Draft: not legal advice
This document is a product-specific draft and not legal advice. It must be reviewed and adapted by a qualified lawyer before launch. Do not rely on it as-is.
Privacy Policy
How Clipwick collects, uses, and protects personal data, and the rights you have under the EU General Data Protection Regulation (GDPR).
Last updated: 6 July 2026
1. Who we are (controller)
Clipwick is the data controller for personal data processed to provide the Service. The operating legal entity and its contact and Data Protection Officer details will be finalised on legal review and published here.
2. Data we process
- Account data: your name, email, authentication identifiers, and organisation/account membership.
- Content data: topics and brand settings you submit, and the videos, scripts, captions, and voiceovers generated from them.
- Connected-platform data: OAuth tokens and account handles for the social accounts you connect for posting (held via our posting aggregator; we do not receive your platform passwords).
- Billing data: subscription and payment status. Card details are handled directly by Stripe; we do not store full card numbers.
- Usage & analytics data: privacy-friendly product analytics (see our Cookie Policy).
3. How and why we use it (legal bases)
- To provide the Service, that is, to generate, store, and publish your content, on the basis of performing our contract with you.
- To process payments and prevent fraud, on the basis of contract and our legitimate interests.
- To secure and improve the Service and understand aggregate usage, on the basis of our legitimate interests, using privacy-friendly analytics.
- To comply with law, including AI-content transparency and tax obligations.
4. Processors and sub-processors
We share personal data only with vendors that process it on our behalf under data-processing agreements. Our key processors are:
- Stripe: payment processing, billing, and tax calculation.
- Upload-Post (posting aggregator): securely holds your platform connections and transmits approved posts to TikTok, YouTube, and Instagram.
- LLM / AI generation providers: used to draft scripts and captions and to synthesise voiceovers from the topics you submit.
- Privacy-friendly analytics: Plausible (cookieless) and/or self-hosted PostHog for product usage insight.
- Email delivery: to send sign-in links and service notices.
A current list of sub-processors is available on request and will be maintained here before launch.
5. Hosting and international transfers
The Service and its rendering infrastructure are hosted in the European Union. Where a processor is located outside the EEA, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses. Because we run generation on our own EU-based hardware, your content is not sent to a metered third-party rendering API.
6. Retention
We keep personal data for as long as your account is active and as needed to provide the Service, then delete or anonymise it within a reasonable period, subject to legal retention requirements (for example, tax records). Generated content is retained so it remains available in your library until you or we delete it.
7. Your rights (GDPR)
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erasure: request deletion of your data (“right to be forgotten”).
- Data portability: receive an export of your data in a machine-readable format.
- Restrict or object to certain processing, and withdraw consent where processing is based on consent.
- Lodge a complaint with your local data protection authority.
You can export or delete your account data from your settings, or by contacting us; we action verified requests within the statutory timeframe.
8. Data Processing Agreement
If you use Clipwick in the course of business and act as a controller for end-user data, a Data Processing Agreement (DPA) is available on request and incorporates the standard sub-processor and security terms referenced above.
9. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and secret management (platform tokens and API keys are never exposed to the browser). No system is perfectly secure; we will notify you and the relevant authority of a qualifying personal-data breach as required by law.
10. Changes
We may update this policy; material changes will be notified in-product or by email. The “last updated” date above reflects the current version.
Questions about this document? Contact us before relying on any part of it, and remember a lawyer must review these terms before Clipwick launches.