Privacy, deletion, billing, takedown, or API questions: [email protected].
Cookies and similar technologies
__Host-ysf_guest_session: signed guest workspace cookie. HttpOnly, Secure in production, SameSite=Lax, path=/, 7-day lifetime.
__Host-ysf_account_remember: issued after you sign in with Google so you stay signed in across visits. HttpOnly, Secure in production, SameSite=Lax, path=/, 30-day lifetime, rotates after 7 days of use.
cf_dfp: a SHA-256 hash of browser signals (canvas rendering, WebGL renderer, screen, timezone, language) used only as an anti-abuse signal. Readable by browser scripts, SameSite=Lax, 30-day browser lifetime; the server-side abuse record is swept after 90 days.
Cloudflare edge cookies such as __cf_bm or cf_clearance may additionally be set by Cloudflare's bot-management and challenge layer when traffic is proxied through Cloudflare.
What marly.studio collects
Cookies and similar identifiers (listed above) used to keep you signed in, persist login across sessions, and surface abuse signals. marly.studio does not use any advertising or cross-site tracking cookies.
Server-side remember-token records are stored as hashes, pruned when expired, and capped per account so old sign-in devices do not accumulate indefinitely.
If you connect Google, account identifiers such as your Google subject ID, email address, email verification state, and basic profile fields returned during sign-in.
If you authorize YouTube publishing, an encrypted Google refresh token, the granted Google scope list, and the YouTube channel IDs and channel names returned for your account.
If you create agent tokens, hashed bearer-token grants including the display name you choose, selected scopes, audience, token prefix and suffix, expiry and revocation timestamps, last-used route, and last-used IP and user-agent hashes used for abuse monitoring and token management. The full raw token is shown once at creation and is not stored.
Uploaded videos or submitted source URLs, source titles or names, platform hints, server-side import probe and download metadata such as duration, uploader, dimensions, chapter or heatmap availability, generated clips, clip titles and descriptions, transcripts, scheduling metadata, and related processing records needed to run the service.
Diagnostic LLM traces when trace persistence is enabled, including prompt and response excerpts derived from transcripts, source titles, source URLs, engagement summaries, model or provider IDs, attempt metadata, and errors.
Billing and payment records such as Stripe customer, checkout, portal, subscription, price, webhook event, one-time support payment, charge, refund, and dispute identifiers or audit references when paid plans or optional support payments are enabled.
Operational and security data such as rate-limit keys, hashed IP and browser fingerprint signals, login events, revocation markers, audit events, failure reasons, short diagnostic snippets, object keys or source URLs needed for debugging, and feedback submissions.
How marly.studio uses that information
Authenticate users and persist a workspace across devices.
Ingest uploaded videos or submitted source URLs, probe and fetch importable media with server-side import tooling, generate clips, queue jobs, play outputs back in the app, and support optional direct publishing to YouTube.
Fetch the user's own YouTube channel list after explicit authorization so the app can target the correct channel, and, when channel automation is enabled, discover videos from the connected channel's uploads playlist.
Process paid-plan billing, subscription changes, and optional one-time support payments through Stripe when those flows are enabled.
Prevent abuse, investigate incidents, monitor system health, troubleshoot failures, and keep short-lived diagnostic traces when configured.
How marly.studio protects sensitive data
Stored Google refresh tokens are encrypted at rest before they are written to marly.studio's database.
In production, marly.studio is served over HTTPS and uses secure, HttpOnly, SameSite session cookies to protect authenticated sessions.
Access to connected-channel records, jobs, source media, and generated clips is restricted to the authenticated workspace that owns them.
Agent bearer tokens are stored as hashes with scoped permissions; raw token values cannot be recovered after creation and can be revoked from Settings.
Account-changing requests are protected with trusted-origin checks, CSRF validation, signed session cookies, and rate limits.
Operational abuse and sign-in monitoring uses hashed IP and browser-fingerprint signals instead of storing those values in raw form for those controls.
Authorized media access links are signed, short-lived, and served with private no-store cache controls.
