Privacy Policy

Last Updated: June 2025

Table of Contents

1. Introduction 2. Data Protection Contact 3. Information We Collect 4. How We Use Your Information and Legal Bases 5. How We Share Your Information 6. Cookies and Tracking Technologies 7. International Data Transfers
8. Data Retention 9. Your Data Protection Rights 10. California Privacy Rights (CCPA/CPRA) 11. Security of Your Information 12. Children's Privacy 13. Changes to This Privacy Policy 14. Contact Us

1. Introduction

This Privacy Policy sets forth how L-CH3 LIMITED, trading as Heckle ("Heckle," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with our services. This Policy applies to users ("you," "your") of our Software-as-a-Service platform that provides YouTube comment analysis (the "Service"), our website located at heckle.tech, and any related services we may offer.

L-CH3 LIMITED is a company incorporated in England and Wales with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are committed to protecting your privacy and ensuring that your personal data is processed in accordance with applicable data protection laws and regulations.

For the purposes of the UK GDPR and EU GDPR, L-CH3 LIMITED serves as Data Controller for user account information. For YouTube comments and associated data autonomously collected by our Service on behalf of channel owners, the YouTuber (channel owner) is the Data Controller of this content. L-CH3 acts exclusively as a Data Processor when handling YouTube comment data under the YouTuber's instructions.

2. Data Protection Contact

For inquiries regarding this Privacy Policy, our data protection practices, or to exercise your data protection rights under applicable law, please contact us using the information provided below:

Contact Information

We have appointed a dedicated lead for privacy inquiries who can be reached at [email protected]

3. Information We Collect

We collect information about you in various ways when you use our Service:

(a) Information You Provide Directly to Us:

  • Account Information: When you register for a Heckle account, we collect your email address. You may optionally provide your first and last name.
  • Team Member Information: If you add team members to your account, we collect the email addresses of these team members.
  • Payment Information: When you subscribe to our paid plans, our third-party payment processor, Stripe, will collect and process your payment details (e.g., credit card information, billing address). Heckle does not directly store your full payment card details. We may have access to information such as the last four digits of your card, card type, expiry date, and billing history, as provided by Stripe.
  • Communications: If you contact us directly (e.g., via email for support or privacy inquiries), we will collect your name, email address, and the content of your communications, as well as any other information you choose to provide.

(b) Information Processed on Your Behalf (Heckle as Data Processor):

YouTube Channel Data: To provide the Service, we access and process data from your connected YouTube channel(s) via the YouTube API. This includes:

  • Video comments (comment text, commenter's YouTube username/handle, timestamp, like count, reply threads)
  • Video metadata (e.g., closed captions, description)
  • Information about the YouTube creator (e.g., channel name)

Heckle uses this data to provide AI-driven analysis, including sentiment, emotion, entity recognition, and theme/topic aggregation. Raw comment data is stored for up to 30 days for processing and is then refreshed. The insights derived can be linked back to individual comments for your review within the Service. You, as the YouTuber and Data Controller, are responsible for ensuring you have the necessary rights, permissions, and legal bases (including compliance with YouTube's Terms of Service and applicable privacy laws) to allow Heckle to process this data on your behalf.

(c) Information We Collect Automatically (Usage and Cookie Data):

  • Usage Data: When you interact with our Service, we automatically collect certain information about your use of the Service. This includes features you use, pages you visit, clicks, interactions, and other activity on the Heckle platform. This data is collected using analytics tools like Google Analytics and Microsoft Clarity.
  • Cookies and Similar Tracking Technologies: We and our third-party partners use cookies and similar tracking technologies (e.g., web beacons, pixels) to collect information about your browsing activities over time and across different websites following your use of our Service. This helps us operate and improve our Service, understand user preferences, and for analytics purposes.
    • Essential Cookies: Necessary for the website and Service to function (e.g., authentication, session management)
    • Analytics Cookies (e.g., Google Analytics, Microsoft Clarity): Help us understand how users engage with our Service, such as which features are popular, to improve user experience and service functionality
    • Functional Cookies (e.g., Intercom): Used to provide enhanced functionality like customer support chat and remember your preferences

4. How We Use Your Information and Legal Bases for Processing (EEA/UK)

We use your personal information for the following purposes, with the corresponding legal bases:

