Legal
Privacy Policy
Effective date: May 27, 2026
1. Information We Collect
Account information. When you register, we collect your name, email address, and authentication details provided via Google Firebase Authentication.
Media files. You upload video recordings, screenshots, and images to the Service. These files are stored in Google Cloud Storage and processed to generate your demos.
Usage data. We collect information about how you interact with the Service — pages visited, features used, build history, credit purchases, and timestamps.
Payment information. Credit card and payment data is handled by Stripe. We do not store your full card number, CVV, or sensitive payment data on our servers.
Communications. If you contact us by email or support channels, we retain those communications to help resolve issues.
Technical data. We may collect IP addresses, browser type, device identifiers, and error logs for security and debugging purposes.
2. How We Use Your Information
We use collected information to:
- Provide, operate, and improve the Service.
- Process your media files through AI systems to generate demos.
- Manage your account, credits, and transaction history.
- Send transactional emails (build notifications, receipts, security alerts).
- Detect, investigate, and prevent fraudulent or abusive activity.
- Comply with legal obligations.
- Respond to your support requests.
We do not sell your personal data or use your uploaded media files to train AI models.
3. Third-Party Services
We rely on the following third-party services which may process your data under their own privacy policies:
| Provider | Purpose | Policy |
|---|---|---|
| Google Firebase | Authentication, Firestore database | View → |
| Google Cloud Storage | Media file & output storage | View → |
| Google Gemini AI | Frame analysis, caption & script generation | View → |
| Google Cloud TTS | AI voice-over synthesis | View → |
| Google Cloud Run | Video processing & build execution | View → |
| Stripe | Payment processing | View → |
5. Data Retention
We retain personal data for as long as your account is active or as needed to provide the Service. Specifically:
- Account data — retained while your account is active and for up to 90 days after deletion.
- Uploaded media files — retained for up to 30 days after a build completes, then deleted automatically.
- Output files (demos) — retained for up to 90 days, then deleted. You are responsible for downloading your outputs.
- Transaction records — retained for 7 years as required by financial regulations.
You can request deletion of your account and associated data by contacting us at support@clipdraft.io. Some data may be retained longer where required by law.
6. Security
We implement industry-standard security measures to protect your data, including:
- TLS/HTTPS encryption for all data in transit.
- Cryptographically signed session cookies.
- Firebase Authentication with Google identity — we never store your password.
- Role-based access controls on all API routes.
- Cloud Storage access via time-limited signed URLs.
No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access. Request a copy of the personal data we hold about you.
- Correction. Request correction of inaccurate or incomplete data.
- Deletion. Request deletion of your personal data (“right to be forgotten”).
- Portability. Request a machine-readable export of your data.
- Objection / Restriction. Object to or request restriction of certain processing activities.
- Withdraw consent. Where processing is based on consent, withdraw it at any time.
California residents (CCPA). You have the right to know what personal information is collected and sold, to opt out of sale (we do not sell data), and to non-discrimination for exercising your rights.
EEA / UK residents (GDPR). Our lawful bases for processing are contract performance (providing the Service), legitimate interests (security, fraud prevention), and compliance with legal obligations. You have the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, contact us at support@clipdraft.io. We will respond within 30 days.
9. AI Data Processing
When you use the Service, your uploaded media files (videos, images, screenshots) and text inputs are sent to third-party AI providers (including Google Gemini, Google Veo, Google Cloud Text-to-Speech, and xAI Grok) for processing. You should be aware that:
- Processing scope. Your media and text are processed by AI models to generate demos, videos, captions, voice-overs, scores, and analytical feedback. Only the minimum data necessary for the requested feature is sent to each provider.
- No training. We do not use your uploaded content to train, fine-tune, or improve any AI models. Our agreements with AI providers prohibit the use of your data for model training.
- Transient processing. AI providers process your data in real time and do not retain your inputs or outputs beyond the duration needed to complete the request, subject to their own data retention policies linked in Section 3.
- AI output accuracy. AI-generated content may be inaccurate, incomplete, or biased. You are solely responsible for reviewing all AI outputs before use. See our Terms of Service for the full AI disclaimer.
- Provider changes. We may change AI providers at any time. We will update the third-party services table in Section 3 when this happens. Your continued use constitutes acceptance of the updated provider list.
10. International Data Transfers
ClipDraft.io is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your home country.
By using the Service, you explicitly consent to the transfer of your information to the United States and to any other country where our service providers operate. Where required by law (e.g., GDPR), we rely on Standard Contractual Clauses or other approved transfer mechanisms for transfers of personal data from the EEA, UK, or Switzerland to the United States.
No liability for foreign law differences. ClipDraft.io is not liable for any differences in data protection standards between the United States and your jurisdiction. You assume any risk associated with accessing the Service from a jurisdiction with different data protection requirements.
11. Limitation of Liability for Data Incidents
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CLIPDRAFT.IO SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO ANY UNAUTHORIZED ACCESS TO, USE OF, OR DISCLOSURE OF YOUR PERSONAL DATA, INCLUDING ANY DATA BREACH, CYBERATTACK, OR UNAUTHORIZED INTERCEPTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Third-party service incidents. We are not responsible for data breaches, unauthorized disclosures, or privacy failures that occur at our third-party service providers (including Google Firebase, Google Cloud, or Stripe). Each provider operates under its own security and privacy program. Your recourse for incidents at those providers is governed by their terms of service.
User-caused exposure. We are not liable for any exposure of your personal data that results from your own actions, including sharing account credentials, using unsecured networks, or configuring your account in a way that makes data accessible to third parties.
OUR TOTAL CUMULATIVE LIABILITY TO YOU FOR ANY PRIVACY-RELATED CLAIMS SHALL NOT EXCEED THE GREATER OF (A) THE TOTAL AMOUNT YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) US $10.
12. Dispute Resolution
Governing law. This Privacy Policy is governed by the laws of the State of California, United States, without regard to conflict-of-law principles.
Informal resolution first. Before filing any privacy-related claim, you agree to contact us at support@clipdraft.io and allow 30 days for us to attempt resolution.
Binding arbitration. Any unresolved dispute arising from this Privacy Policy shall be submitted to binding individual arbitration under the rules of the American Arbitration Association (AAA), conducted in English in San Francisco, California. You waive any right to a jury trial or to participate in a class action related to privacy claims against ClipDraft.io.
Regulatory bodies. Nothing in this section prevents you from filing a complaint with a data protection authority (e.g., your local EU supervisory authority or the California Privacy Protection Agency).
13. Children's Privacy
The Service is not directed to children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately at support@clipdraft.io and we will delete it promptly.
14. Do Not Track
Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no universally accepted standard for how to interpret DNT signals, the Service does not currently respond to DNT browser signals or headers. However, as stated in Section 8, we do not use third-party advertising cookies or cross-site tracking.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice in the Service at least 14 days before the change takes effect. The “Effective date” at the top of this page indicates when the current version was last updated.
Your continued use of the Service after the effective date of an updated policy constitutes your acceptance of the changes.
16. Contact
For privacy-related questions, data requests, or concerns, contact us at: