ClipTrack - Social Media Management & Scheduling Tool

1. Who We Are (Data Controller)

ClipTrack Solutions (“ClipTrack”, “we”, or “us”) is the organization providing the Service and is the “data controller” of your personal data processed in connection with the Service. ClipTrack Solutions is a company registered in Italy. For the purposes of GDPR and applicable data protection laws, the data controller can be contacted at: Company: ClipTrack Solutions (Italy) Email: privacy@cliptracksolutions.com Mailing Address: [Insert Company Address, Italy] (We will update this with our registered business address.) If we appoint a Data Protection Officer (DPO) or local EU representative, we will provide their contact details here. Currently, you can use the contact information above for any privacy-related queries or requests.

2. What Data We Collect

We only collect data that is necessary to provide and improve our Service to you. This data falls into several categories: 2.1. Account and Contact Information: When you register for ClipTrack, we collect basic information to set up your account. This includes: Identifying Information: Your name (if provided), username, email address, and password (stored in hashed form). Profile Information: If you choose to provide it, we may also store a profile picture or other optional profile details. (Providing real name or additional info is optional unless needed for a paid service). Age Confirmation: We may ask for your birth date or a confirmation that you are over 16, to comply with age restrictions (but we do not intentionally collect precise age or birthdate unless necessary for verification). Payment Information: If you subscribe to a paid plan, we will collect information necessary for billing, such as your billing name and address. However, credit card numbers or payment account details are not collected by us directly – those are handled by Stripe (see Third-Party Services below). We may store a transaction ID or subscription status from Stripe, but not your sensitive payment details. 2.2. Content and Usage Data: To provide our Service, we collect data that you input or that is generated through your use of ClipTrack. This includes: TikTok Account Data (if you integrate): If you connect ClipTrack to your TikTok account via the TikTok API, we will receive certain information from TikTok. This typically includes your TikTok username/handle, your TikTok user ID, profile information (like profile picture, bio, follower count), and data about your TikTok content (such as video IDs, titles, view counts, likes, comments, shares, etc.), as permitted by TikTok’s API and your authorization. We only retrieve data that you authorize us to access. For example, when you log in with TikTok, TikTok will ask you to grant specific permissions (like “read your profile info and videos”). We use that data to provide analytics back to you. User Content: Any content you manually upload or input into ClipTrack aside from TikTok (if applicable). For instance, if our Service allows you to upload a video file or type notes, we will collect that content. Similarly, if you provide feedback or participate in a forum or comment feature on ClipTrack (if offered), we collect whatever information you submit. Analytics Results: After processing your data (for example, analyzing your video performance), our system produces analytics or reports. Those results are stored in our database (Supabase) associated with your account, so that you can view your analytics dashboard. While these results are derived from your content and TikTok data, we consider them part of your personal data profile since they are about your account’s performance. Usage Information: We collect information about how you use the Service. This includes: Log Data: When you use ClipTrack, our servers automatically record certain information in log files. This may include your IP address, device type, browser type, the pages or features you used, the time and date of use, and error logs or crash reports. We use IP addresses and device information to maintain security (such as preventing fraudulent or unauthorized access) and to optimize our Service for different devices and regions. Cookies and Similar Tech: We use cookies (small text files stored on your device) and similar tracking technologies (like local storage or pixels) to collect usage data and improve your experience. See Section 6 (“Cookies and Tracking”) below for details. Preference Data: Any preferences you set within the app (e.g., language choice, notification settings) are stored so that the app remembers them for you. Communication Data: If you communicate with us (for example, via support email or chat), we will collect and retain that correspondence and your contact details to address your inquiry and improve our support processes. 2.3. Sensitive Personal Data: We do not intentionally collect any sensitive personal data about you, unless you choose to provide it. “Sensitive data” includes things like racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or information about your sex life or sexual orientation. We kindly ask you not to send us any sensitive personal data through the Service or support channels. ClipTrack’s purpose is to analyze social media content performance, so we have no need for sensitive data. If you include sensitive personal information in content you upload (for example, if your profile or videos reveal health or religious information), that is incidental and not requested by ClipTrack. We will treat any such data that is collected inadvertently with special care and delete it if not needed. 2.4. Children’s Data: As noted, our Service is not intended for children under 16. We do not knowingly collect personal data from anyone under the age of 16. If we learn that we have inadvertently collected personal information from a child under 16 without proper consent, we will delete it. If you believe a child under 16 has provided us with personal data, please contact us so we can take appropriate action.

