Legal
Last updated: April 2026
Klipr ("we", "us", "our") is a company incorporated in Italy and operates klipr.pro, an AI-powered video clipping and social media publishing platform. As a data controller established in the EU, we are subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This Privacy Policy explains what personal data we collect, why we collect it, how we store and protect it, and your rights regarding it. If you have questions, contact us at support@klipr.pro.
We process your personal data on the following legal bases: (a) Contract — processing necessary to provide the Service you signed up for (account management, video processing, publishing); (b) Legitimate interests — aggregate analytics to improve the product, fraud prevention, and security; (c) Legal obligation — retention of billing records as required by Italian and EU law; (d) Consent — where you have explicitly connected a social media account or opted into communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Account data: your email address, display name, and hashed password. Profile data: your workspace name and logo. Video content: video files you upload and URLs you provide (YouTube, Twitch, Rumble, Kick, Google Drive links). AI-generated content: clip files, thumbnails, titles, descriptions, hashtags, captions, and virality scores produced from your videos. Social media connections: OAuth access and refresh tokens, platform usernames, account IDs, and display names for platforms you connect (TikTok, Instagram, YouTube, Threads, X). Post history: records of clips published or scheduled to connected platforms, including post status and platform URLs. Billing data: subscription plan and payment status managed via Stripe (we do not store card numbers). Usage data: pages visited, features used, errors encountered, and timestamps — used to improve the product. Communications: emails you send to our support address.
To operate the Service: process your videos, generate clips, and publish or schedule posts to your connected social media accounts. To provide your account: authenticate you, manage your workspaces and billing, and send transactional emails (receipts, password resets, connection confirmations). To run the AI agent: your video is temporarily downloaded into an isolated sandbox environment (E2B) where it is processed by an AI system powered by Anthropic's Claude model. The video data in the sandbox is deleted when the job completes. To improve Klipr: aggregate, anonymised usage analytics help us understand which features are most valuable. We do not use your videos or generated clips to train any AI model — neither ours nor any third party's. To manage the affiliate programme: track referrals and calculate commissions. To comply with legal obligations: retain billing and financial records as required by Italian law (up to 10 years under D.P.R. 600/1973 and D.P.R. 633/1972).
When you connect a social media account, we receive an OAuth access token and (where issued) a refresh token from that platform. These credentials are encrypted using AES-256-GCM via Supabase Vault — keys are managed by Supabase and are never accessible to application code in plaintext. Tokens are used exclusively to publish or schedule content on your explicit instruction and are never shared with third parties or used for any other purpose. You can revoke a connection at any time from your integrations settings, which deletes the stored tokens immediately. You may also revoke access directly from each platform's own security settings.
Videos you upload and clips generated by the AI are stored in Supabase Storage (object storage hosted on AWS). Storage is partitioned per workspace and accessible only to authenticated users who own that workspace. When you delete a clip, video, or your account, the corresponding files are removed from storage within 30 days. We do not use your video content for any purpose other than generating your clips and thumbnails.
Supabase — database, authentication, object storage, and encrypted secret vault. Hosted on AWS in the EU/US. Anthropic — Claude AI model used for video analysis and metadata generation. Your video content (temporarily) and text prompts are sent to Anthropic's API solely to process your job. Anthropic's API data retention policy applies; we have configured API calls with zero data retention where available. E2B — sandboxed cloud execution environment used to run ffmpeg and yt-dlp during video processing. Sandboxes are ephemeral and destroyed after each job. Redis (self-hosted BullMQ) — background job queue running on our own infrastructure. Job metadata (video ID, workspace ID, status) is processed internally and is not shared with any third party. Stripe — subscription billing and payment processing. Stripe's privacy policy governs all payment data. We do not share data with any advertising networks, data brokers, or other third parties not listed here.
We use essential session cookies to keep you authenticated (set by Supabase Auth). We do not use tracking, advertising, or analytics cookies. We store a small number of non-sensitive preference flags in your browser's local storage (e.g. whether you have a workspace) to speed up page loads. No cookie consent banner is shown because we only set strictly necessary cookies, which are exempt from consent requirements under the ePrivacy Directive and Italian D.Lgs. 69/2012.
Account data is retained for as long as your account is active. Deleted account data is removed within 30 days. OAuth tokens are deleted immediately when you disconnect a platform or delete your account. Video and clip files are deleted within 30 days of you deleting them or your account. Aggregate, anonymised usage analytics may be retained indefinitely as they cannot be linked back to individuals. Billing and invoice records are retained for up to 10 years as required by Italian tax law.
All data is transmitted over TLS 1.2+ (HTTPS). OAuth tokens and sensitive credentials are encrypted at rest using AES-256-GCM via Supabase Vault. Passwords are hashed using bcrypt with a per-user salt. Production database and infrastructure access is restricted to authorised personnel only, protected by IP allowlisting and strong authentication. API endpoints are protected by per-IP rate limiting. We conduct periodic security reviews. If you believe you have found a security vulnerability, please contact support@klipr.pro with details and we will respond within 48 hours.
Klipr is incorporated in Italy and subject to GDPR. Your data may be processed in the United States by our infrastructure providers (Supabase, AWS, Anthropic, E2B, Stripe). All such transfers are governed by the EU Standard Contractual Clauses (SCCs) or adequacy decisions where applicable, ensuring your data receives the same level of protection it would in the EU.
As a data subject under GDPR you have the following rights: (a) Right of access — request a copy of the personal data we hold about you; (b) Right to rectification — request correction of inaccurate or incomplete data; (c) Right to erasure ("right to be forgotten") — request deletion of your personal data where there is no overriding legal basis for retention; (d) Right to restriction of processing — request that we limit how we use your data in certain circumstances; (e) Right to data portability — receive your data in a structured, machine-readable format; (f) Right to object — object to processing based on legitimate interests; (g) Right not to be subject to automated decision-making — we do not make legally significant automated decisions about you. To exercise any of these rights, email support@klipr.pro. We will respond within 30 days. You also have the right to lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali (www.garanteprivacy.it).
If you are a California resident, you have the right to know what personal information we collect and how it is used, the right to delete your personal information, and the right to opt out of the sale of personal information. Klipr does not sell personal information to third parties. To exercise your CCPA rights, email support@klipr.pro.
Klipr is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact support@klipr.pro and we will delete it promptly.
We may update this policy as our product and legal obligations evolve. We will notify you of significant changes by email at least 14 days before they take effect. The "last updated" date at the top reflects the most recent revision. Continued use of Klipr after changes take effect constitutes acceptance. If you do not accept the updated policy, you must stop using the Service and may delete your account.
Data controller: Klipr, incorporated in Italy. Privacy questions, data subject requests, or complaints: support@klipr.pro. We aim to respond within 48 hours for general enquiries and within 30 days for formal data subject requests.