Trigunatita
Start
§ Legal · PrivacyVersion 0.9Effective 4 May 2026

Privacy policy

Trigunatita exists to protect your work, which means we take privacy seriously — not because we have to, but because a backup product that leaked user data would be a contradiction in terms. This policy explains exactly what we collect, why, how long we keep it, and what you can do about it.

Who we are

Trigunatita is operated by Trigunatita Technologies, a company registered in India. For the purposes of India’s Digital Personal Data Protection Act, 2023 (DPDP Act) we are a Data Fiduciary. For the EU General Data Protection Regulation (GDPR), we are a Controller with respect to account data and a Processor with respect to video content you upload. Contact details for our grievance officer are at the bottom of this page.

What we collect

We collect only the data we need to run the product. The table below is the complete inventory. If we later collect anything else, we will update this policy and notify you.

CategoryExamplesLegal basis
Account dataName, email, Google account ID, hashed password (if used)Contract / consent
OAuth credentialsGoogle refresh token for each connected YouTube channelContract
Content dataVideo files and metadata (title, tags, thumbnail, playlist info)Contract (processor role)
Billing dataRazorpay customer ID, subscription ID, invoice metadata, GSTIN (if provided)Contract / legal obligation (GST)
Usage logsUpload events, sync status, IP address, browser user-agent, error tracesLegitimate interest (operating the service)
Site analyticsPage views, referrer, country, aggregated only; cookielessLegitimate interest
Support correspondenceEmails you send us, chat messages, screenshots you shareContract

What we do not collect

  • Your Google account password. OAuth is designed so we never see it.
  • YouTube monetisation data, Ads data, or AdSense revenue figures.
  • Your subscriber list or comment graph on YouTube.
  • Payment card numbers. Razorpay processes payments; card data never touches our servers.
  • Browsing activity on other websites; we do not run third-party ad trackers.

Why we collect it

Each category has exactly one job, stated plainly:

  • Account data — to authenticate you and email important notices.
  • OAuth credentials — to publish videos to your YouTube channels on your behalf. We never use them for any other purpose.
  • Content data — to mirror uploads and hold a durable archive you can restore from.
  • Billing data — to process payments, issue GST-compliant invoices, and satisfy tax record-keeping obligations under Indian law.
  • Usage logs — to show you your sync status, diagnose failures, investigate security incidents, and improve reliability.
  • Site analytics — to understand which marketing pages help creators.
  • Support correspondence — to respond to you.

How we share it

We share the minimum data required with the minimum set of processors. Our full list of sub-processors is in the Data Processing Addendum. In summary:

  • Cloud infrastructure — we use a single, reputable cloud provider with data hosted in the India region (ap-south). Names and contracts disclosed in the DPA.
  • Payment processor — Razorpay Software Pvt. Ltd. processes payments.
  • Email delivery — a transactional email provider delivers invoices and account notices.
  • YouTube — your video content and metadata are transmitted to YouTube (Google LLC) on your behalf, under your OAuth consent. This is the purpose of the service.
  • Legal requests — we will disclose data if compelled by a valid Indian legal order. We will notify you unless legally prohibited.

We do not sell, rent, or trade your personal data to anyone, for any reason, ever. We do not use your content to train AI models — ours or anyone else’s.

How long we keep it

CategoryRetention
Account dataLife of account + 30 days grace after cancellation
OAuth refresh tokensUntil you disconnect the channel or cancel; then deleted within 24h
Video files (cold archive)Per your tier (90d / 365d / unlimited) + 30 days grace
Sync ledger / usage logsAccount lifetime + 90 days (for audit and dispute defence)
Billing records7 years (GST and tax law requirement)
Support correspondence3 years
Analytics (aggregated)2 years

Your rights

Under the DPDP Act (India) and GDPR (EU), you have rights over your personal data. Trigunatita honours these rights for all users regardless of jurisdiction, because building two classes of user is operationally worse than just doing it once, right.

  • Right to access — request a copy of all personal data we hold about you. Delivered within 30 days, free.
  • Right to correction — fix anything inaccurate.
  • Right to erasure — delete your account. 30-day grace period, then hard deletion. Billing records retained where legally required (see retention table).
  • Right to data portability — receive an export in a commonly used machine-readable format (JSON for metadata, original video files as uploaded).
  • Right to withdraw consent — disconnect OAuth at any time from your Google account settings or from within Trigunatita.
  • Right to grievance redressal — contact our grievance officer below. We respond within 30 days as required by Indian law.
  • Right to nominate (DPDP Act) — nominate another person to exercise your rights if you are unable to.

To exercise any of these, email privacy@trigunatita.com from the address on your account. We may ask for additional verification to protect against imposter requests.

Security

Details of our security posture — encryption, OAuth scope minimisation, access control, incident response — are on the /security page. If you discover a vulnerability, report it to security@trigunatita.com; we acknowledge within 48 hours.

Children

Trigunatita is not directed at persons under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, please notify us and we will delete it. Note that YouTube separately has its own minimum-age terms.

International transfers

Your video content stays in India (ap-south region) in our storage. Transmissions to YouTube unavoidably reach Google’s global infrastructure because that is how the destination service works. By using Trigunatita you understand and consent to this transfer. Standard contractual clauses apply where required.

Changes to this policy

We will update this policy as the product and law evolve. Material changes will be emailed to account holders at least 30 days before taking effect. A change log is maintained at the bottom of this page.

Grievance officer

In accordance with Rule 3(11) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and the DPDP Act 2023:

  • Name: Meru Tiwari
  • Designation: Founder & Grievance Officer
  • Email: grievance@trigunatita.com
  • Response time: Acknowledged within 24 hours, resolved or substantively updated within 15 days

Change log

  • v0.9 · 4 May 2026 — pre-launch draft, pending legal review.