3. How We Use Your Data (Purposes and Legal Bases)

We use the collected data for the following purposes, and we rely on specific legal justifications (lawful bases) under GDPR for each: 3.1. To Provide and Operate the Service: Account Management: We use your registration data to create and maintain your account, authenticate you when you log in, and provide you with the features of ClipTrack. (Legal basis: Performance of a contract – we process your data as necessary to provide the service you signed up for.) Analytics and Core Features: We process the content and TikTok data you provide to generate analytics, reports, and insights for you. For example, we’ll take your TikTok video statistics and run calculations to show trends or recommendations. We display this information back to you in your dashboard. (Legal basis: Performance of our contract to provide you with the analytics service you requested. In GDPR terms, this is usually covered under “necessary for the performance of a contract” with you.) Functionality and User Experience: We use data like your preferences, cookies, or device info to ensure the Service works properly on your device, to remember your settings, and to personalize your experience (such as remembering your last viewed report). (Legal basis: Legitimate interests – it’s in our interest and usually expected by you that a service remembers your settings and optimizes performance. Where required by law (e.g., non-essential cookies), we will ask for consent.) 3.2. Communication: Service Communications: We use your email and/or in-app notifications to send essential information about the Service. This includes sending verification emails, password reset emails, subscription confirmations, billing receipts, updates about important changes to the Service, and support responses if you contacted us. (Legal basis: Performance of contract and Legitimate interests – we have a legitimate interest in keeping you informed about issues related to the Service you are using. These communications are necessary for the Service.) Customer Support: If you reach out with a question or issue, we will use your contact information and the details of your request to respond and help you. We might ask for additional information (like screenshots or logs) to troubleshoot. (Legal basis: Legitimate interests – addressing user questions and ensuring customer satisfaction is in both your and our interest; also performance of contract to assist you in using the service.) Marketing Communications: We may use your email to send newsletters or promotional content about new features, tips, or offers, only if you have opted in or if we have another lawful basis (e.g., if you are an existing customer in a jurisdiction where it’s allowed to send you information about similar services, under the “soft opt-in” rule). You can always opt out of marketing – see Section 8. (Legal basis: Consent – when required, we will only send marketing with your consent. In some cases, legitimate interest might apply for existing customers, but we will always honor opt-out requests.) 3.3. Payments and Transactions: If you have a paid subscription, we use your data to manage billing. For example, we will remind you of upcoming renewal dates, process your subscription through Stripe, and handle invoicing. We might also use your address or VAT number (if provided) for tax calculations if required. (Legal basis: Performance of contract – we need to process payments to fulfill our service agreement. Also, legal obligation – to comply with tax and accounting laws.) 3.4. Improve and Develop the Service: Analytics and Research: We may use aggregated usage data to understand how users interact with ClipTrack. For example, we might analyze which features are most popular or where users encounter errors. This helps us improve functionality and user experience. Whenever feasible, we will use this data in an anonymized or aggregated form that does not identify you personally. (Legal basis: Legitimate interests – it’s in our interest to improve our product, and we take measures to protect your privacy in doing so, such as aggregation or pseudonymization.) Personalization: In the future, we may introduce features that tailor content to you (for example, suggesting the best time to post based on your past data). Such personalization uses your data to provide recommendations or automated decisions that benefit you. We will ensure any automated processing with significant effects is done in compliance with GDPR Article 22 (and typically with your consent or explicit opt-in, if it’s beyond what is necessary for the service). Currently, ClipTrack’s analysis is primarily user-driven and for informational insights, not automated decisions that affect your legal rights. 3.5. Security and Abuse Prevention: We use certain data to keep ClipTrack and its users safe and secure. This includes: Monitoring login locations and IP addresses to detect suspicious logins or potential account misuse. Using cookies or device identifiers to prevent fraudulent use of the Service (for example, to prevent someone from brute-forcing passwords or creating many spam accounts). Analyzing logs for unusual patterns that might indicate hacking attempts or Denial-of-Service attacks. Enforcing our Terms of Service (e.g., if needed, using data to investigate misuse or inform decisions to suspend accounts that violate rules). (Legal basis: Legitimate interests – we have a legitimate interest in protecting our Service and users from security threats and abuse. In some cases, we may also have a legal obligation to ensure the security of personal data (GDPR Art. 32).) 3.6. Legal Compliance: We may need to process and retain personal data to comply with our legal obligations. For example: Keeping transaction records for accounting and tax compliance. Responding to valid legal requests such as court orders or law enforcement inquiries (we will only share the data required by law, and we’ll notify you of such requests when permissible). Storing opt-out preferences to comply with laws like GDPR or CAN-SPAM (e.g., to ensure we don’t email you if you’ve opted out). 3.7. Other Purposes (with Notice/Consent): If we intend to use your data for a purpose that is not covered by the above, we will update this Privacy Policy and/or ask for your consent as required by law. We do not engage in selling personal data or using data for third-party advertising purposes. If that ever changes, we will obtain your explicit consent where required.

