🔒 Legal Compliance & Data Access Methodology

Last Updated: November 25, 2025

Core Principle: "User Action Automation"

Music Summary automates ONLY actions that any user can perform manually through standard browser features.

Every data access method used by our extension is equivalent to actions available through Chrome Developer Tools (DevTools), which is a built-in, officially supported browser feature available to all users.

1. How We Access YouTube Captions (Subtitles)

Why This Matters

When lyrics are not available from third-party lyrics services, the extension can optionally use YouTube captions as a fallback source for song lyrics analysis. We want to be 100% transparent about how this works and why it's legal.

What Any User Can Do Manually (Without Extension)

Here's exactly what a regular YouTube user can do to access caption data:

Open any YouTube video (e.g., a music video)
Click the "CC" (Closed Captions) button on the video player
Open Chrome Developer Tools by pressing F12 (this is a built-in Chrome feature)
Navigate to the "Network" tab in DevTools
Observe the request to https://www.youtube.com/api/timedtext?v=[VIDEO_ID]&lang=[LANG]&pot=[TOKEN]
Double-click on the timedtext request to download the caption file (JSON3/XML format) directly to their computer

This is a standard, documented feature of Chrome DevTools available to all users. There is no "hacking" or circumvention involved - it's literally built into the browser by Google.

What Our Extension Does (Automated Equivalent)

The extension automates the exact same sequence:

User Manual Action	Extension Automated Action	Technical Method
User clicks CC button	Extension clicks CC button	`ccButton.click()` - Simulates user interaction
User opens DevTools (F12)	Extension "observes" network	`PerformanceObserver` API - W3C standard web API
User views Network tab	Extension observes resource loading	Same data visible in DevTools Network tab
User sees timedtext request	Extension captures URL	Reads URL from PerformanceObserver (includes POT token from YouTube)
User double-clicks to download captions	Extension fetches URL	`fetch(capturedUrl)` - Standard Fetch API
User accesses downloaded caption file	Extension reads response text	`response.text()` - Processes JSON3/XML format

Key Technical Details

1. PerformanceObserver API (W3C Standard)

PerformanceObserver is an official Web API standardized by the W3C (World Wide Web Consortium):

✓ Official specification: W3C Performance Timeline
✓ Built into all modern browsers (Chrome, Firefox, Safari, Edge)
✓ Designed to let web pages observe network activity and performance metrics
✓ Provides the SAME information visible in DevTools Network tab
✓ NOT a hack, exploit, or reverse-engineering tool

Any JavaScript code on any web page can use PerformanceObserver. You can test this yourself:

Open YouTube, press F12 to open Console
Paste this code:


const observer = new PerformanceObserver((list) => {

  console.log(list.getEntries());

});

observer.observe({ entryTypes: ['resource'] });

Click CC button and you'll see the timedtext request - same as in Network tab!

2. POT Token (Proof of Origin Token)

POT token is NOT cracked or reverse-engineered by us. It's provided by YouTube itself:

✓ Generated by YouTube when user clicks CC button
✓ Included in the timedtext URL automatically
✓ Purpose: Prevents CSRF (Cross-Site Request Forgery) attacks
✗ Does NOT prevent legitimate access within user's session
✓ We simply use the URL that YouTube provides (with token included)

3. No Server-Side Storage

✓ Captions are processed in user's browser
✓ Only sent to AI service (Google Gemini) for analysis
✗ We do NOT store captions on our servers
✗ We do NOT build a database of lyrics
✗ We do NOT redistribute captions to other users

2. Legal Compliance Analysis

YouTube Terms of Service Compliance

YouTube ToS Section 3 states:

"You are not allowed to access the Service using any automated means (such as robots, botnets or scrapers) except:
(a) in the case of public search engines, in accordance with YouTube's robots.txt file;
(b) with YouTube's prior written permission; or
(c) as permitted by applicable law"

        Why We Comply - Exception (c): "As Permitted by Applicable Law"
        ✓ No Unauthorized Access: User is already authenticated on YouTube with their own account
✓ No Technical Circumvention: CC button is publicly accessible; POT token is provided by YouTube
✓ DevTools Equivalence: Using browser tools (including DevTools) represents authorized access to publicly available data
✓ Session-Based: Works only within user's browser session, not server-side scraping

    

Computer Fraud and Abuse Act (CFAA) Compliance

CFAA prohibits "unauthorized access" to computer systems.

