Legal
Privacy Policy
Last updated: July 4, 2026
This policy explains what personal data Klipsy collects, why we collect it, and the choices you have. It applies to the Klipsy website and app. In short: we collect what we need to run content automations on your behalf, we don't sell your data, and you can disconnect platforms or delete your account at any time.
1. What we collect
- Account data — your name, email address and password hash when you sign up.
- Content you provide — media, scripts, voice tracks and settings you add to templates and automations.
- Platform data — access tokens for connected TikTok, YouTube and Instagram accounts, plus the profile and metrics data described in section 3.
- Usage data — logs of automation runs, publish attempts and errors, and basic device/browser information for security.
- Billing data — plan and invoice records. Card details are handled by our payment processor and never touch our servers.
2. How we use it
We use your data to operate the service: generating and rendering posts — video, image and text, publishing them to platforms you selected, reporting metrics, billing, support, and keeping the service secure. We also use aggregated, non-identifying usage data to improve templates and reliability. We do not sell personal data, and we do not use your private content or connected-account data to train AI models.
3. Platform tokens & data
When you connect a TikTok, YouTube or Instagram account, the platform gives us an access token scoped to the permissions you approved. We use it only to publish content you scheduled and to read engagement metrics for your dashboard.
- Tokens are encrypted at rest and never shown to other users or third parties.
- Disconnecting a platform in settings revokes the token; we then delete it from our systems within 24 hours.
- Data obtained from Google APIs (YouTube) is handled per the Google API Services User Data Policy, including its Limited Use requirements. Data from TikTok and Meta APIs is handled per their respective developer policies.
- You can also revoke access from the platform's own security settings at any time.
4. Analytics & retention
Engagement metrics (views, likes, comments and similar counts) are refreshed from platform APIs and retained while the connected account remains linked, so your dashboard can show trends over time. Automation run logs are kept for 90 days. Generated posts are stored until you delete them or your account closes; after account deletion we remove personal data within 30 days, except records we must keep for tax or legal reasons.
5. Cookies & analytics
The marketing site uses Google Analytics (via Firebase) to understand aggregate usage — pages viewed, buttons clicked and how far visitors scroll. This sets Google Analytics cookies (_ga and related) that identify a browser, not a person; we do not send names or email addresses to Google Analytics, and we do not use advertising cookies. See Google's privacy policy for how Google processes this data. You can block these cookies in your browser or with an ad blocker without breaking the site.
The app itself uses strictly necessary cookies only: a session cookie to keep you signed in and a CSRF token to protect forms. Blocking those will prevent login.
6. Sharing
We share data only with processors that help us run the service — cloud hosting, video rendering, email delivery and payments — under contracts limiting them to our instructions, and with the platforms you explicitly connect. We may disclose data if required by law, and we will tell you when legally allowed.
7. Security
All traffic is encrypted in transit (TLS) and stored data is encrypted at rest. Platform tokens carry additional application-layer encryption. Access to production systems is limited to engineers who need it and is logged. No system is perfectly secure; if a breach affects your data we will notify you and the relevant authority without undue delay.
8. Your rights (GDPR)
If you are in the EEA, UK or a jurisdiction with similar rules, you can ask us to access, correct, export, restrict or delete your personal data, and you may object to processing based on legitimate interests. Write to the address in section 11 and we will respond within 30 days. You may also complain to your local supervisory authority. Our legal bases are contract performance (running your automations), legitimate interests (security, service improvement) and consent where we ask for it.
9. Children
Klipsy is not directed at children and may not be used by anyone under 18. We do not knowingly collect data from children; if you believe a child has created an account, contact us and we will delete it.
10. Changes
We will update this policy as the service or the law changes. Material changes are announced by email or in-app at least 14 days in advance, and the "Last updated" date above always reflects the current version.
11. Contact
Privacy questions and rights requests: privacy@theklipsy.com.