4. How We Share Your Data (Recipients)

ClipTrack is not in the business of selling or renting your personal information. We share data only in the ways described below, and only with parties who have a need to receive it for the stated purpose, under appropriate confidentiality and security measures: 4.1. Service Providers (Processors): We use trusted third-party companies to help us operate and improve the Service. These providers process data on our behalf under strict instructions and are bound by data protection agreements. Key service providers include: Supabase: as mentioned, Supabase (Supabase, Inc.) hosts our PostgreSQL database and possibly authentication services. Personal data (account info, analytics data, etc.) is stored on Supabase servers in the US-East region (USA). Supabase may also have servers or backups in other locations (e.g., they note possibility of processing on servers in the USA and Singapore for certain services DATAPODS.APP ). We have a Data Processing Agreement (DPA) with Supabase to ensure GDPR compliance. Supabase is obligated to process personal data in compliance with GDPR and to uphold equivalent standards with any sub-processors DATAPODS.APP . They implement security measures like encryption at rest and are SOC2 certified DATAPODS.APP . (See Supabase’s privacy policy for more details on their practices.) Amazon Web Services (AWS): We use AWS (via Amazon.com, Inc. and its affiliates) for cloud storage (S3) and possibly other infrastructure needs. For example, when we create a temporary copy of a video for processing, it may be stored on AWS S3 buckets. Our instances are typically hosted in the United States (e.g., AWS us-east or us-west region) or in the EU (if we opt for an EU region in the future). AWS acts as a data processor storing data on our behalf. AWS has robust security certifications and offers GDPR-compliant terms. We have agreements including standard contractual clauses in place if data is transferred out of the EU. Stripe: If you are on a paid plan, Stripe, Inc. (and its affiliated Stripe entities) will process payment transactions. Stripe will receive personal data necessary to process the payment, such as your name, card information, billing address, and purchase amount. Stripe is PCI-DSS compliant and will store your payment details (e.g., card token) for recurring billing. ClipTrack itself does not store your credit card number. Stripe acts as a “payment processor” and also as an independent controller for some data (for fraud prevention and regulatory compliance). Stripe’s Privacy Policy governs use of your payment data for their purposes. Email and Communication Tools: We may use an email service provider (ESP) or customer support platform to send emails and manage support tickets. For example, if we use a service like SendGrid, Mailchimp, or Gmail for transactional emails, your email address and name will pass through that service. If we use a support tool like Zendesk or Intercom for customer inquiries, your contact and correspondence with us will be stored on their servers. These providers would act as processors, only using your info to send communications on our behalf or organize support interactions. They typically have access only to the content needed (the email content, your address) and not to other ClipTrack data. We ensure that all our service providers are vetted for strong security and privacy practices and are bound by contracts that require them to protect your data. They cannot use your data for their own purposes unrelated to providing services to us. 4.2. Integration Partners: In the course of using the Service, you may explicitly direct us to share data with certain third parties. For example: TikTok: When you connect your TikTok account, you go through TikTok’s OAuth authorization. As part of this process, you allow TikTok to share certain data with ClipTrack (as described in Section 2.2). Conversely, ClipTrack might send certain information to TikTok’s API as part of requests – for instance, a request for your video data might include your TikTok user token and an identifier of the data we’re requesting. We do not send TikTok any more of your personal data than is necessary for these requests. Essentially, the data flow with TikTok is: you -> TikTok (auth) -> TikTok sends data to ClipTrack. We don’t provide TikTok with new info about you except confirming that you want to retrieve your data through our app. TikTok may log that your account used our application (for security and rate limiting), but they primarily act as a source of data rather than a recipient. That said, any use of TikTok’s API is subject to TikTok’s terms, and TikTok’s handling of data it sends or receives is covered by TikTok’s own privacy policy. We do not share your ClipTrack analytics or any non-TikTok data back to TikTok. Other Social Platforms: If in the future we integrate with other APIs (e.g., YouTube, Instagram), a similar pattern would apply. We will update our policy to reflect any new third-party integrations. 4.3. Within our Corporate Group: If ClipTrack Solutions in the future has any parent company, subsidiaries, joint ventures, or other companies under common control (“affiliates”), we may share your data with them as necessary to operate the Service (for example, if we set up a cloud service under an affiliate’s account). Any such entity will honor this Privacy Policy. (Currently, ClipTrack Solutions operates as a single company.) 4.4. Business Transfers: If ClipTrack Solutions is involved in a merger, acquisition, investment, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will ensure the confidentiality of any personal data involved in such transactions and provide notice before your personal data is transferred and becomes subject to a different privacy policy. For example, if another company acquires ClipTrack, we will notify you and ensure you have the chance to review the new terms or opt out if required. 4.5. Legal Disclosures: We may disclose your personal information to third parties (such as courts, law enforcement agencies, or regulators) if and when we believe in good faith that such disclosure is required to: Comply with a law, legal process, or lawful request (e.g., a subpoena, court order, or search warrant). If a government or authority requests your data, we will review the request carefully and only comply if it’s legally valid and necessary. Where allowed, we will inform you of such requests. Enforce our Terms of Service or other agreements, or investigate potential violations thereof. (For example, if necessary, we might share data with legal counsel or consultants to address a breach of contract or security incident.) Detect, prevent, or address fraud, security, or technical issues. (If you are engaged in malicious behavior that threatens our Service, we might share relevant logs or identifiers with security consultants or other platforms to mitigate threats.) Protect the rights, property, or safety of ClipTrack, our users, or the public, as required or permitted by law. (In an emergency, we might share information to prevent imminent harm, such as to investigate a credible threat to someone’s safety.) We will not hand out user information unless legally compelled or it’s absolutely necessary for the purposes above. We do not provide user data to law enforcement voluntarily or without scrutiny. 4.6. Aggregated or Anonymized Data: We may share aggregated, anonymized information publicly and with our partners. For example, we might publish blog posts or reports that include general usage statistics or trends (e.g., “Average engagement rate increased by X% this year for our users”). This information will not identify any individual or reveal any personal details. It is used to highlight trends or insights at a community level. Such data is not considered personal data under GDPR (as it no longer identifies individuals). 4.7. No Selling of Personal Data: We do not sell your personal data to third parties for their own marketing or commercial purposes. We also do not share your data with third parties for them to use in their own advertising networks. If in the future we consider participating in any program that involves selling personal data (for example, in jurisdictions like California under CCPA), we will inform you and provide opt-out mechanisms as required by law. As of now, we have no plans to do so. In summary, your data is mainly shared with service providers who help us run ClipTrack (under tight controls), with the social network APIs you connect (as needed and under your direction), and occasionally for legal or safety reasons. We do not otherwise share personal info with unrelated parties.

