How we protect your data
BrokenTube connects to your YouTube channel and processes link data at scale. Security is not an afterthought—especially for Agency plan teams managing client channels.
Last updated: May 2026
Encryption in transit & at rest
All traffic to brokentube.com uses HTTPS with modern TLS. Passwords are hashed with bcrypt—we never store plain-text passwords. YouTube OAuth refresh tokens and sensitive credentials are encrypted at rest using Fernet symmetric encryption before they touch our database.
Google OAuth & Limited Use
You connect channels via official Google OAuth. We request only the scopes needed for features you use (e.g., read metadata for scans; write only when you run authorized bulk updates). BrokenTube complies with the Google API Services User Data Policy, including Limited Use requirements—we do not sell YouTube user data or use it to train generalized AI models.
Two-factor authentication (2FA)
Enable TOTP-based 2FA in Settings → Security. Your authenticator secret is encrypted; recovery codes are provided at setup. We recommend 2FA for Agency accounts and anyone with bulk-replace access.
Chrome Extension safety
Our extension is published on the Chrome Web Store and reviewed by Google. Bulk description edits run inside YouTube Studio as your authenticated session—not via the YouTube API—so edits behave like manual changes with built-in human-like delays. Install only the official extension from brokentube.com/extensions.
Agency & team access
- Team invitations with role-based access (up to 4 members on Agency)
- API keys for automation—rotate or revoke in dashboard settings
- White-label PDF reports for clients (your branding, our scan data)
- Audit logs for administrative actions (admin panel)
Need a DPA or security questionnaire for procurement? Contact us with “Agency security” in the subject.
Infrastructure practices
Full legal details: Privacy Policy · Terms of Service
Security questions? Contact us