Privacy Policy

Last updated: March 4, 2026

1. Overview

This Privacy Policy explains how SaveAll handles information when you use the website, review workflow, and download features. SaveAll is designed to process user-submitted URLs and provide preview and download functionality. The service is intended to minimize data collection and focus on operational data required for technical delivery. By using SaveAll, you acknowledge this Policy and understand how local storage, browser-side state, and service logs may be used to keep core features working.

This Policy applies to current service pages, including the input page, review page, and legal pages. It also covers API endpoints used to start downloads and retrieve job status. If you run SaveAll in your own environment, you are responsible for any additional data collection you add beyond what is described here.

2. Information You Provide

SaveAll processes text and URLs that you manually submit through the interface. This may include social media links, mixed message content, and selected items on the review page. SaveAll does not require user account creation in the default setup. No username, password, payment information, or profile identity is required for basic functionality. If your submitted text includes personal data, that data may be processed as part of link detection and preview generation.

You should avoid submitting sensitive personal information that is not necessary for download operations. The service is a utility and not intended for handling special categories of personal data. You remain responsible for what you paste into the input area.

3. Operational Data Collected Automatically

Like most web applications, SaveAll may generate technical logs through the web framework and server environment. These logs can include request path, timestamp, response status code, and basic request metadata used for debugging and service reliability. Logs are used to diagnose failures such as extraction errors, invalid payloads, timeout issues, or dependency problems. Log retention depends on your local deployment and server configuration.

SaveAll also maintains temporary in-memory job state for active downloads, including URL list, status transitions, file name outputs, and completion counters. This state is needed to render progress bars and job updates. In default local operation, in-memory job state is not intended as long-term analytics storage.

4. Cookies and Local Storage

SaveAll uses essential security mechanisms, including CSRF protection, which may set technical cookies required for form and API safety. These cookies help prevent unauthorized cross-site requests. Without them, certain actions such as starting downloads may fail. SaveAll may also use browser local storage for interface preferences, such as cookie consent choices. These preferences are stored on your device and are not intended as cross-site tracking identifiers.

SaveAll’s cookie consent banner allows you to accept or reject optional usage modes. Essential cookies used for security and core app operation remain necessary for service function. You can clear browser cookies and local storage at any time through browser settings.

5. How Data Is Used

Data submitted to SaveAll is used for four primary purposes: detecting URLs, building previews, executing downloads, and presenting progress updates. SaveAll may call third-party platforms indirectly through extraction tools to fetch metadata and media streams. The data is not used for advertising profiling by default. No behavioral user profile is generated by the standard implementation included in this project.

We may also use technical error information to improve reliability, such as identifying broken extraction patterns or unsupported URL variants. These improvements are operational and not intended to identify individual users.

6. File Storage and Retention

Downloaded files are stored locally in the configured downloads directory of your deployment. SaveAll does not automatically delete files unless you add custom cleanup scripts. You are responsible for retention management, secure storage, backup policies, and local access control. If your environment is shared among multiple users, implement filesystem permissions and operational policies to prevent unauthorized access.

Preview metadata may appear in memory or temporary process output while a session is active. In normal operation, this data is not intended for indefinite retention, but logs and output files may persist depending on your system configuration.

7. Third-Party Services and Transfers

When you submit a URL, SaveAll may interact with third-party services through HTTP requests and extraction tools to retrieve media metadata or stream locations. Those third-party platforms may process requests under their own privacy terms. SaveAll does not control those platform policies, data handling practices, or geographic hosting behavior. You should review relevant platform policies if you need detailed understanding of their processing activities.

SaveAll itself does not intentionally sell user data or share personal information with advertising brokers in the default setup. If you add third-party analytics or ad scripts, you must update this Policy accordingly.

8. Security Measures

SaveAll uses standard framework protections such as CSRF safeguards and route-level validation to reduce common web risks. File delivery logic includes path checks to mitigate directory traversal attempts. Input parsing is constrained to expected URL patterns for supported platforms. Even with these controls, no system can guarantee absolute security. You should run SaveAll behind trusted infrastructure, keep dependencies updated, and apply system-level security controls appropriate for your environment.

Recommended controls include restricting network exposure, enabling HTTPS where possible, limiting server access, and isolating execution environments for extraction tools. Security posture ultimately depends on how you deploy and maintain the application.

9. Children’s Privacy

SaveAll is not specifically directed to children. We do not knowingly design the service to collect data from children for profiling or targeted advertising. If you believe personal information from a child has been submitted inappropriately, you should remove relevant data from the local system and apply stricter usage controls in your deployment environment.

10. International Use

If SaveAll is used across regions, data may be processed in locations where your deployment server and third-party content platforms operate. Cross-border data handling can occur when external platform requests are made. If you are subject to regional data regulations, you are responsible for configuring your deployment and compliance processes accordingly. SaveAll does not automatically provide jurisdiction-specific compliance settings out of the box.

11. Your Choices and Rights

You can control what data you submit by limiting input content to required URLs only. You can remove downloaded files from local storage at any time. You can clear browser cookies/local storage and reset consent preferences. Depending on applicable law, you may have rights regarding access, correction, deletion, or restriction of personal data processing. In a self-hosted environment, requests should be directed to the deployment administrator.

If you operate SaveAll for a team, you should define a process for handling privacy-related requests, including log review and file deletion where applicable. SaveAll provides technical function, but governance is your operational responsibility.

12. Policy Updates

We may update this Privacy Policy to reflect changes in legal requirements, platform behavior, operational architecture, or service features. Updated versions become effective once published on this page. Continued use after updates indicates acceptance of the revised policy. If material changes are made to data usage practices, administrators should communicate those changes to affected users before continued operation.

13. Contact and Controller Role

If you are running a personal local instance, you are effectively the controller/operator of local data in that instance. Questions about privacy handling should be directed to the person or team operating the deployment. If SaveAll is managed by an organization, that organization’s privacy contact channel should be used for data-related requests.

For concerns related to misuse of downloaded content, rights claims, or platform compliance, contact the relevant content owner or platform directly. SaveAll does not adjudicate ownership disputes and cannot grant rights to third-party media.