5. International Data Transfers

ClipTrack is based in Italy, but many of our systems and providers are located in other countries. In particular, your data will be stored and processed in the United States (due to our use of Supabase US-East and AWS US regions). This means personal data collected within the European Economic Area (EEA) or UK or other regions may be transferred to and processed in a country (the USA) that the European Commission or other authorities might consider as not providing the same level of data protection as your home country. We understand that international transfers of personal data are subject to strict rules under GDPR and similar laws. Therefore, we take the following measures to ensure your data is protected when transferred out of your country: Standard Contractual Clauses (SCCs): We have entered into Data Processing Agreements that include Standard Contractual Clauses (the EU-approved model clauses) with our service providers (like Supabase and any others outside the EU). These SCCs contractually obligate those providers to protect EU personal data to EU standards, even when the data is in the US or another third country. For example, Supabase’s DPA includes commitments for GDPR compliance and acknowledges that data may be processed on servers in the USA; they have agreed to adhere to GDPR requirements and ensure their sub-processors do the same DATAPODS.APP DATAPODS.APP . Similarly, AWS and Stripe include SCCs or rely on Binding Corporate Rules or other approved mechanisms for data transfers. Privacy Shield/Framework (if applicable): While the prior EU-U.S. Privacy Shield was invalidated, a new EU-U.S. Data Privacy Framework was adopted in 2023. As of our last update, Supabase is not certified under the EU-U.S. Data Privacy Framework DATAPODS.APP , and we’re not relying on that mechanism. Instead, we rely on SCCs. If any of our providers become certified or if other frameworks (like UK-U.S. or Swiss-U.S.) are in effect, we may rely on those as appropriate, but will still ensure SCCs or equivalent safeguards are in place. Additional Safeguards: We implement technical measures like encryption (in transit and at rest) to add extra protection to personal data. For instance, data in our database and backups is encrypted at rest; communications between our app, our servers, and third-party APIs are encrypted via HTTPS/TLS. Access to personal data is restricted (see Security section). These measures mitigate risks even if data is accessed from outside the EU. Transfers at Your Instruction: In some cases, the transfer of data internationally is inherently part of the service you request. For example, when we retrieve data from TikTok (which might have servers globally) and then display it to you, that data might cross borders. By using international features (like connecting a non-EU platform), you understand your data might be transferred to fulfill that request. We will treat and protect it the same way regardless of where it is processed. If you would like more information about our data transfer safeguards or want to obtain a copy of the relevant contractual clauses, you can contact us (see Contact Us section). We review our practices in light of any legal developments – for instance, if new guidelines from European Data Protection Board (EDPB) require additional measures for US transfers, we will adapt accordingly. Your Consent: By using our Service or providing us with your information, you consent to the transfer of your personal data to the United States (and any other country where our processors operate). We will always handle your information as described in this Privacy Policy, wherever it is processed.

6. Cookies and Tracking Technologies

What Are Cookies? Cookies are small text files stored on your device (computer, smartphone, etc.) by websites or apps that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Similar technologies include local storage, session storage, and pixels or web beacons. ClipTrack uses these technologies to ensure our Service functions correctly and to enhance your experience. How We Use Cookies: When you use the ClipTrack website or app, we (and authorized third-parties) may use the following types of cookies and tracking tools: Essential Cookies: These are necessary for the operation of the Service. For example, when you log in, we use a cookie or session storage to remember that you are authenticated as you navigate between pages. Essential cookies may also be used to remember your privacy preferences, maintain security (e.g., preventing cross-site request forgery), or provide basic features. Without these, certain services cannot be provided. These cookies do not require consent under most laws, but we still want you to know about them. Analytics Cookies: We might use our own internal analytics or a third-party analytics service to collect information about how users use our Service. This could include cookies or similar tech that collect info such as which pages are visited, for how long, which buttons are clicked, etc. We