Privacy Policy — CursorShorts

Who we are

CursorShorts is built and operated by Mohammed Thoufic("we", "us", or "Company"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights.

Scope

This policy covers personal data collected and processed when you use our website and services at cursorshorts.com (the "Service"). By using the Service, you accept the practices described in this policy.

Information we collect

• Account information: email address and name (collected when you sign up). Currently sign-up is available via Google OAuth.
• Content you provide: files and media you upload and any content you ask us to publish (for example, videos you request us to publish to YouTube on your behalf).
• User logs & analytics: usage logs, IP addresses, device and browser metadata, and aggregated analytics data collected to operate and improve the Service.
• Generated content & prompts: text prompts you submit and the scripts, image prompts, or other generated outputs we create for you (used to provide the requested features).

How we collect data

We collect data you provide directly (for example, when you sign up or upload content) and automatically through technologies such as cookies and analytics tools (Axiom and PostHog). We also integrate with Google OAuth for sign-in and the YouTube API if you choose to connect your YouTube account so we can publish content on your behalf.

How we use your information

• To provide, operate, and maintain the Service (including publishing to YouTube when you authorize it).
• To generate scripts, image prompts, and other outputs by making requests to third-party AI and media services such as ElevenLabs, OpenRouter, and OpenAI.
• To analyze and improve the Service using Axiom and PostHog.
• To communicate with you about your account, products, features, and support requests.
• To comply with legal obligations and protect the rights, property, or safety of CursorShorts and its users.

Third parties and integrations

We use the following third-party services and may share limited information with them to provide the Service:

• Google (OAuth & YouTube API): used for account sign-in and to publish videos to YouTube when you explicitly authorize that action. We adhere to Google's API policies and the Limited Use requirements where applicable.
• NeonDB: our primary database provider; data is stored in the United States.
• Analytics: Axiom and PostHog are used to collect and analyze usage and performance data.
• AI & media providers: ElevenLabs, OpenRouter, and OpenAI — we send prompts and receive generated content (scripts, image prompts, etc.) to create features you request. We do NOT share user data with these providers beyond the prompts/requests you authorize and we do not use your data to train models (see below).

Google / YouTube Access & OAuth

CursorShorts lets you connect your Google/YouTube account so you can publish generated videos and view channel analytics inside the app. When you connect YouTube we request the following Google API scopes (exact scope strings shown):

• https://www.googleapis.com/auth/youtube
• https://www.googleapis.com/auth/youtube.upload
• https://www.googleapis.com/auth/youtube.readonly
• https://www.googleapis.com/auth/yt-analytics.readonly

Purpose. We use these permissions only to perform actions you explicitly request: uploading videos you create, reading channel and video metadata to prevent duplicates and map uploads correctly, and displaying analytics and earnings data in your CursorShorts dashboard. We will not access or use additional YouTube data beyond these purposes.

Token storage & security. We store OAuth access and refresh tokens encrypted in our database (NeonDB, USA). Tokens are used only to maintain the connection and make API calls on your behalf; we do not share your tokens with third parties.

Retention & caching. Analytics and metadata pulled from YouTube may be cached for up to 90 days to improve dashboard speed and historical comparison. Media you upload at your request is retained until you delete it or request deletion.

Disconnect & revoke. To disconnect your YouTube account from CursorShorts: go to Settings → Connected Accounts → "Disconnect YouTube." Disconnecting will revoke our refresh tokens and stop future API calls. You can also revoke CursorShorts access from your Google Account Permissions page. To request full deletion of all YouTube-related data we store, email contact.cursorshorts@gmail.com including the account email. We will confirm deletion when complete.

Limited Use & compliance. We comply with Google's API Policies and the Limited Use requirements for protecting user data. If you have questions, contact us at contact.cursorshorts@gmail.com.

Training and model use

We do not use user data to train our own models or to improve third-party models. Prompts and generated outputs are passed to third-party providers only to deliver the specific feature you requested; they are not used by us for training purposes.

Data retention and deletion

We retain your account information, content, and logs for as long as necessary to provide the Service and for legitimate business purposes (for example, troubleshooting, analytics, and legal compliance).

Account deletion: at this time, self-service account deletion is not available in the app. If you want your account and associated data removed, email us at contact.cursorshorts@gmail.com with your account email and request. We will process deletion requests within 30 days and confirm when deletion is complete.

Security

We implement reasonable technical and organizational measures aimed at protecting your information. Data you send to CursorShorts is transmitted over secure channels (HTTPS/TLS). Your data, including OAuth access and refresh tokens, is stored encrypted in NeonDB (US). We continuously review security practices, but no system is completely secure — we cannot guarantee absolute protection.

Sharing and disclosures

We do not sell personal information. We may share personal information with third parties only in the following limited cases:

• With your explicit consent (for example, publishing a video to your YouTube channel when you authorize it).
• With service providers who perform services on our behalf (e.g., NeonDB, analytics providers, cloud infrastructure, AI providers) under contracts that limit how they use your data.
• If required by law, or to respond to lawful requests or legal process.
• To protect the rights and safety of CursorShorts, our users, or the public.

Children

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information about a child under 13, contact us at contact.cursorshorts@gmail.com.

International transfers

Your information may be stored and processed in the United States. If you are located outside the U.S., please note that data protection laws may differ. By using the Service you consent to the transfer of your information to the United States.

Your rights

Depending on your jurisdiction, you may have rights including access, correction, deletion, objection to processing, and data portability. To exercise these rights, contact us at contact.cursorshorts@gmail.com with a clear request and your account email.