This Privacy Policy explains how ClipCraft (“ClipCraft,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal data when you use the ClipCraft website, application, and related services (the “Service”).
If you disagree with this Policy, please stop using the Service.
1. Who We Are and How to Contact Us
We are the controller of the personal data described below.
- Controller: ClipCraft
- Email: support@clipcrafts.net
For any privacy question, data-access or deletion request, or complaint, email us at the address above.
2. The Data We Collect
2.1 Information you provide
- Account identity. We do not run our own identity database. Your email address, password, and any other authentication credentials are held by our authentication provider (Clerk). On our side we only keep the opaque user ID that provider issues us, and we attach it to your projects and billing state.
- Billing state. When you subscribe or buy credits, we store the customer ID and subscription ID issued to us by our payment provider (Paddle), together with your plan, subscription status, and billing-period timestamps. We do not receive, process, or store your payment card number, CVV, or full billing address — those are handled by Paddle.
- Content you upload: video files, audio tracks, and related metadata (filename, duration, resolution, file size).
- Communications: messages you send to support.
2.2 Information generated by your use of the Service
- Derivative content: transcripts and scene-detection data produced from your uploads, the AI edit plan generated for each project, and the rendered output video file. These are stored alongside the source uploads they were derived from.
- Project metadata: the rendering preferences you pick (energy, style, output format, optional description), the job status for each project, and any error messages.
- Usage data: the number of projects you have created in the current billing period — used to enforce your plan quota — and the number of times you have regenerated each project.
- Technical data: IP address, browser and device type, timestamps, log data, and error reports.
- Cookies and similar technologies: see Section 6.
2.3 What we do not collect
We do not intentionally collect special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, or data about sex life or sexual orientation), except insofar as you voluntarily include such content in a video you upload. Please do not upload content containing special categories of personal data about identifiable third parties without their explicit consent.
3. How We Use Your Data
We use your data for the purposes below, relying on the legal bases indicated (where the GDPR or similar law applies):
| Purpose | Legal basis |
|---|---|
| Create and manage your account; authenticate you | Performance of contract |
| Process uploaded content into transcripts, edit plans, and rendered video | Performance of contract |
| Take payment and issue receipts | Performance of contract; legal obligation |
| Detect and prevent fraud, abuse, and security incidents | Legitimate interest |
| Comply with tax, accounting, and other legal obligations | Legal obligation |
| Improve reliability and performance of the Service (aggregated / anonymized only) | Legitimate interest |
| Respond to support requests and send service-related announcements | Performance of contract; legitimate interest |
| Send service-related emails (receipts, security notices) | Performance of contract |
4. AI Training — What We Do Not Do
We do not use your uploaded content, transcripts, edit plans, or rendered output to train, fine-tune, or improve any general-purpose AI model — either ours or anyone else’s.
Our AI sub-processors (listed in Section 5) are, under their standard commercial API terms, contractually barred from using API inputs or outputs to train their models. If a sub-processor ever changes that policy in a way that would materially affect your content, we will update this Policy and notify you before the change takes effect.
5. Sub-processors
We rely on trusted third parties to deliver parts of the Service. Each is bound by appropriate data-protection agreements. As of the date of this Policy, our sub-processors are:
| Provider | Role | Data processed | Region |
|---|---|---|---|
| Clerk, Inc. | User authentication | Email, password hash, session tokens | United States |
| Vercel Inc. | Application hosting (Next.js app) | Request logs, IP addresses, edge-routed API traffic | United States / global edge |
| Railway Corp. | Worker and infrastructure hosting | Job payloads and logs transiting the worker | United States |
| Cloudflare, Inc. (R2) | Object storage (uploads and renders) | Uploaded video files, rendered outputs | Global (routed via Cloudflare’s edge network) |
| Neon, Inc. | Managed PostgreSQL database | Account metadata, project metadata | United States / European Union (as configured) |
| Anthropic, PBC | AI model provider (edit planning) | Transcripts and analysis metadata | United States |
| AssemblyAI, Inc. | Speech-to-text transcription | Audio extracted from your uploads | United States |
| Paddle.com Market Ltd. | Payment processing — merchant of record (invoicing, taxes, refunds, customer portal) | Payment card data, billing address, tax status | United States / European Union / United Kingdom |
Paddle is our merchant of record. When you make a purchase, Paddle is the party that sells you the license, collects payment, handles applicable VAT or sales tax, and issues the invoice. Paddle then pays us the net amount. Their processing is governed by their own privacy policy, in addition to this one.
We may update this list as our infrastructure evolves. Material changes will be reflected here; you can ask for the current list at any time by emailing support@clipcrafts.net.
6. Cookies and Similar Technologies
We use only strictly-necessary cookies and similar technologies. These include:
- Authentication cookies set by our authentication provider so you stay signed in;
- Session and security cookies required for the Service to function;
- Payment-session cookies set when you complete a checkout through our payment provider.
We do not currently use analytics cookies, advertising cookies, or tracking pixels. Because only strictly-necessary technologies are used, no consent banner is shown under EU, UK, or Israeli law. If we add non-essential cookies in the future, we will update this Policy and obtain your consent where required.
