ClipSurge
Privacy Policy
What ClipSurge collects, and what we do with it.
Last updated
ClipSurge is operated by ClipSurge LLC (a Michigan single-member LLC). This policy describes what information ClipSurge collects when you use the service at clipsurge.app and app.clipsurge.app, how that information is stored, who it's shared with, and the rights you have to access or delete it.
What we collect
- Email address. Required for magic-link sign-in; collected when you sign up via Supabase Auth.
- Stripe customer record. Stripe creates a customer ID and stores payment information on their side. We never see your card number or bank details.
- Uploaded source assets. Video clips, image overlays, and text you upload as inputs for rendering, stored in Cloudflare R2.
- Rendered output files. The MP4 files ClipSurge produces from your inputs, stored in Cloudflare R2 until you delete them.
- Brand kit information. Product description, audience description, brand voice notes, logo upload, color tokens, font choices. Stored in our Supabase Postgres database.
- Discord user ID (optional). If you link your Discord to ClipSurge for role sync, we store only the numeric Discord user ID. Discord does not expose your email or username to integrations.
- Social account connections (optional). If you connect social accounts for auto-publish, we store the account identifiers needed to route posts through our publishing provider (Post for Me). The platform OAuth tokens are held by the provider, not in our database. Disconnecting an account in Settings → Connections removes the link.
- Render usage counters. The number of renders you've consumed and per-batch timestamps, used to enforce credit caps. We do not log the contents of your renders.
What we don't collect
- Card numbers, bank account numbers, or any direct payment instruments (Stripe holds these; we hold the customer ID only).
- Plaintext API keys for any third-party service you connect.
- Voice prints, facial biometrics, or any derived identifier from the video content you upload.
- Geolocation data, device fingerprints, advertising IDs, or any cross-site tracking signals.
Third-party processors
ClipSurge uses the following vendors to operate the service. Each is a separate company governed by its own privacy policy.
| Vendor | What they do for ClipSurge | Region | Their policy |
|---|---|---|---|
| Supabase | Postgres database and magic-link auth | US / EU regional | Policy |
| Cloudflare | Workers compute, R2 object storage, Pages hosting, Inngest infrastructure | Global edge | Policy |
| Stripe | Payment processing (subscriptions, one-time, Lifetime) | Global | Policy |
| Anthropic | Claude API for AI hook copy generation | US | Policy |
| Resend | Transactional email delivery (magic links, receipts, batch-done notifications) | US | Policy |
| Google Cloud Run | Video rendering compute | US | Policy |
| Post for Me | Auto-publish infrastructure — posts renders to the social accounts you connect (included on every plan) | US | Policy |
| Discord | Community server, optional account linking for role sync | US | Policy |
| whisper.cpp | Caption transcription (runs inside our Cloud Run worker; no external API call) | n/a (on our compute) | n/a (local library) |
AI / ML training disclosure
ClipSurge does not train any AI or ML model on user-uploaded content, rendered outputs, or account-derived data.
Anthropic's Claude API processes brand-kit context strings to generate hook suggestions on demand. Per Anthropic's API terms, prompts and outputs from API customers are not used to train Anthropic's models. We do not use your content for training of our own; we do not have any internal models trained on user data.
Data retention
- Source clips. Retained until you delete them. No automatic expiry.
- Rendered outputs. Retained until you delete them. No automatic expiry.
- Batch ZIP archives. Auto-deleted 14 days after creation. You can regenerate any batch ZIP on demand at no credit cost.
- Account data. Email, profile, billing history, and render history are retained until you request account deletion.
- Audit logs (admin actions). Retained for 7 years for tax and compliance recordkeeping.
- Inngest function execution logs. Retained 30 days by Inngest under their own policy; we do not export or back these up.
Your rights
Regardless of where you live, you have the following rights regarding your data on ClipSurge:
- Access. Email
hello@clipsurge.appto request an export of all data we hold about you. We respond within 5 business days and deliver within 30 days. - Deletion. Email
hello@clipsurge.appto request account deletion. We confirm within 5 business days and complete deletion within 30 days. Some audit logs are retained per the schedule above; everything else is removed. - Correction. Edit your account profile and brand kit fields directly in Settings. For fields not editable in the UI (such as the email address tied to billing), email us.
- Portability. On request we provide a structured export: render history and brand kits as JSON, raw source files and outputs as MP4 / PNG / JPG. Standard formats only; no proprietary blobs.
- Marketing opt-out. Every product-marketing email includes an unsubscribe link. Transactional emails (magic links, receipts, batch-done notifications) cannot be opted out without disabling the account.
If you're in the EU, UK, or California, additional rights may apply under the GDPR, UK GDPR, or CCPA respectively. The rights above are how we operationalize them. If you believe we haven't responded appropriately to a rights request, you may contact your local data-protection authority.
Cookies and local storage
- Session cookie. A Supabase Auth session cookie keeps you signed in. Required for the authed app to function.
- OAuth state cookies. Short-lived (≤10 min) cookies used during Discord and social-account connection flows to prevent CSRF.
- localStorage. UI preferences (collapsed sections, view mode, last-used aspect ratio) stored in your browser only. Never personally identifying, never read by anyone but the app on your device.
No third-party advertising cookies. No cross-site analytics cookies on the authed app. The marketing site at clipsurge.app sets a first-party analytics cookie; if you set Do Not Track or Global Privacy Control, we honor it.
Children's privacy
ClipSurge is not intended for users under 16. We do not knowingly collect data from minors. If you believe a minor has signed up, email hello@clipsurge.app and we will delete the account.
Changes to this policy
If we materially change how data is handled, we will update this page and announce the change via email to all active accounts at least 14 days before the effective date. The "last updated" date at the top of this page always reflects the most recent revision.
Contact
- Email:
hello@clipsurge.app - Mailing: 4187 Pleasant Dr, Attica, MI 48412
ClipSurge is operated by ClipSurge LLC.