Privacy Policy

Last updated: 2026-05-29

1. Overview

G-Clips ("we", "the Service") respects your privacy. This policy explains what data we collect, why we collect it, and how you can control it.

2. Data We Collect

  • Account data: email address, display name, hashed password (when you register with email) or OAuth identity (when you sign in with Twitch).
  • Third-party OAuth tokens: when you connect YouTube, TikTok or Instagram, we store the access token and refresh token necessary to upload videos on your behalf. Tokens are encrypted at rest (Fernet / AES-128 + HMAC-SHA256).
  • Content you upload or import: source videos, images, and the rendered output of your clips. Stored only as long as needed to render and serve your clip (currently up to 7 days for finished renders).
  • Operational metadata: render job status, timestamps, error logs and publish history (which clip you sent to which platform).
  • Basic platform profile data: when you connect a publishing platform we may store your public username, display name and channel ID so the UI can show which account is connected.

3. How We Use Data

  • To provide and operate the Service (authentication, rendering, publishing).
  • To upload videos to the third-party platforms you explicitly connect, using only the scopes you approved.
  • To send transactional emails (email verification, password reset).
  • To debug failures and improve reliability.
We do not sell your data or share it with advertisers.

4. Third-Party Services

G-Clips integrates with the following third parties on your explicit instruction. Each has its own privacy policy that also applies:
  • Twitch (login + clip import)
  • YouTube / Google (video publishing)
  • TikTok (video publishing)
  • Instagram / Meta (video publishing)
  • OpenAI (Whisper API, for caption transcription)
  • Resend (transactional email delivery)
  • Amazon S3 / Cloudflare R2 (storage of media)

5. Data Retention

Rendered output videos are automatically deleted after 7 days. Account data and OAuth tokens are kept until you delete your account or disconnect the provider. Logs are kept for a maximum of 30 days for debugging purposes.

6. Your Rights

You can: (a) view your data via the app, (b) disconnect any third-party platform from the Settings page, which revokes our stored tokens, (c) request account deletion by emailingsupport@gclips.app. We delete your account data within 30 days of receiving a valid request.

7. Security

Passwords are hashed with bcrypt. OAuth tokens are encrypted at rest. Transport uses TLS. We follow standard security practices but no system is 100% secure — please notify us if you discover a vulnerability.

8. Children

The Service is not directed at children under 13 (or the higher age of digital consent in your country). We do not knowingly collect data from children.

9. Changes

We may update this policy. Material changes will be announced in-app or by email. Continued use of the Service constitutes acceptance of the new policy.

10. Contact

Questions: support@gclips.app.