You can block or delete cookies through your browser settings, but doing so may break authentication and payments.
7. How We Share Your Data
We share personal data only with:
- the sub-processors listed in Section 5, to deliver the Service;
- professional advisers (lawyers, accountants) under confidentiality, where necessary;
- governmental authorities, courts, or law enforcement, where required by a valid legal request or to protect rights, safety, or property;
- a successor entity, in connection with a merger, acquisition, sale of assets, or similar corporate transaction — in which case we will ensure the acquirer is bound by protections equivalent to those in this Policy.
We do not sell your personal data. We do not share personal data for cross-context behavioral advertising.
8. International Data Transfers
Our sub-processors operate in the United States, the European Union, Ireland, and other jurisdictions. Your data may be transferred to and stored in countries outside your country of residence, including outside Israel, the EEA, and the UK.
Where we transfer personal data out of the EEA, UK, or Israel, we rely on lawful transfer mechanisms — including the European Commission’s Standard Contractual Clauses (SCCs), the UK Addendum, applicable adequacy decisions, and the transfer provisions of Israeli law, including the Protection of Privacy Regulations (Transfer of Data to Databases Abroad), 5761–2001.
9. Data Retention
We keep personal data only as long as we need it:
- Account data: for as long as your account is active, and for a reasonable period after account closure for legal, security, and backup purposes.
- Uploaded content, transcripts, and renders: retained as long as the related project exists in your account. You can delete projects at any time from your dashboard. We reserve the right to delete content at our discretion — for example, for storage management, abuse prevention, or where required by law.
- Billing records: retained for the period required by applicable tax and accounting law (in Israel, generally at least seven years).
- Log and security data: typically up to 90 days, unless needed longer for a security investigation.
- Backups: data in encrypted backups is retained according to the backup rotation and expires automatically.
Deleted content is removed from live systems promptly and from backups on the next backup cycle.
10. Security
We apply technical and organizational measures appropriate to the risks: access controls, encryption in transit (TLS), encryption at rest for stored uploads and renders, separation of duties, logging, and least-privilege access to production systems.
No method of transmitting or storing data over the internet is perfectly secure. If we become aware of a personal-data breach affecting your data, we will notify you and the competent authorities where required by law, including under GDPR Articles 33–34 and under the Israeli Protection of Privacy Law.
11. Your Rights
Depending on where you live, you have some or all of the following rights over your personal data:
- Access — ask us what data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Deletion — ask us to delete your data, subject to exceptions (e.g., tax records we must keep).
- Restriction — ask us to limit processing in specific circumstances.
- Objection — object to processing based on legitimate interests.
- Portability — ask for your data in a structured, machine-readable format.
- Withdraw consent — where we rely on consent, you can withdraw it at any time (without affecting prior lawful processing).
- Complaint — lodge a complaint with a data-protection authority (see below).
To exercise any of these rights, email support@clipcrafts.net. We may ask you to verify your identity before acting. We will respond within the timeframe required by the applicable law (generally 30 days under the GDPR and under Israeli law).
11.1 Israel — Protection of Privacy Law, 5741–1981 (including Amendment 13)
You may ask to inspect data we hold about you and to have inaccurate data corrected or, in certain cases, deleted. If we refuse, you may apply to a Magistrate’s Court for an order. You may also contact the Israeli Privacy Protection Authority at gov.il/en/departments/the_privacy_protection_authority.
11.2 European Union / EEA
You can lodge a complaint with your national data-protection authority. A list is available at edpb.europa.eu. We do not currently have an appointed Article 27 representative in the EU. If our activity crosses the thresholds that require one, we will appoint one and update this Policy.
11.3 United Kingdom
You can contact the UK Information Commissioner’s Office at ico.org.uk.
11.4 California — CCPA / CPRA
California residents may request to know, delete, correct, and restrict the use of their personal information, and opt out of the sale or share of personal information. We do not sell or share personal information. To exercise these rights, email support@clipcrafts.net. We will not discriminate against you for exercising your rights.
11.5 Other U.S. states
Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Texas, and Oregon) have access, deletion, correction, portability, and opt-out rights similar to those listed above. Email us to exercise them.
11.6 Brazil (LGPD) and Canada (PIPEDA / Law 25)
Data subjects have rights broadly similar to those listed above. Email us to exercise them.
12. Children
The Service is not intended for anyone under 18. We do not knowingly collect personal data from people under 18. If you believe a minor has provided us personal data, contact us at support@clipcrafts.net and we will delete the account and data.
13. Automated Decision-Making
We do not make decisions that produce legal or similarly significant effects about you using solely automated processing. The Service generates suggested edits; you decide whether to use them.
14. Changes to This Policy
We may update this Policy. If we make material changes we will notify you by email or through a prominent notice in the Service before the change takes effect, and we will update the Last updated date. Your continued use of the Service after the effective date means you accept the updated Policy.
15. Contact
For any privacy question, request, or complaint:
ClipCraft
Email: support@clipcrafts.net
This document is provided for transparency and for your convenience. It is not legal advice.