Last updated: June 10, 2026
Privacy Policy
This Privacy Policy explains how Clipstrike collects, uses, shares, and protects personal data when you use the Clipstrike website, application, APIs, and related services. If a translated version conflicts with the English version, the English version controls.
Clipstrike is operated by Adriano Rocha Dev LTDA, CNPJ 55.999.240/0001-33. Contact us at contato@clipstrike.app.
Controller and Contact
Adriano Rocha Dev LTDA is the controller or service provider for Clipstrike, depending on the applicable law and context. We do not publish a physical address in this policy. Use contato@clipstrike.app for privacy, LGPD, GDPR, CCPA/CPRA, consumer, and support requests.
Information We Collect
We collect account and authentication data through Clerk, including identifiers, email addresses, names, login events, and account status. We collect project and user content you submit, including YouTube URLs, uploaded media, logos, brand settings, transcripts, prompts, custom instructions, generated clips, rendering metadata, and media URLs stored in Amazon S3 or other infrastructure.
Stripe processes billing data for subscriptions, credits, invoices, taxes, and fraud prevention. Payment card details are handled by Stripe and are not stored by Clipstrike.
If you connect TikTok or YouTube for social publishing, we collect connected-account data such as the platform, provider account ID, display name, avatar URL, OAuth scopes, token expiration time, last connected time, account status, provider metadata, and encrypted access and refresh tokens. We also collect TikTok creator publishing options, AI-generated and user-edited publish metadata, titles, descriptions, hashtags, captions, visibility or privacy choices, branded-content and AI-generated disclosures, YouTube audience or made-for-kids choices, upload and status polling data, provider publish IDs, upload URLs, video IDs, canonical URLs, provider visibility, provider errors, publish job history, workflow IDs, attempts, timestamps, and any custom publish templates you save.
We collect operational data such as server logs, device and browser information, IP addresses, request metadata, error reports, security events, workflow logs, and usage events needed to operate, debug, secure, and improve the service. For AI observability, we may collect metadata such as model, token, cost, latency, trace, and error metadata for content classification, clip extraction, and social publish metadata. If AI payload recording is explicitly enabled, we may also collect LLM prompts and outputs through PostHog's AI OpenTelemetry integration. Transcription observability is limited to manual metadata-only spans such as provider, model, language, duration, chunk counts, latency, and sanitized errors, and does not include audio URLs, temporary file paths, transcript text, words, or segments.
Browser analytics, PostHog session features, heatmaps, exception capture, first-touch UTM cookies, and Axiom web vitals run only after you consent to analytics cookies. Rejecting analytics does not block strictly necessary authentication, billing, security, or session cookies.
How We Use Information
We use information to provide Clipstrike, authenticate users, process videos, generate clips and captions, render exports, manage billing and credits, connect social accounts, prepare publish metadata, upload and publish clips to platforms you select, poll provider status, display publish history, prevent abuse, secure the service, respond to support requests, comply with legal obligations, measure product performance, and improve reliability and user experience.
Processors and Sharing
We share data with vendors and processors only as needed for the service, security, support, billing, compliance, and analytics. These include Clerk for authentication, Stripe for billing, PostHog for consented browser analytics and server-side AI observability, Axiom for logging and web vitals, OpenAI, Groq, and Vercel AI Gateway for AI processing, Amazon Web Services including S3 and Lambda, Remotion infrastructure for video rendering, TikTok for TikTok Direct Post, Google and YouTube API Services for YouTube account connection and uploads, and other hosting, storage, delivery, monitoring, and support providers.
We may disclose information if required by law, to protect rights and safety, to investigate abuse, or as part of a merger, acquisition, financing, or sale of assets, subject to appropriate protections.
Connected Accounts and Social Publishing
Social publishing is optional. When you connect TikTok, Clipstrike asks for the user.info.basic and video.publish scopes so we can identify the connected creator account, show TikTok creator options, and publish a video only after you review the metadata and give explicit consent to send the video to TikTok. When you connect YouTube, Clipstrike asks for openid, profile, https://www.googleapis.com/auth/youtube.upload, and https://www.googleapis.com/auth/youtube.readonly so we can identify the connected Google account, upload videos to YouTube, and read upload status for videos published through Clipstrike.
