Privacy Policy
Effective date: 2026-07-03 · Last updated: 2026-07-03
Anujiv LLP ("we," "us," "Clippings") explains in this Privacy Policy how we collect, use, share, and protect personal data when you use Clippings at https://useclippings.com (the "Service"). This policy is written to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and — because we are established in India — India's Digital Personal Data Protection Act, 2023 (the "DPDP Act"). We are the "controller" (GDPR) / "business" (CCPA) / "Data Fiduciary" (DPDP Act) for the personal data described here, unless stated otherwise.
1. Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email, password hash, workspace info | You, at signup |
| Content you provide | Source recordings/writing, derived clips and drafts you upload or create in the Service | You |
| Usage data | Feature usage, log data, device/browser info, IP address | Automatically, from your use |
| Payment data | Billing name, last-4 card digits, transaction history — once billing launches (see Section 3; not yet collected as of this policy's effective date) | Our payment processor |
| Cookies & similar technologies | See our Cookie Policy | Automatically |
| Support communications | Messages you send to support@useclippings.com | You |
We do not knowingly collect data from anyone under 18. See Section 8.
2. How We Use Data & Lawful Basis (GDPR/UK-GDPR)
| Purpose | Lawful basis |
|---|---|
| Provide, operate, and maintain the Service (including processing your content through AI providers to generate clips/drafts) | Performance of a contract with you |
| Process payments and prevent fraud (once billing launches) | Performance of a contract; legal obligation (tax) |
| Respond to support requests | Performance of a contract; legitimate interests |
| Improve and secure the Service (aggregated/anonymized analysis, abuse prevention) | Legitimate interests |
| Send service-related emails (billing, security, policy changes) | Performance of a contract; legal obligation |
| Send optional marketing communications | Consent (opt-in; you can withdraw anytime) |
| Comply with law, respond to lawful requests | Legal obligation |
3. Who We Share Data With — Sub-processors
We share personal data only with service providers who process it on our behalf under contract ("sub-processors"), and only as needed to provide the Service. We do not sell personal data.
| Sub-processor | Purpose | Data involved | Status |
|---|---|---|---|
| Supabase | Database, authentication, file storage | Account data, Customer Content | Live |
| OpenRouter | LLM routing gateway — routes requests to underlying AI model providers | Content you submit for AI-assisted clip/draft generation | Live |
| Anthropic (via OpenRouter) | Underlying AI model provider currently used for generation; the specific provider/model may change over time | Content you submit for AI-assisted clip/draft generation | Live |
| Cloudflare R2 | Object/media storage (evaluated as a future replacement/addition to Supabase Storage for video) | Customer Content (files/media), if and when adopted | Planned — not yet processing data |
| Dodo Payments | Payment processing, merchant of record, tax collection & remittance | Billing name, payment method (tokenized), transaction data, once billing launches | Planned — not yet processing data; the Service does not yet charge for access |
We maintain this list on an ongoing basis and will update it — including moving Cloudflare R2 and Dodo Payments to "Live" — before either actually begins processing personal data, and will notify customers of material changes with an objection window where required.
4. International Data Transfers
Where we transfer personal data outside the EEA/UK (for example, to a sub-processor located in the United States), we rely on an adequacy decision, the EU Standard Contractual Clauses, or the UK International Data Transfer Agreement/Addendum, as applicable, to ensure an equivalent level of protection.
Because we operate from India, personal data collected here may be processed in India as well as by the sub-processors above. Under the DPDP Act, transfers of personal data outside India are permitted except to any country or territory that the Government of India specifically restricts; we will comply with any such restriction if and when it is notified.
5. Data Retention
We retain personal data for as long as your account is active, and for 30 days after your account is closed, after which it is deleted or anonymized — except where a longer period is required to meet tax/legal record-keeping obligations or to resolve a dispute. You can request earlier deletion — see Section 7.
6. Security
We use technical and organizational measures appropriate to the risk (encryption in transit, access controls, least-privilege service credentials) to protect personal data. No system is perfectly secure; we will notify affected users and regulators of any breach as required by law.
7. Your Rights
If you are in the EEA/UK (GDPR/UK-GDPR): you have the right to access, rectify, erase, restrict, or object to processing of your data, and the right to data portability. You may withdraw consent at any time where processing is based on consent. You have the right to lodge a complaint with your local data protection authority.
If you are a California resident (CCPA/CPRA): you have the right to know what personal information we collect and how it's used, the right to delete it, the right to correct inaccurate information, the right to opt out of sale/sharing (we do not sell personal information), the right to limit use of sensitive personal information, the right to non-discrimination for exercising these rights, and the right to appeal a denied request. We honor Global Privacy Control (GPC) opt-out signals.
If you are in India (DPDP Act, 2023): as a Data Principal you have the right to access a summary of the personal data we process about you and our processing activities, the right to correction and erasure of your personal data, the right to grievance redressal (see Section 11 and the Grievance Officer named in our Terms of Service §16), the right to nominate another person to exercise your rights in the event of death or incapacity, and the right to withdraw consent at any time (withdrawal does not affect processing already carried out on the basis of your earlier consent).
To exercise any of these rights, contact us at support@useclippings.com. We will verify your identity before fulfilling a request and respond within the time required by applicable law.
8. Children's Privacy
The Service is not directed to, and we do not knowingly collect personal data from, anyone under 18. We set the minimum age at 18 in part because India's DPDP Act treats everyone under 18 as a child and requires verifiable parental/guardian consent (and prohibits certain profiling) before a child's personal data may be processed — an obligation we avoid triggering by not serving under-18 users. If you believe a minor has provided us data, contact support@useclippings.com and we will delete it.
9. Cookies
See our Cookie Policy for the specific cookies we use and how to control them.
10. Changes to This Policy
We'll post updates here with a new "Last updated" date and, for material changes, provide additional notice (email or in-app) before they take effect.
11. Contact & Grievance Officer
Privacy questions, data-rights requests, or complaints: support@useclippings.com, attention Grievance Officer.
- Grievance Officer (India — DPDP Act, 2023 and Consumer Protection (E-Commerce) Rules, 2020):
Ayush Gupta.
- Postal address: Anujiv LLP, F-26 Sector-56, Noida (UP), India, Pin - 201301.
We will acknowledge complaints promptly and resolve them within the timelines required by law (within 48 hours to acknowledge and one month to resolve under the Consumer Protection (E-Commerce) Rules, 2020; within the period required by the DPDP Act for data-protection grievances).
We have not appointed a formal Data Protection Officer, as the DPDP Act requires one only for entities classified as Significant Data Fiduciaries; the Grievance Officer above is our point of contact for data-protection matters. We have not appointed an EU/UK representative under GDPR Article 27 — assess with counsel whether the scale of EU/UK monitoring or offering triggers that requirement.
