Privacy Policy

Last Updated: February 18, 2026

Service Provider: EZlogic (Independent Developer)

Location: Kazakhstan

1. Introduction

This Privacy Policy explains how the Music Summary Chrome Extension ("we," "us," or "Extension"), operated by EZlogic (independent developer), collects, uses, and protects your information. We are committed to protecting your privacy and being transparent about our data practices.

Privacy-First Commitment: We believe in minimal data collection and maximum user privacy. We only collect data necessary to provide and improve our service.

2. Information We Collect

We collect MINIMAL data: We believe in privacy-first approach and collect only what's necessary to provide the service.

2.1 Information You Provide

• Google Account Sign-In (Required): The extension requires signing in with your Google Account via Chrome Identity API (OAuth 2.0). We receive your Google Account ID (used as an anonymous user identifier) and email address. The email is displayed locally in your extension interface only and is not stored on our servers.
• Email Address (Optional): If you provide your email to our authorized payment processor during checkout, we do NOT store it on our servers. The payment processor may store it for payment receipts and account management.
• Payment Information: All payment data (credit cards, billing address, personal details) is processed and stored exclusively by our authorized third-party payment processor. We NEVER see or store your payment information.

2.2 Automatically Collected Information

• Google Account ID: Your Google Account's unique identifier obtained via Chrome Identity API — used as an anonymous user ID for subscription management
• Subscription Status: Your subscription tier (free/premium), status (active/canceled/expired), and expiration date
• Payment References: Anonymous subscription ID from payment processor (for linking your subscription, NOT for identifying you personally)
• Song Metadata: Song titles and artist names from currently playing music (for AI processing only, not stored)
• Technical Data: Extension version and basic error logs (for debugging)
• IP Address (Premium Users Only):
  • When: Only during subscription checkout/renewal
  • Purpose: Verify your country at the time of payment for tax compliance (EU VAT requirements)
  • Processing: IP address is processed through MaxMind GeoLite2 to detect country
  • Storage: The raw IP address is immediately hashed using SHA-256 (irreversible one-way hash) and stored alongside the detected country code. The raw IP address is never stored. Data stored: country code, IP hash, detection timestamp, provider name.
  • Accuracy: ~95% accurate at country level (city-level data NOT collected)

We do NOT collect:

• Your real name or personal identity
• Email addresses (unless you voluntarily provide to payment processor)
• Payment information or billing details
• Raw IP addresses (only irreversible SHA-256 hash stored for tax compliance)
• Precise location data (city, GPS coordinates, etc.) - only country code for tax purposes
• Billing address or street address
• Browsing history outside music platforms
• Contact lists or social connections

2.3 Copyrighted Content (Server-Side)

Important: We respect copyright and do not store copyrighted content on our servers.

• Song lyrics - We do NOT store or save any song lyrics on our servers
• Music files or audio - We do NOT download or store any music content
• YouTube video content - We do NOT cache or store any video content
• Server processing: We only process publicly available metadata (song titles, artist names) for AI commentary generation

Note about local browser caching: Song lyrics MAY be temporarily cached in YOUR browser's local storage (on your device only) for performance optimization. See section 2.4 for details.

2.4 Local Browser Caching (Your Device Only)

To provide a better user experience and faster responses when you request multiple AI summaries (e.g., from different characters) for the same song:

• Local Cache: Song lyrics are temporarily cached in YOUR browser's local storage
• Purpose: When you request summaries from different AI characters for the same song, we can generate them instantly without searching for lyrics again
• How it works:
  • First request: Extension finds lyrics → generates AI summary → caches lyrics locally
  • Subsequent requests (different characters): Uses cached lyrics → generates new summary instantly
• Location: Only on YOUR device - never transmitted to or stored on our servers
• Data Stored: Song title, artist name, and song lyrics text
• Retention: Automatically expires after ~30 days (browser default)
• Your Control: You can clear cache anytime via browser settings or by uninstalling the Extension
• Privacy: This data is NOT accessible to us or any third parties - it stays entirely on your device

Server-side Storage: We do NOT store song lyrics, song information, or AI summaries on our servers.

3. How We Use Your Information

We use the collected information for:

• Service Delivery: Generating AI-powered music insights, entertainment, and language learning assistance
• AI Processing: Sending song metadata (title, artist) to AI services to generate original commentary
• Subscription Management: Processing payments and managing subscription status
• Tax Compliance (Premium users only):
  • Verifying your country at the time of payment through 3-level verification (IP geolocation, PayPal billing country, self-declaration)
  • Calculating and applying appropriate VAT/taxes based on international regulations (EU distance selling thresholds)
  • Maintaining tax records for regulatory compliance
  • Legal basis: Compliance with legal obligations (GDPR Article 6(1)(c)) and contractual necessity
• Personalization: Saving your preferred language, character choices, and settings
• Analytics: Understanding feature usage to improve the Extension
• Technical Support: Diagnosing and fixing technical issues
• Service Improvement: Developing new features based on user feedback
• Communication: Sending service updates, feature announcements (if you opt-in)