When you publish, Clipstrike sends the rendered clip file and the post settings you reviewed or edited, such as title, description, hashtags, captions, privacy or visibility, disclosures, audience selections, and platform-specific options. Clipstrike may store provider responses, status, IDs, URLs, and errors to show publish progress, support retries, resolve disputes, troubleshoot failures, and maintain security and business records.
Clipstrike uses YouTube API Services. Your use of YouTube-powered features is also subject to the YouTube Terms of Service and the YouTube API Services Terms of Service. Google explains its own privacy practices in the Google Privacy Policy. You can revoke Clipstrike's Google access from the Google security permissions page. Clipstrike's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
TikTok Direct Post requires user-provided metadata and explicit consent before the video is sent to TikTok. Clipstrike uses TikTok creator information to display the privacy, caption, disclosure, and account options required for publishing. TikTok may restrict content, account capabilities, visibility, or publishing availability under its own rules and review processes.
YouTube and Third-Party Content
Clipstrike processes YouTube URLs and related metadata you provide. Your use of YouTube content remains subject to YouTube terms, developer policies, platform rules, and applicable copyright and publicity laws. Do not submit content unless you own it or have the rights and permissions required to process it.
Cookies and Consent
We use necessary cookies for authentication, preferences, billing flows, security, fraud prevention, and service operation. Analytics cookies and similar browser storage are optional and are used only after opt-in. You can reject analytics or manage your choice in the cookie banner.
International Transfers
Clipstrike and its providers, including social platforms and cloud, AI, analytics, payment, authentication, logging, storage, rendering, and support providers, may process data in Brazil, the United States, Europe, and other countries where they operate. Where required, we use contractual, organizational, and technical safeguards for cross-border transfers.
Retention and Deletion
We retain data while your account or projects remain active and as needed for the purposes described in this policy. We delete or de-identify data after account or project deletion or a valid deletion request, unless retention is needed for legal obligations, billing, dispute resolution, security, fraud prevention, backups, or legitimate business records.
Generated media and public links may be accessible to anyone with the URL until deleted, expired, or access is otherwise restricted. Avoid sharing generated links with people who should not access the media.
If you disconnect a social account, Clipstrike clears locally stored OAuth tokens and hides the account from connected-account views. Publish history, revoked account records, provider IDs, provider status data, and related records may remain where needed for security, debugging, retries, billing, records, disputes, legal obligations, or abuse prevention. Provider-side access and already-published posts may also need to be managed in the relevant TikTok, Google, or YouTube account settings.
Security
We use reasonable administrative, technical, and organizational safeguards designed to protect data, including access controls, provider security controls, logging, and secure transport where available. No internet service can guarantee perfect security.
Children
Clipstrike is not directed to children. You must be at least 18 to use the service. We do not knowingly collect personal data from children under 13 or from anyone where parental consent would be required by applicable law.
Your Rights
Depending on where you live, you may have rights to access, confirm processing, correct, delete, anonymize, restrict, port, or receive a copy of your data; object to processing; withdraw consent; opt out of certain sharing, sales, profiling, or targeted advertising; and lodge complaints with a data protection authority.
Our legal bases may include performing our contract with you, your consent for optional cookies and connected-account authorization, compliance with legal obligations, and legitimate interests such as security, fraud prevention, service reliability, support, product improvement, and recordkeeping. You can withdraw consent where processing is based on consent, but withdrawal does not affect earlier lawful processing.
We honor non-waivable rights under the LGPD, GDPR, CCPA/CPRA, and other applicable privacy and consumer laws. To exercise rights, contact contato@clipstrike.app. We may need to verify your identity before completing a request.
Changes
We may update this policy as Clipstrike changes. The updated version will be posted here with a new last updated date. If changes are material, we will provide additional notice where required.