use this information in aggregate form to understand and improve user experience (for example, finding out if a new feature is being used or if certain pages cause confusion). Currently, we perform much of our analytics internally. If we use a third-party tool (like Google Analytics), we will configure it to anonymize IP addresses and not share data with unrelated parties. We will request your consent for analytics cookies where required. Functional Cookies: These remember choices you make to give you better functionality and personal features. For example, if you choose a language or theme, a cookie may save that preference. If we integrate with TikTok, we may use a cookie to remember that you’ve linked your TikTok account, so you don’t have to re-authorize each time (subject to security). These cookies improve your experience but are not strictly necessary. We may treat them similar to essential if they are required to provide the Service you requested, but in cases where they are truly optional, we’ll respect your preferences. Advertising Cookies: ClipTrack currently does not display third-party ads, so we do not use advertising cookies or trackers for third-party advertising. We also do not share your data with ad networks. If this ever changes, we will update this policy and obtain appropriate consent. Other Tracking Technologies: If we send marketing emails (to those who opted in), we may include a tiny invisible image (pixel) in the email that lets us know if you opened it or if you clicked on links. This helps us understand engagement with our communications. You can always opt out of marketing emails if you prefer not to be tracked in this way. On our site, we might use similar pixel tracking for conversion (e.g., to know if you successfully signed up after visiting our landing page). We will only use these in compliance with law and for our own product’s analytics. Cookie Consent: When you first visit our website from the EU or other regions with cookie regulations, you will see a cookie banner or notice. Except for essential cookies, we will not set cookies until you have given your consent via the banner. Our banner will allow you to accept all, reject non-essential, or customize your cookie preferences. By clicking “Accept” on the cookie banner, you are agreeing to our use of cookies as described. If you choose to “Reject” or close the banner, we will not set analytics or other non-essential cookies (but please note some minimal cookies might still be set for technical reasons, such as to remember that you opted out!). If you are using our mobile app, cookies per se may not be used, but equivalent technologies (like device storage) might store similar information. By using the app, you similarly consent to the storage of essential info on your device. For analytics or tracking in the app, we would present an opt-in (for example, via app settings or a prompt, especially for iOS users via AppTrackingTransparency if applicable). Managing Cookies: You have the right to control and manage your cookie settings: Browser Settings: Most web browsers allow you to refuse or accept cookies, and to delete existing cookies. You can usually find these settings in the Options or Preferences menu of your browser. Keep in mind, disabling cookies may affect the functionality of our Service. For example, if cookies are disabled, you might not be able to log in or the site may not remember your settings. Opt-Out Links: For certain third-party cookies (if we use Google Analytics, for instance), there are vendor-provided opt-out mechanisms. Google offers a browser add-on to opt out of Google Analytics tracking. If in future we use any advertising or social media cookies, we will provide info on how to opt out of those as well. Do Not Track (DNT): Some browsers have a “Do Not Track” feature that, when enabled, sends a signal to websites to request that your browsing not be tracked. Our Service currently does not respond differently to DNT signals, in part because there is not a consensus on what DNT means in practice. We treat all users in accordance with this Privacy Policy and, for non-essential tracking, will rely on the consent tools mentioned above. We will monitor developments around DNT and may update our approach if a standard emerges. Third-Party Websites and Cookies: If at any point we embed content from third-party sites (like a YouTube video or a TikTok widget) on our site, those third parties may set their own cookies. For example, clicking a TikTok “login” or “share” button might set cookies controlled by TikTok. Those cookies are not under our control and are governed by the third party’s own privacy/cookie policies. We will try to minimize this and will inform you when third-party integrations might involve third-party cookies. By continuing to use our site and Service, you agree to our use of cookies and similar technologies as described in this section. We aim to be transparent and give you control, so if you have any questions about our use of cookies, please contact us.

7. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. How long we keep data depends on the type of data and the purpose of processing it. Here are our general retention practices: Account Data: As long as you have an active account with ClipTrack, we will retain the personal information associated with your account (such as your profile info, content, and analytics results) so that we can provide the Service to you. Analytics Data: All the analytics and insight data we compute for you from your content is kept while your account is active, so you can see historical trends. If you delete a particular piece of content or disconnect your TikTok, we will remove or anonymize the associated analytics after a short reconciliation period (usually within a few days). Communications: If you contacted support or we sent you service emails, we may retain those communications (and our responses) for a certain period even after your account deletion, in case we need a record of what was communicated (for instance, to defend against legal claims, or to train our support team). Typically, support emails are kept for up to 2 years, unless a longer period is justified. Logs: Server logs and backups are generally rotated and deleted automatically after a span of time, typically within 30-90 days, unless we need to retain them longer for security analysis or legal reasons. Financial Records: If you made purchases, we keep transaction records as required by law (for example, under Italian accounting/tax laws, we might need to keep invoices for 10 years). These records may include personal data like your name, billing address, and details of the transaction. We will keep only what is necessary for compliance. Legal Holds: If we are under a legal obligation to retain data (e.g., a litigation hold, or a government order to preserve data), we will retain the data for as long as instructed by the authority or as needed to comply with the law. In such cases, we’d only retain what’s strictly required and for the minimum time required. Upon Account Deletion: If you choose to delete your ClipTrack account, or if you request erasure of your personal data, we will initiate deletion of your personal data from our systems. We retain data for up to 1 month (30 days) after account deletion or subscription cancellation, as noted in our Terms of Service. During this 30-day grace period, you can contact us to reactivate your account if it was deleted accidentally or to retrieve any important information. After the 30 days, your personal data will be expunged from our production systems. Specifically: Your profile and authentication data will be removed so you can no longer log in. All your User Content and analytics data will be deleted from our databases and storage. Any references to you in our active user lists will be removed/anonymized. After Deletion: Once data is deleted from our active databases, it cannot be recovered by us or by you. Some remnants of your data may remain in encrypted backups for a short period (backups can be retained for additional days/weeks beyond deletion), but those are only used for disaster recovery. After the retention period lapses, backup data containing personal info will also be deleted or overwritten in the normal course of operations. We do not use backup data for any other purpose, and we ensure that if we ever restore a backup, we reconcile and re-delete any accounts that had been deleted (so you don’t inadvertently get “resurrected” from a backup). Anonymized Data: In some cases, rather than outright deletion, we may anonymize certain data (remove all personal identifiers) such that it can no longer be linked to you. For instance, aggregate statistical information (like number of users who had a certain trend) may be retained in an anonymized form after your account deletion, but it will not identify you or any individual. We reserve the right to keep such anonymized data (since it’s no longer personal data) for analysis or improvement of our services. Inactive Accounts: If your account is inactive for an extended period (e.g., 1 year of non-use), we may reach out to confirm if you still want to keep it. If we do not hear back and usage doesn’t resume, we might delete or anonymize your account to free up space and ensure we’re not holding data unnecessarily. We will warn you via email before taking such action. Please note that even after deletion of your account, we might retain certain information for the reasons mentioned (legal compliance, resolving disputes, enforcing our terms). For example, if you were banned for misuse, we might retain your email or IP in a blocklist to prevent re-registration. Or if you had a financial transaction, we keep invoice records as required by law. Any such retained data will be handled in accordance with applicable privacy laws and will not be used for other purposes. Your Deletion Rights: If you are an EU/EEA resident or under laws like GDPR, you have the Right to Erasure (“Right to be Forgotten”). Section 8 below outlines how to exercise that. We will comply with verified requests within the statutory timeframes (usually within 30 days, extendable by an additional 60 days for complex requests, which we’d inform you about). In summary, our aim is to retain your data no longer than necessary. When it’s no longer needed, we delete it or anonymize it. If you have questions about our specific retention periods for different data types, or want us to delete your data sooner, you can always contact us.

