Privacy Policy

Last updated: June 14, 2026 · Effective: June 14, 2026

The short version. We collect the minimum information needed to run TubePull: your email and password hash to give you an account, the URLs you submit (from YouTube, TikTok, Reddit, and other supported platforms) so we can run the download and to enforce daily rate-limits and show you your history, and billing metadata from Stripe so we can charge subscriptions. We log every download request — including from anonymous users — for rate-limiting and abuse prevention; signed-in users can see and delete these from their history. We do not sell your personal information, and we do not store the videos or audio you download. You can delete your account and your data at any time.

1. Who we are

This Privacy Policy describes how Moondust Studios LLC, doing business as TubePull (“TubePull,” “we,” “us,” or “our”), a Florida limited liability company, collects, uses, and shares personal information when you use the TubePull website and service (the “Service”). It applies in addition to our Terms of Service.

For privacy questions or to exercise the rights described below, email [email protected].

2. What we collect

We collect only what we need to run the Service. Specifically:

Information you give us

Account info. Email address and a salted hash of your password (we never store your password in plain text). If you sign in with Google or Microsoft, we receive your email address, name, and the OAuth provider’s unique account identifier.
Billing info. When you subscribe, our payment processor (Stripe, Inc.) collects your payment card details, billing address, and tax information. We never see or store full card numbers; we receive a Stripe customer ID, subscription ID, the last four digits of the card, and the card brand and expiry.
Communications. If you contact support, we keep the message and our reply.

Information we collect automatically

Submitted URLs and download history. Every download request is logged with the URL, video ID, video title, format, quality, the requesting IP address, a timestamp, the request status (success or failure) and any error category, plus approximate geolocation derived from your IP at the network edge (country, region, city, and approximate latitude/longitude). The geolocation values come from request headers added by our CDN provider (Cloudflare); when a request does not pass through the CDN, these fields are left blank. We use this log to (1) enforce per-user and per-IP daily rate-limits, (2) populate the download history visible to signed-in Free and Unlimited subscribers (who can re-pull or delete entries from their history at any time), and (3) detect abuse, fraud, and infrastructure problems on our admin dashboards. Anonymous (no-account) requests are logged the same way for rate-limiting and abuse prevention but are not surfaced in any user-facing history. Logs are retained per the schedule in § 6.
Service logs. IP address, browser type and version, referring page, time of request, and pages viewed. This is standard web-server logging and is used for security, abuse prevention, and capacity planning.
Login activity. Successful and failed login attempts (timestamp, IP address, user agent) so you and we can detect unauthorized access. You can review your own login activity from your account page.
Email events. When we send transactional email (verification, receipts, password reset, dunning) through Mailgun, Mailgun reports back to us whether each message was delivered, opened, bounced, complained, or unsubscribed. We log these events against your account.
Proxy routing metadata. Downloads are routed through third-party proxy IPs (Webshare). We log which proxy was used per request, success/failure, and bytes transferred, for reliability and for billing reconciliation. We do not log the content of the video.
Cookies. See § 5.

What we do not collect

The actual video or audio data you download — downloads stream through our servers to your device and are not retained after the request completes.
Your full payment card number, CVV, or full bank account number (those go directly to Stripe).
Sensitive categories such as health, biometric, race, religion, or precise geolocation. (We receive only IP-derived city-level location from Cloudflare — described in § 2 — never device GPS or other precise positioning.)

3. How we use it

We use the information described above to:

Provide the Service: authenticate you, run downloads, and send the resulting file to your device.
Operate your subscription: process payments, prevent and recover failed charges, issue refunds, and send invoices and receipts.
Communicate with you: send transactional email (verification, password reset, receipts, dunning) and respond to support requests. We will only send marketing email if you opt in.
Maintain security: detect and prevent fraud, abuse, credential stuffing, and copyright infringement; comply with the DMCA and other legal obligations.
Improve the Service: aggregate usage analytics, debugging, performance, and capacity planning. Where we use analytics, we minimize identifiers and never sell or share usage data with advertisers.
Comply with law: respond to lawful subpoenas, court orders, and legal claims, and enforce our Terms.

We share the minimum personal information needed with the service providers that help us run TubePull. Each is bound by its own privacy and security obligations:

Stripe — payment processing, subscription management, fraud prevention, customer portal.
Mailgun (Sinch) — transactional email delivery and event tracking (delivered, bounced, complained, unsubscribed).
Webshare — proxy IPs that route requests to source platforms (YouTube, TikTok, Reddit, and other supported platforms) on your behalf. Webshare does not receive your TubePull account information; it sees only the upstream request traffic.
DigitalOcean — cloud hosting and managed database.
Cloudflare — CDN, DDoS protection, and request edge that supplies the approximate IP-based geolocation described in § 2.
Google & Microsoft (optional) — if you use Sign in with Google or Microsoft, those providers receive a sign-in event and we receive the basic profile attributes you authorized.
Advertising and analytics platforms — we use Google Analytics 4, Microsoft Advertising (UET), and Reddit Ads to measure traffic and the effectiveness of our advertising. Google Analytics and Microsoft UET receive pageview events and a cookie identifier in your browser; Reddit conversions are reported server-side only (we no longer load the Reddit browser pixel). These platforms receive conversion values limited to plan interval and price — we do not send your email address or name. See § 5 for cookie details and how to opt out.
Auditors, lawyers, and acquirers (rare). If we’re audited, served with legal process, or involved in a merger or acquisition, we may share information with the parties involved, subject to confidentiality.

