YTM Authenticator – Privacy Policy

Last updated: 05 December 2025

1. Introduction

This Privacy Policy describes how the Chrome extension YTM Authenticator (also referred to as YT Music Header Exporter, hereinafter the “Extension”) processes data on your device.

The Extension is designed as a developer debugging tool that allows you to inspect and export authentication headers and cookies used by YouTube Music / YouTube services in your own browser session.

By installing and using the Extension you agree to this Privacy Policy. If you do not agree, you should not install or you should uninstall the Extension.

2. Data Controller

The data controller for the processing activities carried out by the Extension is:

Francesco Rolando
Contact email: ogekuri@gmail.com

3. Scope of this Privacy Policy

This Privacy Policy applies solely to the processing of data performed by the Extension inside your browser. The Extension does not operate any separate backend infrastructure and does not send captured data to external servers.

This document does not cover the data processing activities of YouTube, Google, or any other third party services you interact with while using your browser. For those services, please refer to their respective privacy policies.

4. What data the Extension processes

When active, the Extension listens to certain HTTPS requests made by your browser towards YouTube / YouTube Music domains and locally processes the following categories of data:

• HTTP request headers from specific POST requests to YouTube / YouTube Music “browse” API endpoints, including in particular:

  • Authorization header (authentication token)

  • Cookie header (session cookies and related data)

  • Accept, Content-Type, X-Goog-AuthUser, x-origin and similar technical headers

• Cookies associated with YouTube Music domains (for example https://music.youtube.com) including cookie name, value, domain, path, expiration, security flags and related metadata.

• Technical metadata such as:

  • Timestamp of the capture (e.g. capturedAt)

  • Internal version of the captured bundle (e.g. version)

  • List of source URLs from which cookies were collected

The Extension treats the above information as opaque data and simply bundles it into a JSON structure so that it can be displayed and, on your explicit command, copied to your clipboard.

Although the Extension itself does not “interpret” these values, the headers and cookies may contain personal data, including identifiers associated with your Google account, session tokens, and other data which could be used to access your account if disclosed to third parties.

5. Purposes and legal basis of processing

The Extension processes data solely for the following purposes:

• Debugging and development support: to allow you, as a developer or advanced user, to inspect, copy and reuse authentication headers and cookies of your own YouTube / YouTube Music sessions for legitimate debugging or integration purposes.

The legal bases relied upon for this processing, where applicable privacy laws (such as the EU GDPR or similar regulations) apply, are:

• Performance of a contract: the processing is necessary to provide you with the functionality of the Extension as described.

• Legitimate interest: both you and the developer have a legitimate interest in enabling a secure, transparent debugging workflow without transmitting data to external servers.

6. How and where data is stored

All data processed by the Extension is stored only locally on your device using the browser’s extension storage mechanisms (for example, chrome.storage.local or equivalent).

In particular:

• The Extension captures a bundle containing headers, cookies and metadata and stores it locally so that it can be displayed in the Extension’s popup interface as JSON.

• No server managed by the developer receives the captured headers or cookies. The developer has no direct technical access to this data unless you choose to export and send it yourself.

• A new capture will normally overwrite the previous bundle in local storage, rather than creating an unlimited historical log.

7. Data sharing and transfer

The Extension does not automatically transmit your headers, cookies or any other captured data to the developer or to any third party service.

However, the Extension offers a “copy JSON” feature that, on your explicit request, copies the captured bundle (including authentication cookies and tokens) into your system clipboard. Once the data is in your clipboard:

• Other applications on your device may access the clipboard contents according to your operating system’s security model.

• You may paste or send the JSON to external tools, services, or individuals. In that case, the use of your data is governed by the privacy policies and practices of those third parties.

You are solely responsible for any voluntary sharing of the exported JSON with third parties and for configuring any downstream tools in accordance with applicable laws and terms of service.

8. Cookies and similar technologies

The Extension does not inject tracking cookies or tracking scripts into websites. Instead, it reads certain cookies that have been set by YouTube / Google on your browser in the normal course of your browsing session, and includes them in the locally stored JSON bundle.

The way in which YouTube / Google use cookies and similar technologies on their own sites is governed exclusively by their own privacy and cookie policies. This Extension does not alter the behaviour of those cookies; it only exposes them to you in a developer-friendly format.

9. User responsibilities and acceptable use

The Extension is intended exclusively for lawful debugging and development on accounts and services that you are authorized to access.

You must not use the Extension to:

• Intercept, export or share authentication cookies, tokens or headers belonging to other users without their authorization.

• Circumvent security or authentication mechanisms put in place by YouTube, Google or any other service.

• Violate any applicable laws, platform terms of service, or contractual obligations.

You are responsible for:

• Keeping your device and browser reasonably secure.

• Protecting the JSON exported by the Extension as highly confidential data.

• Promptly deleting any exported data when it is no longer needed.

10. Data retention

The Extension stores captured data locally only for as long as necessary to provide its debugging functionality, and in particular:

• The Extension usually retains only the latest captured bundle of headers and cookies, overwriting the previous one.

• The data remains in your browser’s extension storage until one of the following occurs:

  • You uninstall the Extension.

  • You clear your browser’s extension data / local storage.

  • You reset or reinstall your browser or device.

The developer does not maintain independent copies of your data and cannot restore it once deleted from your device.

11. Security measures

The Extension relies on the security model of your browser’s extension platform to restrict access to the captured data to the Extension itself.

However, given the sensitive nature of authentication cookies and tokens, no technical measure can fully eliminate all risks. In particular:

• Any application or person who gains access to your device or clipboard while the exported JSON is present may be able to use that data.

• The Extension does not implement additional encryption beyond what is provided by the browser’s storage mechanisms.

For this reason, you should treat the data handled by the Extension as highly sensitive, and you should not install or use the Extension if you do not fully understand and accept these risks.

12. Legal bases and user rights (where applicable)

Depending on your location and on the applicable law (for example the EU General Data Protection Regulation – GDPR – and similar regulations), you may have certain rights in relation to your personal data, such as:

• Right of access to your personal data.

• Right to rectification of inaccurate data.

• Right to erasure (“right to be forgotten”).

• Right to restriction of processing.

• Right to data portability.

• Right to object to certain processing activities.

• Right to lodge a complaint with a competent supervisory authority.

In practice, since the Extension does not send your data to the developer and does not maintain user accounts or server-side logs, many of these rights are exercised directly by you through your browser and device, for example by:

• Uninstalling the Extension.

• Clearing your browser’s extension storage or cache.

• Resetting or securing your device.

If you nevertheless believe that the developer may hold or have access to your personal data, or if you wish to exercise any of your rights in relation to the developer’s activities, you can contact:

Contact email: [your-email]

13. Children’s privacy

The Extension is intended for use by adults and technical users. It is not designed for, or directed towards, children under the age of 16 (or the age of digital consent provided by the law of your jurisdiction).

If you are a parent or guardian and you believe that a child under your care has used the Extension in a way that exposes their personal data, please uninstall the Extension from the relevant device and contact the developer if you have any further concerns.

14. Changes to this Privacy Policy

The developer may update this Privacy Policy from time to time, for example to reflect changes in the Extension’s functionality, the technologies used, or the applicable legal framework.

When changes are material, a new “last updated” date will be indicated at the top of this page. Continued use of the Extension after such changes will be considered as acceptance of the updated Privacy Policy.

15. Contact

If you have any questions about this Privacy Policy or about how the Extension handles data, you can contact:

Francesco Rolando
Email: ogekuri@gmail.com