3.1 AI and Machine Learning

The Extension uses AI (Google Gemini, Chrome Built-in AI) to generate original commentary about music:

• What we send to AI: Only song title, artist name, and your selected character/language preferences
• What AI generates: Original commentary for entertainment and language learning (not copyrighted content)
• On-device option: You can choose Chrome Built-in AI for privacy (no data leaves your browser)
• AI limitations: AI-generated content may contain inaccuracies and is for entertainment and language learning purposes only

3.2 Tax Compliance and Country Verification

For Premium Subscription Users: To comply with international tax regulations (EU VAT requirements, distance selling thresholds), we collect limited data to verify your country at the time of payment:

Data We Collect for Country Verification:

• 1. PayPal Billing Country (Most trusted signal):
  • After payment, we receive your billing country code from PayPal (e.g., "DE" for Germany)
  • PayPal verifies billing data independently, making this the most reliable signal
  • For US users: we also receive the state/region code (e.g., "CA" for California) for state-level tax compliance
  • We do NOT receive or store your street address, city, postal code, or other billing details
• 2. IP Address Geolocation (Secondary signal):
  • We process your IP address through MaxMind GeoLite2 database to detect your country at the time of checkout/renewal
  • Important: Your raw IP address is immediately hashed (SHA-256) and stored alongside the detected country code. The raw IP is never stored — only the irreversible hash.
  • Accuracy: ~95% at country level (city-level data NOT collected)
  • Note: IP geolocation may differ from your actual location if you use a VPN or corporate network
• 3. Self-Declaration (Tie-breaker):
  • During checkout, you may select your country from a dropdown
  • Used as a tie-breaker when PayPal billing and IP geolocation disagree
  • Stored: Country code only (e.g., "DE" for Germany)

How We Use This Data (3-Level Verification):

Important: The final country used for tax purposes is determined by combining all available signals. PayPal billing country is treated as the most reliable source, since it is independently verified by PayPal. If all three sources disagree, PayPal billing takes precedence. Per EU VAT rules, this reflects your country at the time of payment — not your tax residency.

1. High confidence: Multiple sources agree on the same country
2. Medium confidence: Only one source available, or you previously confirmed after a discrepancy
3. Low confidence / Discrepancy: PayPal and IP disagree — your self-declared country is used as tie-breaker, or we ask you to review
4. User confirmation: If you confirm your country after a discrepancy warning, confidence is set to "high" and your choice is final

Privacy Protections:

• ✅ We do NOT store your raw IP address — only an irreversible SHA-256 hash and country code
• ✅ We do NOT store your billing address or personal details
• ✅ Country verification happens only during subscription checkout/renewal
• ✅ You can request deletion of country verification data at any time
• ✅ All verification data is encrypted in transit and at rest

What Country Data We Store:

Tax Calculation Example:

• Before €10,000 threshold: No tax applied (e.g., €5.99/month)
• After €10,000 threshold: VAT applied based on country rate (e.g., €5.99 + €1.14 VAT = €7.13/month for Germany)
• Transparency: You will see the exact tax amount before confirming payment

Your Rights Regarding Tax Data:

• Right to Access: Request a copy of your stored country verification data
• Right to Correction: Correct your country if verification was incorrect
• Right to Deletion: Request deletion of tax-related data (may affect subscription status)
• Right to Explanation: Understand how we determined your country and tax rate

4. Data Sharing and Third Parties

We share minimal information with the following third-party services necessary to provide our service:

We do NOT:

• Sell your personal information to third parties
• Share your personal information for advertising purposes
• Share copyrighted content with third parties (only metadata like song titles)
• Give third parties access to your payment information

5. Data Storage and Security

5.1. We use industry-standard security measures to protect your data.

5.2. Data is encrypted in transit using HTTPS/TLS.

5.3. Subscription data is stored in Firebase with appropriate security rules.

5.4. We retain your data only as long as necessary to provide the service or as required by law.

6. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable format
• Opt-out: Unsubscribe from promotional communications
• Withdraw Consent: Withdraw consent for data processing at any time

7. Data Retention

• Active Accounts: Data retained while account is active
• Canceled Subscriptions: Subscription data retained for 90 days after cancellation
• Uninstalled Extension: Usage data retained for up to 1 year for analytics
• Legal Requirements: Some data may be retained longer if required by law

8. Browser Local Storage

8.1 What We Store Locally in Your Browser

The Extension uses your browser's local storage (on YOUR device only) to enhance user experience:

