This Privacy Policy explains how Warmer Digital LLC ("Warmer Digital," "we," "us," or
"our") collects, uses, stores, shares, and protects information. It covers visitors to our
website, prospective and active clients, and the data processed by the services we operate on a
client's behalf — including our Rio content pipeline and our use of YouTube API Services.
If you do not agree with this policy, please do not use our website or services.
01 Who we are
Warmer Digital LLC is a marketing and automation studio based in Bend, Oregon. We build SEO
and content-publishing systems for clients, and we operate those systems on their behalf under
written agreement. For data we process on behalf of a client (for example, their YouTube channel
content), the client is the data controller and Warmer Digital LLC acts as their service provider
/ processor.
02 Information we collect
From website visitors
- Information you submit voluntarily — such as your name, email address, and message when you
use a contact form or email us.
- Standard server log data — IP address, browser/user-agent, and timestamps — kept for
security and troubleshooting.
From clients (under a service agreement)
- Account and billing details needed to deliver the service.
- Access we are explicitly granted to the client's own platforms — for example, a YouTube
channel (see Section 4), a website, or content stored in tools like Google Drive — strictly
to perform the agreed work.
- Content the client provides or asks us to process — video transcripts, draft posts, titles,
descriptions, tags, and similar material.
03 The Rio content pipeline
"Rio" is our content-publishing system. When a client engages it, Rio turns existing source
content (such as a YouTube video) into publish-ready drafts. Nothing is published or changed on
any of the client's accounts without a human reviewing and approving it first.
What data moves through the pipeline, step by step:
- Read the source. We retrieve the source content — for a video, that
means its publicly available transcript/captions and its metadata (title, description,
tags).
- Generate drafts. The source text is sent to a third-party large language
model (LLM) provider, accessed through OpenRouter, to draft a blog post, social copy, and
optimized metadata. This means the source content is transmitted to and processed by that
AI provider. We do not authorize these providers to train their models on this data, and we
use providers whose terms support that.
- Orchestrate. These steps run inside an automation tool (n8n) that we host
and control. Credentials used by the pipeline are stored encrypted in the automation tool's
credential store, never in plain text and never in our code repositories.
- Human approval gate. Drafts are held for review. A person must Approve,
Hold, or request a Rewrite. Only approved items move forward.
- Publish or apply. Once approved, the result may be published to a blog or
applied to the source platform — for YouTube, see Section 4.
Third-party AI processing, stated plainly: content you route through Rio is
shared with the AI providers listed in Section 6 solely to produce the drafts you asked for. We
do not sell this content, and we do not use it for advertising. We run an editorial review on
output before anything goes live.
04 YouTube API Services
For clients who ask us to optimize their YouTube content, our application uses
YouTube API Services. By using that part of our service, the client also agrees
to be bound by the
YouTube Terms of Service,
and all use of YouTube data is also subject to the
Google Privacy Policy.
What we access, and why
| What we access | Why |
|---|
| A video's existing title, description, and tags | To read current metadata so an optimized version can be proposed (we read first, then modify, so nothing is unintentionally cleared) |
| Update of title, description, and tags | To apply an approved, SEO-optimized version to the video |
| Custom thumbnail upload | To set an approved thumbnail |
| Caption upload/update | To add or improve captions where requested |
The authorization scope we request
We request a single Google authorization scope,
youtube.force-ssl, which is the minimum scope needed to update video metadata,
thumbnails, and captions. We do not request access to Gmail, Drive, or any other Google service
through this connection.
How the connection is stored and used
- When a client connects their channel, Google issues us a refresh token.
We store it encrypted at rest, never display it, and never commit it to a
code repository. One token is stored per connected channel.
- We use the connection only to perform the work the client approved.
Nothing is written to a client's channel without their explicit, per-item approval.
- We do not use YouTube data for advertising, we do not sell it, and we do not transfer it to
third parties except the subprocessors in Section 6 that are necessary to deliver the
service.
Revoking our access to YouTube data
A client can revoke our access at any time through the Google security settings page at
myaccount.google.com/permissions.
Revoking access immediately stops our ability to read or write that channel's data. A client may
also email us (Section 13) to request that we delete the stored token.
Limited Use disclosure. Warmer Digital LLC's use and transfer of information
received from Google APIs to any other app will adhere to the
Google API Services User Data Policy,
including the Limited Use requirements. We only use Google user data to provide and improve the
user-facing features described in this policy; we do not transfer or sell it for other purposes.
05 How we use information
- To deliver, operate, and improve the services a client has engaged us for.
- To respond to inquiries and communicate about our services.
- To secure our systems, prevent abuse, and meet legal obligations.
We do not sell personal information.
06 Who we share information with
We use a small set of service providers to operate. Each receives only the data needed for its
function.
| Provider | Purpose | Data involved |
|---|
| Google / YouTube | YouTube API Services (read/update video metadata, thumbnails, captions) | Channel and video data the client authorized |
| OpenRouter and the AI model providers it routes to (for example, Anthropic) | Generate content drafts and optimized metadata | Source transcripts and text submitted for drafting |
| Web and automation hosting (our cPanel host and the servers running our n8n automation) | Run the website and the content pipeline | Site data; encrypted pipeline credentials |
We may also disclose information if required by law, to protect our rights, or in connection
with a business transfer. We do not authorize our AI subprocessors to use client content to train
their models.
07 Data retention
- OAuth tokens: kept only while the client's engagement is active. Deleted
when the engagement ends or on request, and immediately invalid once the client revokes
access in Google.
- Content drafts and source material: kept for the duration of the
engagement to deliver and revise the work, then deleted on request or within a reasonable
period after the engagement ends.
- Contact and server-log data: kept only as long as needed for the purpose
it was collected or as required by law.
08 How we protect data
- Credentials and tokens are encrypted at rest and excluded from code repositories.
- Access follows least privilege — we request the narrowest scope that does the job.
- Connections to third-party APIs use encrypted (HTTPS/TLS) transport.
- No system is perfectly secure, but we take reasonable measures appropriate to the data we
handle.
09 Your choices and how to revoke access
- Revoke Google/YouTube access any time at
myaccount.google.com/permissions.
- Access, correct, or delete your information by emailing us (Section 13).
- Opt out of communications by replying to ask us to stop, or using any
unsubscribe link.
Depending on where you live, you may have additional rights under laws such as the GDPR or
CCPA. Contact us to exercise them.
10 Cookies and analytics
Our website is a static site and does not set advertising or cross-site tracking cookies.
If we add basic, privacy-respecting analytics in the future, we will update this section to say
what we collect and why.
11 Children's privacy
Our services are intended for businesses and adults. We do not knowingly collect personal
information from children under 13 (or the minimum age in your jurisdiction). If you believe a
child has provided us information, contact us and we will delete it.
12 Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date
above. Material changes will be made clear on this page.
Questions, requests, or token-deletion requests: