Clip Foundry
Sign in
← Back to home

Privacy Policy

Last updated: 2025-01-08

This Policy explains what personal data we collect, why, and your rights under the EU General Data Protection Regulation (GDPR). Data controller: Clip Foundry sp. z o.o., Warsaw, Poland.

1. Data we collect

  • Account data from Google OAuth: email, name, avatar URL, Google ID. Legal basis: contract performance (Art. 6(1)(b) GDPR).
  • Billing data: Stripe customer ID, purchase history. Stripe processes your card; we never see card numbers. Legal basis: contract + legal obligation (accounting).
  • Job data: prompts you submit, generated outputs, token usage. Legal basis: contract.
  • Technical logs: IP address, user agent, request timestamps. Legal basis: legitimate interest in security and fraud prevention (Art. 6(1)(f) GDPR).
  • Analytics: aggregated, cookie-free page views via self-hosted Plausible. No cross-site tracking, no fingerprinting.

2. How we use it

  • To authenticate you and operate the API.
  • To process payments and issue invoices.
  • To improve quality (analyse failed jobs in aggregate).
  • To detect abuse and security incidents.
  • To send service emails (e.g. payment receipts, security alerts). Marketing emails only with separate opt-in.

3. Sharing with processors

We share data only with these sub-processors:

  • Google LLC (OAuth authentication).
  • Stripe Payments Europe Ltd. (payments + tax).
  • Hetzner Online GmbH (hosting in EU, Falkenstein/Helsinki).
  • Resend, Inc. (transactional email).
  • ElevenLabs, OpenAI, Black Forest Labs, Stability AI (AI providers — prompts are sent to generate outputs).

4. International transfers

Some AI providers process data in the United States. Transfers rely on Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

5. Retention

  • Account data: until you delete your account.
  • Job inputs/outputs: 30 days after the job completes, then deleted.
  • Billing records: 5 years (Polish accounting law).
  • Technical logs: 90 days.

6. Your rights

Under GDPR you have the right to:

  • Access, correct, or delete your data.
  • Export your data (portability).
  • Object to processing based on legitimate interest.
  • Withdraw consent for any processing based on consent.
  • Lodge a complaint with your supervisory authority (in Poland: Prezes Urzędu Ochrony Danych Osobowych).

You can delete your account at any time from /app/settings. We perform a hard delete (cascade to jobs, keys, sessions) immediately.

7. Cookies

See our Cookie Policy.

8. Contact

Data Protection Officer: dpo@clipfoundry.pl.