Disconnecting Google or deleting an account removes stored Google OAuth credentials and connected-channel records used for YouTube features. marly.studio attempts Google token revocation as part of those flows and may report a failure if the external cleanup step cannot be completed.
Data retention and deletion
Google account identity data, granted scopes, and connected-channel records are kept while the workspace and the Google or YouTube connection remain active.
YouTube-derived metadata used for channel automation is retained only while the related connection remains active.
Agent-token grant records are kept while the account exists. Revoked or expired grant metadata remains as an operational security record, including the last-used route plus hashed last-use IP and user-agent metadata.
Uploaded source objects are normally deleted after successful processing and completed output upload; abandoned pending uploads are recovered and cleaned by the worker's abandoned-upload sweep.
Generated clip media and related output artifacts are retained for a limited rolling period, configured for up to seven days in normal operation, before expired artifacts are swept from object storage.
Diagnostic LLM trace rows, when enabled, are retained for a short operational window, configured for up to seven days in normal operation.
Rate-limit and browser-fingerprint records have operational expiry windows. Security, audit, billing, dispute, abuse-prevention, login, revocation, and similar integrity records may be retained as long as needed for those purposes, legal compliance, debugging, or dispute handling.
You can delete your marly.studio account from the Danger Zone at the bottom of Settings. Account deletion starts removal of the app account and workspace data, attempts required Google and billing cleanup, and queues associated object-storage purges where needed. Media object deletion may complete asynchronously through the purge retry queue, and failed purge work may require operational follow-up. If your account is flagged or suspended so the in-app button is disabled, email [email protected] and we will handle the request manually. Some security, audit, billing, dispute, or legal-compliance records may be retained as described above.
Google and YouTube data
Google login is separate from YouTube publishing. Basic sign-in uses identity scopes; the broader YouTube scopes are requested only when the user authorizes YouTube features.
marly.studio requests the following Google and YouTube OAuth scopes:
openid, email, profile: to identify you at sign-in and keep your workspace attached to your Google account.
https://www.googleapis.com/auth/youtube.readonly: requested only when you authorize YouTube, to list the channels on your Google account so marly.studio can target the right channel, and, if you enable channel automation, to discover videos from the connected channel's uploads playlist and read video metadata or status needed for scheduling and filtering.
https://www.googleapis.com/auth/youtube.upload: requested only when you authorize YouTube, and used only for clips you explicitly choose to publish or clips auto-published under channel automation settings you enable.
marly.studio uses Google API data for sign-in, channel lookup, optional publishing, channel automation that the user enables, and the status, audit, troubleshooting, and abuse-prevention records needed to operate those features. marly.studio does not sell Google API data or use it for advertising.
marly.studio is operated by a very small team. Human access to Google user data is limited to support requests with your consent, security or abuse investigations, billing or dispute handling, operational debugging where necessary, aggregated or anonymized review, and legal compliance. For example, when reviewing a suspected abuse pattern,marly.studio's internal admin dashboard may surface the email addresses of linked accounts to the operator.
If you disconnect Google inside marly.studio, the app removes stored Google refresh-token credentials and connected-channel records used for YouTube publishing. You can also revoke access from your Google account permissions, opens in a new tab.
How information is shared
Google and YouTube APIs: for sign-in, for listing your YouTube channels when you authorize YouTube access, for discovering uploads from connected channels when you enable channel automation, and for uploading clips you choose to publish manually or auto-publish under channel automation settings you enable.
Stripe: for subscription checkout, billing, customer portal, webhook synchronization, subscription management, optional one-time support payments, and billing-dispute handling. For subscription billing, Stripe receives account email plus internal account, actor, plan, and metadata identifiers needed to reconcile billing. For support payments, Stripe receives the selected support amount and bounded session or payment metadata. Stripe handles payment details directly on its own surfaces; marly.studio never stores card numbers.
Cloudflare: for DNS and content delivery, for object storage (Cloudflare R2) of uploaded videos, generated clips, and encrypted offsite database backups when backup storage is configured, and for outbound egress proxying (Cloudflare Warp or regional proxy paths) that the worker can use when fetching imported videos. Cloudflare Web Analytics may also be enabled at the Cloudflare edge.
