Security
Practical, no-nonsense view of how OneTube handles your data. If your IT or security team needs answers we haven't covered here, please reach out via our contact form.
Transport encryption
All traffic to and from onetube.io is encrypted with industry-standard TLS. Plain-HTTP requests are automatically redirected to HTTPS, and HSTS is enabled so your browser stays locked to encrypted connections for a full year. Direct network access to our origin servers is blocked — every connection passes through our edge CDN first.
Data at rest
Account data (your email, hashed password, plan tier, and billing references) is stored using industry-standard encryption at rest. Sensitive values are never written to logs. Database access is restricted to our application servers and not exposed to the public internet.
Payments
Subscription billing is handled by Dodo Payments as our Merchant of Record. Card numbers, CVVs, and billing addresses are handled entirely on Dodo's PCI-compliant infrastructure — they never reach our servers. We only store an opaque customer reference and the subscription state.
Data residency & GDPR
OneTube is operated from the European Union (Slovenia). Production data stays inside the EU. The platform follows GDPR principles for data minimization, lawful basis for processing, and the data-subject rights listed in our Privacy Policy. For data-protection requests (access, deletion, export), submit a ticket through our contact form with subject "GDPR request"; we respond within 30 days.
No data sale, no third-party tracking sale
OneTube does not sell, rent, or otherwise share your data with third parties for advertising or training of external AI models. Comments fed into our AI analysis pipeline are processed for your reports only and are not retained beyond the history window of your plan.
Reporting a vulnerability
If you find a security issue, please report it privately to [email protected] rather than disclosing publicly. We acknowledge reports within 72 hours and aim to fix confirmed issues within 14 days, depending on severity.