Purpose Personal Data Categories Involved Legal Basis (EEA/UK)
To Provide and Manage Your Account and the Service Account Information, Team Member Information Performance of a Contract: Necessary to fulfill our contractual obligations to provide the Service you requested.
To Process Payments Payment Information (via Stripe) Performance of a Contract: Necessary to process your subscription payments.
To Communicate with You (Service updates, payment notifications, responding to inquiries) Account Information, Communications Performance of a Contract: For essential service-related communications. Legitimate Interests: To respond to your inquiries and provide support.
To Provide Collaborative Features (e.g., team members seeing who wrote a note) First and Last Name (optional), Team Member Email Legitimate Interests: To provide collaborative functionalities as part of the Service.
To Analyze YouTube Comments (as a Data Processor) Providing insights to you. YouTube Channel Data (comments, metadata, creator info) Processing on behalf of the Controller (You): We process this data based on your instruction and our contractual agreement with you.
To Improve and Optimize Our Service (Analyzing usage patterns, troubleshooting, developing new features) Usage Data, Cookie Data Legitimate Interests: To understand how our Service is used, maintain its functionality, and develop and improve our offerings. Consent may be used for certain analytics cookies where required.
For Security and Fraud Prevention Account Information, Usage Data Legitimate Interests: To protect our Service, users, and detect/prevent fraudulent activity or security incidents.
For Marketing Our Services (Future Use) (e.g., newsletters, new feature announcements) Account Information (Email, Name if provided) Legitimate Interests: For marketing similar services to existing customers (with an opt-out option). Consent: For prospective customers or where otherwise required by law.
To Comply with Legal Obligations Account Information, Payment Information, other relevant data Legal Obligation: To comply with applicable laws, regulations, court orders, or other legal processes (e.g., tax and accounting requirements).

Where we rely on legitimate interests, we have balanced these against your rights and freedoms and have determined that our interests are not overridden by your interests or fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 9).

5. How We Share Your Information

We do not sell your personal information. We may share your personal information with the following categories of third parties for the purposes described in this Policy:

  • Payment Processors: We share payment information with Stripe, Inc. to process your subscription payments. Stripe acts as an independent controller for its processing of your payment data.
  • Cloud Hosting Providers: Our Service infrastructure, including storage for your account data and processed YouTube data, is hosted on Google Cloud Platform (GCP).
  • Customer Support & Engagement Platforms: We use Intercom, Inc. to provide customer support (e.g., in-app chat, email support) and for sales engagement. This may involve sharing your account information (name, email) and communication content with Intercom.
  • Analytics and Session Replay Providers:
    • Google Analytics helps us understand usage of our Service.
    • Microsoft Clarity helps us understand user interactions on our platform through session replay and heatmaps for service optimization.
  • Legal and Regulatory Authorities: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is reasonably necessary to (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our Service; or (v) exercise or protect the rights and safety of Heckle, our users, personnel, or others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event.

When we share data with third-party service providers acting as our processors, we have contractual agreements in place requiring them to protect your personal information and only process it for the specific purposes for which we provide it to them.

6. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information on the cookies we use, their purposes, and how you can manage your cookie preferences (including opting out of non-essential cookies), please see our Cookie Policy. We will obtain your consent for the use of non-essential cookies where required by applicable law (e.g., through a cookie consent banner for users in the EEA/UK).

7. International Data Transfers

Your personal information may be transferred to, stored, and processed in countries other than the country in which you reside, including the United States, where our third-party service providers (such as Stripe, Google Cloud Platform, Intercom, Microsoft Clarity, Google Analytics) are located or operate servers. These countries may have data protection laws that are different from the laws of your country.

For transfers of personal data from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on appropriate transfer mechanisms, such as:

  • The European Commission's Standard Contractual Clauses (SCCs), supplemented by the UK International Data Transfer Agreement (IDTA) or UK Addendum where applicable.
  • Adequacy decisions adopted by the European Commission or the UK Government.

We conduct Transfer Impact Assessments (TIAs) where required to ensure that an equivalent level of protection is afforded to your data when transferred internationally. By using our Service, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

8. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to resolve disputes.

  • Account Information (email, name if provided): Retained for as long as your account is active. If your account becomes inactive, we may delete it after 12 months of inactivity. Upon account deletion, this data will be deleted within a reasonable timeframe (e.g., 30-90 days to allow for backup cycles), subject to any legal obligations.
  • Payment Transaction Data (managed by Stripe, some details accessible to us): Retained for up to 7 years for tax and accounting purposes.
  • Raw YouTube Comment Data (processed on your behalf): Refreshed every 30 days. Older raw data is deleted.
  • Aggregated Insights from YouTube Comments: Retained for as long as your account is active, as these insights are part of the Service provided to you. Upon account deletion, these may be anonymized or deleted.
  • Usage Data (Google Analytics, Microsoft Clarity): Retained according to the retention settings within these platforms (e.g., Google Analytics data may be retained for typically 14-26 months, Microsoft Clarity recordings for up to 12 months).
  • Intercom Chat Logs & Support Communications: Retained for up to 12 months after the interaction, or as long as your account is active if relevant to ongoing support.