OpenRouter (and, through it, the OpenAI-compatible inference providers and downstream model infrastructure it routes to, such as DeepInfra): used for AI analysis that finds interesting moments. It receives transcript text, video title, and engagement-signal summaries for each analyzed chunk. Request payloads are designed not to include your email, account ID, or IP address. We may change or add OpenAI-compatible inference providers over time.
Remote transcription providers such as Soniox or Groq: used only when a provider is configured and local transcription is overloaded or unsuitable for a given job. When invoked, the provider receives the extracted audio track of your upload or imported video, transcription parameters such as model, language, or timestamp granularity, and any configured transcription prompt. Request payloads are designed not to include your email, account ID, or IP address. When Soniox is used, marly.studio asks Soniox to delete both the audio and the transcription record after use.
Video import providers and platform endpoints: submitted source URLs may be probed and fetched server-side with yt-dlp and related provider-specific import helpers, including YouTube POT, API, or worker-managed cookie fallback paths when configured.
Discord: the in-app Feedback widget posts the text you write (and any contact string you voluntarily add) to a private Discord channel. Separate ops Discord channels may receive automatic job, publish, backup, digest, and failure alerts containing internal identifiers, source or clip titles, status and failure reasons, redacted or hashed object-storage references where configured, and resulting YouTube watch URLs, but they are configured not to receive your email.
Sentry: error, trace, and log monitoring when a DSN is configured. Browser replay recording is disabled; client, server, edge, and worker events are configured not to send default PII, and request cookies, headers, body data, and query strings are stripped before events are sent.
Self-hosted infrastructure (our reverse proxy, application server, worker, and PostgreSQL database) used to run the service itself. User data held on that infrastructure is not transferred to third parties beyond those listed here.
marly.studio does not transfer or disclose Google user data to third parties for purposes other than providing the requested service, protecting the service, or using the infrastructure and processing providers described on this page.
marly.studio does not sell personal information or Google API data for advertising.
Where marly.studio runs
marly.studio's primary application infrastructure (web, worker, PostgreSQL database) runs on self-managed VPS infrastructure. The deployment region may change as the service is moved for latency, reliability, capacity, or provider reasons.
Object storage (Cloudflare R2) is distributed across Cloudflare's global edge; no specific region is pinned.
Third-party processors named above (Google, Stripe, OpenRouter, Soniox, Groq, Discord, Sentry, Cloudflare) are primarily based in the United States or operate on global infrastructure.
marly.studio is operated from New Zealand. New Zealand residents may contact us to exercise access, correction, or deletion rights under the Privacy Act 2020; residents of other jurisdictions with applicable privacy rights (for example, the EU/UK GDPR or California's CCPA) may also contact us to exercise those rights.
Terms of Service
Using the service
By using marly.studio, you agree to these terms.
You must have the rights, permissions, and legal authority to upload, import, process, schedule, publish, and distribute the videos and other content you submit.
You may not use the service to violate copyright, privacy, publicity, platform rules, or applicable law.
If you use Google or YouTube features, you remain responsible for complying with Google's policies, the YouTube Terms of Service, and YouTube Community Guidelines.
marly.studio may rate-limit, suspend, terminate, or refuse service for abuse, fraud, excessive automated activity, payment disputes, platform-policy violations, unlawful use, security risk, or other harmful behavior.
Paid plans, if enabled, are processed through Stripe. Payment terms, renewals, and billing disputes are also subject to Stripe's checkout and billing surfaces.
Optional one-time support payments, if enabled, are processed through Stripe and do not change plan, quota, access, or support-level entitlement. Billing, cancellation, refund, takedown, or rights complaints can be sent to [email protected].
The product may change, be interrupted, or be removed at any time. The service is provided on an as-is and as-available basis without uptime, moderation, or publication guarantees.
marly.studio is an independent service and is not affiliated with, endorsed by, or sponsored by YouTube, Google, or any other third-party platform. YouTube, Google, and the logos of any other third-party services referenced on this page are trademarks of their respective owners.
Questions or complaints about this page or marly.studio's privacy practices can be sent to [email protected].