• User Preferences:
  • Language choice
  • Selected AI characters
  • Extension settings
• Song Lyrics Cache (Performance Optimization):
  • What: Song lyrics text (retrieved from public sources)
  • Why: When you request summaries from different characters for the same song, we can generate them instantly without searching for lyrics again
  • What's cached: Song title, artist name, and lyrics text
  • Where: ONLY on YOUR device, never on our servers
  • How long: ~30 days (browser default expiration)
  • Purpose: Used solely for generating AI summaries - not redistributed or shared
• Session Data: Currently playing song information (temporary)

8.2 Your Control Over Local Data

You have full control over locally stored data and can clear it anytime:

• Use "Clear Cache" button in the Extension (if available)
• Clear browser storage in Chrome Settings → Privacy and Security → Clear Browsing Data
• Uninstall the Extension (removes all local data)

8.3 No Tracking or Cookies

We do NOT use:

• Tracking cookies for advertising
• Cross-site tracking
• Analytics cookies to track your browsing
• Third-party advertising cookies

9. Children's Privacy

The Extension is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

The Extension is operated from Kazakhstan. Your information may be transferred to and processed in countries other than your country of residence, including but not limited to:

• Google Cloud / Firebase (United States) - for user authentication, subscription management, and country verification data storage
• Google AI services (United States) - for AI processing of song metadata
• MaxMind GeoLite2 Database (Self-hosted) - IP geolocation processing (database updated monthly, IP addresses NOT stored)
• Payment processors (PayPal) - depending on their infrastructure (varies by region)

We ensure appropriate safeguards are in place for such transfers, including:

• Using services that comply with GDPR (Google Cloud, Firebase)
• Encryption in transit (HTTPS/TLS) and at rest
• Minimal data collection principle (only necessary data)
• Raw IP addresses never stored (only irreversible SHA-256 hashes and country codes retained)
• Standard Contractual Clauses (SCCs) for EU data transfers where applicable

10.1 MaxMind GeoLite2 Attribution

This service uses the GeoLite2 database created by MaxMind, available from https://www.maxmind.com. The database is used solely for country-level geolocation (NOT city or precise location) to comply with tax regulations. Raw IP addresses are immediately hashed (SHA-256) after processing; only the hash and detected country code are stored.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via:

• Extension notification
• Email (if provided)
• Updated "Last Updated" date on this page

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access and delete personal information
• Right to non-discrimination for exercising your rights

13. GDPR Compliance (EU Users)

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: Consent and contractual necessity
• Right to lodge a complaint with supervisory authority
• Right to data portability
• Right to restrict processing

14. Copyright and Content Policy

Our Commitment to Copyright Compliance:

What We Do NOT Do (Server-Side):

• We do NOT store copyrighted music content on our servers
• We do NOT store song lyrics or copyrighted text on our servers
• We do NOT redistribute or share copyrighted content
• We do NOT transmit copyrighted content to third parties (except metadata for AI processing)

What Happens in Your Browser (Client-Side):

• Local Cache for Performance: Song lyrics are temporarily cached in YOUR browser's local storage
  • Purpose: When you request summaries from different characters for the same song, we can generate them instantly without searching for lyrics again (better user experience)
  • What's cached: Song metadata (title, artist) + lyrics text (retrieved from public sources)
  • Usage: Used ONLY for generating AI summaries - NOT redistributed, shared, or transmitted to third parties
  • Location: ONLY on your device, never transmitted to our servers
  • Retention: ~30 days (browser default), can be cleared anytime by you
  • Legal Basis: Temporary browser caching for performance optimization, similar to standard web browser caching
  • Your Access Rights: You access lyrics through platforms where you have legal access (YouTube Music, etc.). Cache operates within your existing access rights.

Data Access Methodology:

The Extension accesses publicly available data using only standard browser features:

• W3C Standard APIs: Uses PerformanceObserver and Fetch APIs (equivalent to Chrome DevTools functionality)
• User Action Automation: Automates actions you could perform manually (clicking buttons, viewing network requests in DevTools)
• No Circumvention: Does NOT bypass technical protection measures, DRM, or access controls
• Session-Based: Works only within your authenticated browser session (not server-side scraping)
• Transparent Bot Identity: When searching for lyrics via web sources (fallback only), we identify ourselves honestly as "MusicSummaryBot/1.0" with contact information, allowing websites to control access via robots.txt if desired

📖 For detailed technical and legal explanation, see: Legal Compliance & Data Access Methodology

Our Original Content:

• We generate ORIGINAL AI commentary (transformative content for entertainment and language learning)
• We only send publicly available metadata (song titles, artist names) to AI services
• All music content remains on YouTube Music platform where users have legal access

DMCA Compliance:

We respect DMCA and will promptly address any copyright concerns. If you believe the Extension infringes your copyright, please contact us at ytmusicsummary@gmail.com with details.

15. Contact Us

Home | Terms of Service | Legal Compliance | Refund Policy | Pricing