Legal

Privacy Policy

Last updated: 22 March 2026

This policy explains how Replayd (replayd.io) collects, uses, and protects your personal data. Replayd is operated as a sole trader, not a registered company. Questions? Email us at hello@replayd.io.

We've written this in plain English — no legalese. Replayd is subject to UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

01

What Replayd Is

Replayd is a social platform where users can discover, rate, and review YouTube video essays — think of it as Letterboxd, but for long-form video content. You can follow other users, build a profile, and share your opinions on the essays you watch.

02

What Data We Collect

Account data — collected on sign-up
Email address
Username
Password (stored as a one-way hash — we cannot read it)
Profile data — optional
A short bio
Activity data — generated when you use the platform
Ratings (numerical scores) you assign to video essays
Written reviews you submit
Social graph data — who you follow and who follows you
In-app notification events — e.g. when someone follows you or rates a video
Cached video metadata — not personal data
Publicly available YouTube data: titles, channel names, thumbnails, durations, descriptions
Cached to reduce API calls — not linked to you personally

What we don't collect: Payment details. If we introduce a paid tier, payments will be handled entirely by Stripe. Replayd will never see or store your card number or billing information.

03

Why We Collect It & Our Legal Basis

Under UK GDPR we need a lawful basis to process your data. We rely on two:

Purpose Legal basis
Creating and managing your account Contract performance
Storing your ratings and reviews Contract performance
Managing followers and activity feed Contract performance
Sending in-app notifications Contract performance
Caching YouTube video metadata Legitimate interests
Platform security and integrity Legitimate interests
Aggregate usage understanding (no individual profiling) Legitimate interests

04

How We Store & Protect Your Data

Your data is stored on secure servers. We take reasonable technical and organisational measures to protect it from unauthorised access, loss, or disclosure:

Passwords are hashed using a modern one-way algorithm before storage
Database access is restricted and authenticated
HTTPS is used across the platform to encrypt data in transit

No system is 100% secure, but we take our responsibility seriously. If we become aware of a breach that affects your rights, we'll notify you as required by law.

We do not sell your data to third parties. We do not use your data for advertising.

05

How Long We Keep Your Data

We keep your data for as long as your account is active. If you delete your account, we will delete your personal data — email address, username, bio, ratings, reviews, and social connections — in line with our deletion process.

Some anonymised or aggregated data (for example, aggregate rating counts on a video) may be retained after deletion as it is no longer tied to you personally.

06

Third-Party Services

YouTube Data API Active

Used to retrieve publicly available video metadata — titles, thumbnails, durations, channel names, and descriptions — when you search for video essays. We do not send any of your personal data to YouTube as part of this process. Use of the YouTube API is also subject to Google's Privacy Policy.

Stripe Coming soon

Planned for future payment processing if a premium tier is introduced. When that happens, all payment data will be handled entirely by Stripe under their own privacy and security standards. Replayd will not store payment card details.

07

Children & Minimum Age

⚠️

Replayd is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13, and the service is not directed at them.

If you are under 13, please do not use Replayd or provide any personal information. If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly.

This approach is consistent with the UK GDPR and the ICO's Age Appropriate Design Code (Children's Code). We encourage parents and guardians to be aware of their children's online activity.

08

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

👁

Right of access

You can request a copy of the personal data we hold about you.

✏️

Right to rectification

You can ask us to correct inaccurate or incomplete data.

🗑

Right to erasure

You have the right to request deletion of your personal data. Account deletion is coming soon — in the meantime, contact us directly.

Right to restrict processing

In certain circumstances, you can ask us to pause processing your data.

🚫

Right to object

You can object to processing based on legitimate interests.

📦

Right to data portability

You can ask for your data in a portable format.

To exercise any of these rights, email hello@replayd.io. We aim to respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

09

Cookies

Replayd uses standard session cookies to keep you logged in while you use the platform. These are essential for the service to function and are deleted when you close your browser or log out.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies at this time.

10

Changes to This Policy

We may update this policy from time to time. When we do, we'll update the date at the top of this page. If changes are significant, we'll let you know — for example, via a notice on the platform or an email to registered users.

Continuing to use Replayd after changes are posted means you accept the updated policy.

11

Contact Us

Questions, concerns, or requests about this policy or your personal data? Get in touch:

Email

hello@replayd.io

Website

replayd.io

We're a small indie project and will always do our best to respond promptly and helpfully.