We will periodically review the necessity of retaining personal data and will securely delete or anonymize data that is no longer required.

9. Your Data Protection Rights

Depending on your location and applicable law (such as the GDPR/UK GDPR), you may have the following rights regarding your personal information:

  • Right of Access: You can request a copy of the personal information we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal information we hold about you. You can often update some of this information directly in your account settings.
  • Right to Erasure ('Right to be Forgotten'): You can request that we delete your personal information, subject to certain exceptions (e.g., where we are required to retain data by law). You can delete your account via your account settings, which will initiate this process.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal information in certain circumstances (e.g., if you contest the accuracy of the data).
  • Right to Data Portability: You can request to receive your personal information in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller where technically feasible, for data processed based on consent or contract.
  • Right to Object: You can object to the processing of your personal information where we are relying on legitimate interests as our legal basis. You also have the right to object to processing for direct marketing purposes.
  • Right to Withdraw Consent: If we are processing your personal information based on your consent (e.g., for certain cookies or marketing), you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes applicable data protection laws. For UK users, this is the Information Commissioner's Office (ICO).

How to Exercise Your Rights:

To exercise any of these rights (other than account deletion which is available in settings), please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

  • Categories of Personal Information Collected: In the preceding 12 months, we have collected the categories of personal information as described in Section 3 of this Policy, which include:
    • Identifiers (e.g., email address, name if provided, IP address via third-party tools)
    • Customer records information (e.g., payment information via Stripe)
    • Internet or other electronic network activity information (e.g., usage data, cookie data)
    • Commercial information (e.g., records of services purchased)
    • Inferences drawn from any of the above to create a profile about your preferences or characteristics (though Heckle's AI focuses on comment analysis, not user profiling for other purposes)
  • Business or Commercial Purposes for Collecting Personal Information: See Section 4.
  • Categories of Sources of Personal Information: See Section 3 (directly from you, automatically collected, from YouTube APIs).
  • Categories of Third Parties with Whom We Share Personal Information: See Section 5.
  • Sale or Sharing of Personal Information: Heckle does not "sell" your personal information in the traditional sense, nor do we "share" your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. Our use of analytics and support tools like Google Analytics, Microsoft Clarity, and Intercom is for our own service improvement, analytics, and customer support purposes, and we configure these tools where possible to limit their use of data for other purposes.

Your California Rights:

  • Right to Know/Access: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we have shared your information.
  • Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Correct Inaccurate Information: You have the right to request the correction of inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: As we do not sell or share your personal information for cross-context behavioral advertising, an opt-out mechanism is not applicable.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: Heckle does not collect "sensitive personal information" as defined by the CPRA for the purpose of inferring characteristics about you.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us at [email protected]. We will verify your request using the information associated with your account or by requesting additional information necessary to confirm your identity.

11. Security of Your Information

We implement appropriate technical and organizational measures to protect the security of your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Using Firebase Authentication with industry best practices for secure user authentication and authorization.
  • Encryption: Data is encrypted in transit (using TLS 1.2+) and at rest (e.g., using AES-256 or similar standards on our cloud infrastructure).
  • Access Controls: We implement role-based access controls and the principle of least privilege to limit access to personal data to authorized personnel who need it for their job responsibilities.
  • Regular Security Reviews: We periodically review our security policies and procedures to ensure they are up to date.
  • Third-Party Vendor Security: We assess the security practices of our third-party vendors.

While we strive to protect your personal information, no security system is impenetrable, and we cannot guarantee the absolute security of your data.

Data Breach Notification Protocol:

In the event of a personal data breach, Heckle will conduct a prompt assessment to understand the nature and scope of the breach. If the breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority (e.g., the UK ICO) without undue delay, and where feasible, within 72 hours of becoming aware of it. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also communicate the breach to the affected individuals without undue delay, providing information about the likely consequences and measures taken.

12. Children's Privacy

Our Service is not directed to individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. Our Terms of Service require users to be at least 18 years old.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by means of a prominent notice on our website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. The "Last Updated" date at the top of this Policy indicates when it was last revised.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us at:

L-CH3 LIMITED Trading as Heckle

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Email: [email protected]

Support: https://heckle.tech/support

Contact Privacy Team Get Support