We do not sell or rent your personal information, and we do not knowingly share it with data brokers. Conversion data shared with the advertising platforms above may, under the CCPA’s broad definition of “sharing,” qualify as cross-context behavioral advertising; California residents may opt out via Global Privacy Control or by emailing us (see § 9).

5. Cookies & analytics

We use the following cookies and similar storage:

Session cookies (essential): keep you logged in and protect form submissions with a CSRF token. These expire when you close your browser or sign out.
Theme preference (essential): remembers whether you chose light or dark mode.
Stripe may set its own cookies on the checkout and customer-portal pages for fraud prevention.
Google Analytics 4 (measurement): sets the _ga and _ga_* cookies to count unique visitors and measure how people use the site. Configured with anonymized IP and without Google Signals.
Microsoft Advertising UET (advertising): sets the _uetsid and _uetvid cookies to attribute conversions (signups, paid upgrades) to Microsoft Ads campaigns.
Reddit Ads (advertising): Reddit conversions are reported server-side via Reddit’s Conversions API — we no longer load the Reddit browser pixel, so it sets no cookie or identifier in your browser.

You can disable cookies in your browser settings, use a tracking-blocker extension, or send a Global Privacy Control signal — any of these will prevent the advertising cookies above from loading. Disabling cookies will not affect your ability to use the Service; only the analytics and advertising telemetry stop working.

6. How long we keep it

Active accounts: while your account is active, plus the periods below.
Download history (signed-in users): kept until you delete the entry or your account, whichever comes first.
Anonymous download logs: 90 days, then automatically purged. These are used solely for rate-limiting and abuse prevention and are not associated with an account.
Server logs & login activity: 90 days, then automatically purged.
Email event logs (Mailgun): 30 days for engagement events; bounce and complaint flags are retained as long as the account exists to protect deliverability.
Proxy routing metadata: 30 days.
Billing records: retained at Stripe and in our records for at least 7 years to comply with U.S. tax and accounting law.
After account deletion: account email, history, and login activity are deleted within 30 days. Stripe customer and invoice records remain for the retention period above. Backup copies may persist for up to 35 days after deletion before they are overwritten.

7. Security

We protect your information with industry-standard safeguards: TLS for all traffic, salted password hashing (bcrypt/argon2), CSRF protection on every form, encrypted database connections to our managed database, restricted SSH access, automatic security updates, and least-privilege access for staff. No system is perfectly secure; if we ever suffer a security incident that affects you, we will notify you promptly as required by applicable law.

8. Your rights

Regardless of where you live, you can:

Access the personal information we hold about you — email [email protected] and we’ll send you a copy.
Correct inaccurate information — you can update most of it from your account page; for anything else, email us.
Delete your account and personal information — from your account page or by emailing us. Subject to retention obligations described above.
Export your download history as JSON or CSV — from your account page.
Cancel your subscription at any time without affecting your right to access your data.
Opt out of marketing email by clicking unsubscribe in any marketing message. Transactional email (receipts, security alerts) cannot be opted out of while your account is active.

9. California residents (CCPA / CPRA)

If you are a California resident, you have the additional rights to:

Know what categories of personal information we have collected, the sources, the purposes, and the categories of recipients (all summarized above).
Delete your personal information, subject to legal retention exceptions.
Correct inaccurate personal information.
Opt out of the “sale” or “sharing” of personal information — we do not sell or share personal information as those terms are defined under the CCPA, so there is nothing to opt out of, but we honor Global Privacy Control signals.
Non-discrimination for exercising any of these rights.

To exercise any California right, email [email protected]. We will verify your request by asking you to confirm from the email address on file. You may use an authorized agent.

10. EU and UK residents (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, TubePull is the controller of your personal information. Our legal bases for processing are:

Contract (Art. 6(1)(b)) — to provide the Service you signed up for.
Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent fraud and abuse, and respond to copyright complaints. We balance these against your rights.
Legal obligation (Art. 6(1)(c)) — tax recordkeeping, DMCA compliance, lawful requests.
Consent (Art. 6(1)(a)) — for any optional marketing communications, withdrawable at any time.

You have the rights to access, rectification, erasure, restriction, portability, and objection, plus the right to lodge a complaint with your local data-protection authority. To exercise these rights, email [email protected].

11. International transfers

TubePull is operated from the United States. If you access the Service from outside the U.S., your personal information will be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards for these transfers.

12. Children

The Service is not directed to children under 13 (or the equivalent minimum age in your country, e.g. 16 in parts of the EU). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.

13. Do Not Track & Global Privacy Control

The Do Not Track header has been deprecated by every major browser and is no longer reliably set, so we do not act on it. We honor Global Privacy Control (GPC) signals as a request to opt out of the “sale” or “sharing” of personal information for California residents and as a general advertising opt-out for everyone — when a GPC signal is present, we do not transmit conversion events to the advertising platforms listed in § 4.

14. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page reflects the latest revision. Material changes will be communicated by email or in-product notice at least 14 days before they take effect, except where a shorter notice is required for legal or security reasons.

15. Contact

Moondust Studios LLC d/b/a TubePull · A Florida limited liability company
Privacy: [email protected]
General: [email protected]

This page describes how we handle personal information. It is not legal advice. If your jurisdiction provides stronger protections, those apply on top of this policy.