We rely on industry-standard providers, including:

• Anthropic (Claude) — thumbnail images and related text (e.g., search terms, competitor titles sent for context) are transmitted for AI scoring and feedback. See Anthropic’s Privacy Policy.
• Stripe — payments. Stripe Privacy Policy.
• Amazon Web Services (S3) — storage for some user content (e.g., history) with access via signed URLs where implemented. AWS Privacy Notice.
• Google / YouTube Data API — fetching competitor thumbnails and metadata for previews. Google Privacy Policy.
• Redis (e.g., Upstash) — optional rate limiting, caching, or similar operational uses when enabled in our deployment. Only minimal technical identifiers may be processed for those purposes.
• Amazon Web Services (analytics infrastructure) — our first-party analytics (Section 1) send events to services in our AWS environment (for example, API Gateway in us-east-1). We decide what is collected and how it is used; AWS provides cloud infrastructure. See the AWS Privacy Notice for AWS’s role as a service provider.

We do not sell your personal information to third parties.

We retain information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Specific retention can depend on your plan and how you use the product.

You can delete your data: Where the Service offers history or similar controls, you may delete saved items in the app. To delete your account or request deletion of personal information we hold, email support@thumbrival.com. We will complete verifiable requests within a reasonable timeframe, subject to legal exceptions.

We follow common practices for web applications: encrypted connections (HTTPS) between you and our Service, hashed passwords where applicable, secrets kept on the server (not exposed in the browser), and access controls aligned with providers such as AWS. Thumbnail access may use time-limited signed URLs where designed into the product.

No system is perfectly secure. We work with reputable infrastructure partners and apply reasonable safeguards, but we cannot guarantee absolute security or uninterrupted availability.

We use cookies and similar technologies as needed for authentication (for example, session cookies via NextAuth). If you disable essential cookies, sign-in may not work.

Our first-party analytics script (Section 1) may use cookies, local storage, or similar browser storage to distinguish sessions or support measurement, depending on how we implement the collector. We do not use third-party advertising or behavioral ad networks on the Service as described in this policy.

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe a child has provided information and we will take appropriate steps.

Depending on where you live, you may have rights to access, correct, delete, or export personal information, and to object to or restrict certain processing. California residents may have additional rights under the CCPA/CPRA (including knowing categories of data collected, requesting deletion subject to exceptions, and opting out of sale — we do not sell personal information). European users may have rights under the GDPR.

To exercise rights, contact support@thumbrival.com. We may verify your request before responding.

We may process and store information in the United States and other countries where our providers operate. Where required, we rely on appropriate safeguards for cross-border transfers.

We may update this Privacy Policy. We will revise the “Last updated” date and, for material changes, provide additional notice where appropriate (such as email or an in-app message). Continued use after updates means you accept the revised policy.

Questions about privacy? Email support@thumbrival.com.