ClippingsClippings
Draft — not legal advice. This page is assembled from researched templates and has not been reviewed by a lawyer. Any {{PLACEHOLDER}} text below is a still-unfilled fact, not a typo.

Privacy Policy

Effective date: 2026-07-03 · Last updated: 2026-07-03

Anujiv LLP ("we," "us," "Clippings") explains in this Privacy Policy how we collect, use, share, and protect personal data when you use Clippings at https://useclippings.com (the "Service"). This policy is written to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and — because we are established in India — India's Digital Personal Data Protection Act, 2023 (the "DPDP Act"). We are the "controller" (GDPR) / "business" (CCPA) / "Data Fiduciary" (DPDP Act) for the personal data described here, unless stated otherwise.

1. Data We Collect

CategoryExamplesSource
Account dataName, email, password hash, workspace infoYou, at signup
Content you provideSource recordings/writing, derived clips and drafts you upload or create in the ServiceYou
Usage dataFeature usage, log data, device/browser info, IP addressAutomatically, from your use
Payment dataBilling name, last-4 card digits, transaction history — once billing launches (see Section 3; not yet collected as of this policy's effective date)Our payment processor
Cookies & similar technologiesSee our Cookie PolicyAutomatically
Support communicationsMessages you send to support@useclippings.comYou

We do not knowingly collect data from anyone under 18. See Section 8.

2. How We Use Data & Lawful Basis (GDPR/UK-GDPR)

PurposeLawful basis
Provide, operate, and maintain the Service (including processing your content through AI providers to generate clips/drafts)Performance of a contract with you
Process payments and prevent fraud (once billing launches)Performance of a contract; legal obligation (tax)
Respond to support requestsPerformance of a contract; legitimate interests
Improve and secure the Service (aggregated/anonymized analysis, abuse prevention)Legitimate interests
Send service-related emails (billing, security, policy changes)Performance of a contract; legal obligation
Send optional marketing communicationsConsent (opt-in; you can withdraw anytime)
Comply with law, respond to lawful requestsLegal obligation

3. Who We Share Data With — Sub-processors

We share personal data only with service providers who process it on our behalf under contract ("sub-processors"), and only as needed to provide the Service. We do not sell personal data.

Sub-processorPurposeData involvedStatus
SupabaseDatabase, authentication, file storageAccount data, Customer ContentLive
OpenRouterLLM routing gateway — routes requests to underlying AI model providersContent you submit for AI-assisted clip/draft generationLive
Anthropic (via OpenRouter)Underlying AI model provider currently used for generation; the specific provider/model may change over timeContent you submit for AI-assisted clip/draft generationLive
Cloudflare R2Object/media storage (evaluated as a future replacement/addition to Supabase Storage for video)Customer Content (files/media), if and when adoptedPlanned — not yet processing data
Dodo PaymentsPayment processing, merchant of record, tax collection & remittanceBilling name, payment method (tokenized), transaction data, once billing launchesPlanned — not yet processing data; the Service does not yet charge for access

We maintain this list on an ongoing basis and will update it — including moving Cloudflare R2 and Dodo Payments to "Live" — before either actually begins processing personal data, and will notify customers of material changes with an objection window where required.

4. International Data Transfers

Where we transfer personal data outside the EEA/UK (for example, to a sub-processor located in the United States), we rely on an adequacy decision, the EU Standard Contractual Clauses, or the UK International Data Transfer Agreement/Addendum, as applicable, to ensure an equivalent level of protection.

Because we operate from India, personal data collected here may be processed in India as well as by the sub-processors above. Under the DPDP Act, transfers of personal data outside India are permitted except to any country or territory that the Government of India specifically restricts; we will comply with any such restriction if and when it is notified.

5. Data Retention

We retain personal data for as long as your account is active, and for 30 days after your account is closed, after which it is deleted or anonymized — except where a longer period is required to meet tax/legal record-keeping obligations or to resolve a dispute. You can request earlier deletion — see Section 7.

6. Security

We use technical and organizational measures appropriate to the risk (encryption in transit, access controls, least-privilege service credentials) to protect personal data. No system is perfectly secure; we will notify affected users and regulators of any breach as required by law.

7. Your Rights

If you are in the EEA/UK (GDPR/UK-GDPR): you have the right to access, rectify, erase, restrict, or object to processing of your data, and the right to data portability. You may withdraw consent at any time where processing is based on consent. You have the right to lodge a complaint with your local data protection authority.

If you are a California resident (CCPA/CPRA): you have the right to know what personal information we collect and how it's used, the right to delete it, the right to correct inaccurate information, the right to opt out of sale/sharing (we do not sell personal information), the right to limit use of sensitive personal information, the right to non-discrimination for exercising these rights, and the right to appeal a denied request. We honor Global Privacy Control (GPC) opt-out signals.

If you are in India (DPDP Act, 2023): as a Data Principal you have the right to access a summary of the personal data we process about you and our processing activities, the right to correction and erasure of your personal data, the right to grievance redressal (see Section 11 and the Grievance Officer named in our Terms of Service §16), the right to nominate another person to exercise your rights in the event of death or incapacity, and the right to withdraw consent at any time (withdrawal does not affect processing already carried out on the basis of your earlier consent).

To exercise any of these rights, contact us at support@useclippings.com. We will verify your identity before fulfilling a request and respond within the time required by applicable law.

8. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal data from, anyone under 18. We set the minimum age at 18 in part because India's DPDP Act treats everyone under 18 as a child and requires verifiable parental/guardian consent (and prohibits certain profiling) before a child's personal data may be processed — an obligation we avoid triggering by not serving under-18 users. If you believe a minor has provided us data, contact support@useclippings.com and we will delete it.

9. Cookies

See our Cookie Policy for the specific cookies we use and how to control them.

10. Changes to This Policy

We'll post updates here with a new "Last updated" date and, for material changes, provide additional notice (email or in-app) before they take effect.

11. Contact & Grievance Officer

Privacy questions, data-rights requests, or complaints: support@useclippings.com, attention Grievance Officer.

  • Grievance Officer (India — DPDP Act, 2023 and Consumer Protection (E-Commerce) Rules, 2020):

Ayush Gupta.

  • Postal address: Anujiv LLP, F-26 Sector-56, Noida (UP), India, Pin - 201301.

We will acknowledge complaints promptly and resolve them within the timelines required by law (within 48 hours to acknowledge and one month to resolve under the Consumer Protection (E-Commerce) Rules, 2020; within the period required by the DPDP Act for data-protection grievances).

We have not appointed a formal Data Protection Officer, as the DPDP Act requires one only for entities classified as Significant Data Fiduciaries; the Grievance Officer above is our point of contact for data-protection matters. We have not appointed an EU/UK representative under GDPR Article 27 — assess with counsel whether the scale of EU/UK monitoring or offering triggers that requirement.