← Back to home

Publishing Assistant — Privacy Policy

Last updated: 2026-04-18 · Effective: 2026-04-18 · Publisher: Cola Tools

Publishing Assistant ("the App") is a desktop application that runs on your local machine. This Privacy Policy explains how the App handles your information and the rights you have.

Core commitment: the App operates no servers. We do not collect, transmit, or store any of your personal data on systems we control. All your accounts, tokens, AI keys, media assets, and task records are stored only on your local machine.

1. What data is processed

1.1 Data you create within the App (stored locally only)

• Platform OAuth tokens: access_token / refresh_token issued when you connect platforms such as YouTube. Encrypted via your operating system keychain (macOS Keychain / Windows Credential Manager / libsecret) and stored in a local SQLite database.
• AI service API key: the OpenRouter API key you enter under "Settings". Also encrypted via the OS keychain.
• Video metadata: file path, duration, resolution, codec, file size, SHA-256 fingerprint, and a generated thumbnail of the first frame.
• Task records: the title / description / tags, state, timestamps, and failure reasons of publishing tasks you create.
• AI generation history: the input hint, model used, and candidate outputs of AI generation requests you initiate.

All such data is stored in a local SQLite database and the user-data directory (e.g. ~/Library/Application Support/Publishing Assistant/ on macOS). It is not transmitted to Cola Tools or any third party.

1.2 Data we do not collect

• We operate no backend servers. We do not collect device identifiers, location, behavioral analytics, or crash reports (error reporting is disabled by default and only sends anonymous information after you opt in).
• We do not access platform data outside the scopes you have authorized. For YouTube, we use only the youtube.upload scope, which is used solely to upload videos you explicitly select.
• We do not retain your AI prompts or completions on any system we control.

2. Third-party services

When you actively initiate the corresponding action, the App calls the following third-party APIs. In these requests, the data is sent by you (not by Cola Tools) directly to the third party:

• Google / YouTube Data API: when you click "Publish", the App sends your video file and metadata to YouTube via the OAuth-authorized resumable upload API. Google's handling of that data is governed by its own privacy policy at policies.google.com/privacy.
• OpenRouter: when you click "AI Generate", the App sends your topic hint and preset to OpenRouter, which forwards them to your chosen model provider (e.g. Anthropic / OpenAI / Google). OpenRouter's privacy policy is at openrouter.ai/privacy.

The request and response bodies of these calls are not separately transmitted to Cola Tools.

3. Use of Google user data (Limited Use Disclosure)

The App's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use the Google user data only to enable the user-facing feature of uploading videos to the user's YouTube channel.
• We do not transfer Google user data to third parties except as necessary to provide that feature, or for security or legal compliance.
• We do not use Google user data for advertising, and we do not allow humans to read the data unless we have your affirmative agreement, it is necessary for security or to comply with law, or the data is aggregated and used for internal operations in compliance with applicable rules.

4. Your rights

• Disconnect at any time: clicking "Disconnect" on the Accounts page deletes the locally stored token for that account. You can also revoke the App's access from the Google Account permissions page.
• Delete local data: simply delete the App's user-data directory to wipe all local data.
• Uninstall: after uninstalling, your local data remains on disk (until you manually delete the user-data directory), since it is yours.

5. Children's privacy

The App is not directed to children under 13. If you are a guardian and believe a child under your care has used the App and produced data you would like to know about or delete, please contact us at the email below; although we ourselves do not hold the data, we will do our best to assist.

6. Data security

All sensitive credentials (OAuth tokens, AI keys) are encrypted via Electron's safeStorage, which uses the operating system's keychain. Decryption is possible only when the App runs in the same user session. Tokens and AI keys are never written to log files.

7. Changes to this policy

We will publish notice of material changes to this policy on the App's "Settings" page and at the top of this page, and update the "Last updated" date. Continued use of the App constitutes acceptance of the changes.

8. Contact

For questions about this policy or to exercise your rights, email: [email protected]

Publisher: Cola Tools