        Why We Comply:
        ✓ Authorized Access: User is logged into YouTube with valid credentials
✓ Browser Tools Are Authorized: DevTools is provided by Chrome for user inspection
✓ Standard Browser Functionality: Using browser developer tools does not constitute unauthorized access
✓ No Exceeding Authorized Access: We access only what browser already loaded for user

    

Digital Millennium Copyright Act (DMCA) Compliance

DMCA prohibits circumventing "technological protection measures" (TPMs).

        Why We Comply:
        ✓ No TPM Present: Captions are NOT encrypted, DRM-protected, or access-controlled
✓ No Circumvention: CC button is openly accessible; we don't crack passwords or bypass restrictions
✓ POT Token Not Circumvented: Token is provided by YouTube, not generated by us
✓ Transformative Use: We generate original AI commentary (for entertainment and language learning), not redistribute captions

    

3. Similar Approved Extensions

Our approach is identical to Chrome Web Store approved extensions:

Extension	Users	Similar Functionality
Language Reactor	1M+	Accesses Netflix/YouTube captions for language learning using same methods
Video DownloadHelper	4M+	Captures media URLs from network traffic using PerformanceObserver
React DevTools	3M+	Observes page data and network activity for debugging
JSON Formatter	1M+	Intercepts network responses and formats JSON data

4. What We Do NOT Do

Clear Boundaries - Activities We Explicitly Avoid:

✗ Download video/audio files - We do NOT download or store music content
✗ Store lyrics on servers - Captions are processed in real-time, not stored
✗ Bypass ads or premium features - User's YouTube experience unchanged
✗ Mass scraping - Only processes videos user actively watches
✗ Direct API calls without user action - Captions only accessed when user clicks CC
✗ Reverse-engineer YouTube's internal systems - We use public browser APIs only
✗ Create alternative player - YouTube's player remains untouched
✗ Redistribute content - All music stays on YouTube platform

5. User Privacy & Control

Transparency Measures

✓ Clear Disclosure: Users informed about caption access in extension description
✓ Optional Feature: Caption-based lyrics is a fallback when other sources fail
✓ Console Logging: All network operations logged for transparency

User Control

✓ User can uninstall extension anytime
✓ No data persists after uninstall
✓ Works only when user is on YouTube Music/YouTube

6. Data Flow Diagram

1. User plays song on YouTube Music
   ↓
2. Extension detects song (reads visible title/artist from page)
   ↓
3. Extension tries to get lyrics from:
   - Priority 1: YouTube Music "Lyrics" tab (if available)
   - Priority 2: Third-party public lyrics services
   - Priority 3: Additional lyrics APIs
   ↓
4. IF no lyrics found, OPTIONALLY:
   - Extension simulates CC button click
   - Observes network request (PerformanceObserver)
   - Captures timedtext URL (provided by YouTube)
   - Fetches caption data (same as DevTools)
   ↓
5. Lyrics/captions sent to AI service (Google Gemini)
   - AI generates ORIGINAL commentary
   - No copyrighted content stored or redistributed
   ↓
6. Commentary displayed to user in extension panel

7. For Payment Processors & Business Partners

        Why Music Summary is a Legitimate Business

        Our Business Model:
        What we sell: AI-powered entertainment and language learning service for music listeners
What we DON'T sell: Access to copyrighted content (music remains on YouTube)
Value proposition: Entertainment and assistance in understanding song meanings in foreign languages
Similar to: Entertainment tools, language learning apps, music companion platforms


        Technical Legitimacy:
        ✓ Uses only standard web APIs (W3C standards)
✓ Equivalent to browser's built-in DevTools
✓ No hacking, cracking, or reverse-engineering
✓ Works within user's authenticated browser session
✓ Automation of standard, user-accessible browser functionality


        Compliance:
        ✓ GDPR compliant (EU data protection)
✓ CCPA compliant (California privacy law)
✓ DMCA compliant (no DRM circumvention)
✓ YouTube ToS compliant (automated access permitted by law)
✓ Chrome Web Store policies compliant

    

8. Contact & Verification

For payment processors, business partners, or regulatory inquiries:

Business Name: EZlogic
Email: ytmusicsummary@gmail.com

We are happy to provide upon request:

Technical documentation explaining data access methods
Architecture diagrams showing data flow
Comparison with similar approved extensions

Summary: Why This is Legal

Three Key Facts:

User Equivalence: Everything we do can be done manually by user through F12 DevTools
Standard APIs: We use W3C/WHATWG standard web APIs, NOT hacks or exploits
No Circumvention: CC button is public, captions are accessible, no DRM bypassed

Result: Legal automation of user-accessible browser functionality for entertainment and language learning purposes.

Home | Privacy Policy | Terms of Service | Pricing