Privacy Policy

Last updated: March 2026

1. Introduction

AGROMAR PROD SRL ("we", "us", "our") operates Sumly ("Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service. By using Sumly, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Information you provide:

  • Email address and name when you create an account
  • Payment information (processed securely by Stripe — we do not store card details)
  • YouTube URLs you submit for summarization

Information collected automatically:

  • IP address (used for rate limiting and abuse prevention)
  • Usage data including number of summaries generated and plan type
  • Summary history associated with your account

3. How We Use Your Information

  • To provide and operate the Service
  • To manage your account and subscription
  • To enforce usage limits and prevent abuse of free trials
  • To improve the Service and fix issues
  • To send transactional emails related to your account (e.g. billing)
  • To comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate Sumly:

  • Supabase — stores your account data, usage history, and summaries securely
  • OpenAI — processes video transcripts to generate AI summaries. Transcripts are sent to OpenAI's API and are subject to OpenAI's Privacy Policy
  • Stripe — handles payment processing. Card data never touches our servers and is governed by Stripe's Privacy Policy

5. Data Retention

We retain your account data for as long as your account is active. Generated summaries are cached to improve performance and reduce costs. If you delete your account, your personal data is removed from our systems within 30 days, except where retention is required by law.

6. Cookies

We use session cookies strictly necessary for authentication. We do not use tracking cookies or advertising cookies. By using the Service, you consent to the use of authentication cookies.

7. Your Rights (GDPR)

As a user based in the European Union or Romania, you have the following rights under GDPR:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to certain types of data processing

To exercise any of these rights, contact us at viralpersona@gmail.com.

8. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS), secure authentication via Supabase Auth, and row-level security on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, contact us at viralpersona@gmail.com or write to: AGROMAR PROD SRL, Romania.