MYO Magic is a personal project built and maintained by me, Carissa Allen. This Privacy Policy explains how your information is handled when you use the MYO Magic app at yotomyomagic.com and the MYO Magic Chrome extension. I want to be transparent about what data is collected, how it's used, and how it's protected.
1. Information I Collect
Account Information: When you log in through Yoto, I receive your Yoto user ID to associate your session with your playlists. I never see or store your Yoto password.
Google Account Information: If you choose to connect your Google Drive, I receive your Google email address and OAuth tokens (access and refresh tokens) through Google's standard OAuth 2.0 flow. These tokens are stored in your encrypted session and are not saved to a database or shared with anyone.
Google Drive Data: When you use the Google Drive import feature, MYO Magic accesses your Google Drive in read-only mode to:
- List folders and files you navigate to within the app
- Download audio files and ZIP archives that you explicitly select for import
- Display your Google account email so you can see which account is connected
I only access files you select or navigate to. MYO Magic does not scan, index, or access your entire Drive. Selected files are temporarily streamed through the server to process your import, then stored in temporary cloud storage until your import job completes, after which they are deleted.
Uploaded Files: Audio files you upload (directly or from Google Drive) are temporarily stored in Google Cloud Storage to process your MYO card import. These temporary files are automatically cleaned up after processing.
Contact Form: If you reach out through the contact form on this site, I receive the name, email, and message you provide. This information is sent to me via email and is not stored in a database.
2. How Your Information Is Used
- To provide the app's core features: importing audio files, creating MYO playlists, and managing your Yoto cards
- To authenticate your session with Yoto and (optionally) Google Drive
- To respond to your messages through the contact form
3. Google Drive Integration
MYO Magic's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- MYO Magic only requests the drive.readonly scope, which provides read-only access to your Google Drive files
- Only the files and folders you explicitly select or navigate to are accessed
- Your Google Drive data is never used for advertising, market research, or any purpose unrelated to providing the app
- Your Google Drive data is never shared with third parties
- Your Google OAuth tokens are stored only in your encrypted browser session and are never persisted to a database
- You can disconnect your Google Drive at any time from within the app, which immediately removes your tokens from your session
4. Chrome Extension
The MYO Magic Chrome extension enhances your experience on the Yoto website. Here's how the extension handles your data:
What the extension accesses:
- The extension only activates on the Yoto website (https://my.yotoplay.com/)
- It accesses your Yoto authentication token (stored in your browser) to interact with the Yoto API on your behalf
- Audio files you select for import are processed locally in your browser or temporarily streamed through the extension
What the extension does NOT do:
- It does not collect or transmit browsing history, keystrokes, or personal information
- It does not track your activity across websites
- It does not store your Yoto password — authentication happens through Yoto's official login system
- It does not communicate with any third-party analytics or advertising services
Permissions: The extension requests only the permissions necessary to function on the Yoto website. It cannot access other websites or browser data.
5. Data Sharing
I do not sell, rent, or share your personal information with third parties, except as needed to make the app work:
- Yoto: MYO Magic interacts with the Yoto API on your behalf to manage your MYO cards and playlists, using the credentials you provide
- Google: Google Cloud Platform services (Cloud Storage, Cloud Tasks) are used to process your file imports. Google processes this data according to their own privacy policies
- Infrastructure Providers: Google Cloud Platform and Cloudflare are used to host and operate the app
6. Data Retention
- Session Data: Your session (including Google OAuth tokens) expires automatically and is not permanently stored
- Temporary Files: Uploaded and imported audio files are stored temporarily during processing and are automatically deleted afterward
- No User Database: MYO Magic does not maintain a user database or store long-term user profiles
7. Data Security
I use industry-standard security measures to protect your data, including:
- HTTPS encryption for all data in transit
- Encrypted session storage for authentication tokens
- Security headers (CSP, HSTS, X-Frame-Options) on all responses
- Google Cloud Platform's built-in security for data at rest
8. Your Rights and Choices
- You can disconnect your Google Drive at any time from within the app
- You can revoke MYO Magic's access to your Google account at any time through your Google Account permissions
- You can stop using the app at any time — since there are no user accounts, no deletion request is necessary
9. Children's Privacy
MYO Magic is intended for parents and caregivers. I do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, please get in touch.
10. Changes to This Policy
I may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of MYO Magic after changes constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy or how your data is handled, please reach out through the Contact page or email me at hello@yotostorylab.com.