8. Your Rights and Choices

As a user of ClipTrack, and particularly if you are in the European Union (GDPR), United Kingdom (UK GDPR/DPA 2018), or other jurisdictions with similar laws, you have certain rights regarding your personal data. We are committed to honoring these rights. Below we outline your key rights and how to exercise them: Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of that personal data, along with information about how we use it. This is often called a “Data Subject Access Request” or DSAR. You can request a copy of the data we hold about you by contacting us (see Contact Us section). For most users, you can also access a lot of your data directly by logging into your account (e.g., seeing your profile info and analytics). We will provide the first copy of your data free of charge, but as allowed by law, we may charge a reasonable fee for additional copies or repetitive requests. We will ask you to verify your identity before releasing data to ensure we don’t give it to the wrong person. Right to Rectification: If any of your personal data that we have is incorrect or incomplete, you have the right to have it corrected. You can update most of your basic account information directly in your account settings (e.g., you can change your name or email on file). For any other corrections, please contact us with the specifics, and we will make the corrections where possible. For example, if your TikTok data shown in our app is outdated because you changed something on TikTok, syncing your account should update it; if not, let us know and we’ll investigate. We strive to keep data accurate, but we appreciate your help in keeping your info up to date. Right to Erasure (Deletion): As discussed in Section 7, you have the right to request deletion of your personal data. This right is not absolute – for instance, if we are required by law to keep certain data, we may deny the request for that portion, but we will explain why. Within the constraints of law, if you request deletion, we will delete your account and personal data. You can initiate deletion yourself via account settings (if that feature is available) or by contacting us. We may ask you to confirm (since deletion is irreversible). Once deleted, you will lose access to the Service unless you sign up again (as a new user without the old data). Right to Restrict Processing: You have the right to request that we restrict (pause) the processing of your personal data under certain circumstances. For example, if you contest the accuracy of data, you can request we stop processing it (other than simply storing it) until we verify accuracy. Or if you object to processing based on our legitimate interests, you can request restriction while we consider your objection. When processing is restricted, we will still store your data, but not use it. If you want to exercise this, let us know what processing you want stopped and the reason. We’ll inform you when the restriction is lifted. Right to Object: You have the right to object to certain types of processing. Specifically: You can object to processing that we justify on “legitimate interests” grounds, if you believe it impacts your rights. If you object, we must stop the processing unless we have compelling legitimate grounds that override your rights or the processing is for legal claims. For instance, if we were using your data for some R&D purpose under legitimate interest and you object, we would stop unless we have a strong need that doesn’t harm your privacy. You can object to direct marketing at any time. If you opt-out of marketing emails or SMS, we will cease processing your data for that purpose immediately. (As noted, you can always unsubscribe from emails via the link provided, or adjust preferences in your account if available.) We do not do any other forms of direct marketing (like telemarketing) currently. If you object to any processing, please contact us specifying the processing in question. We will respond and either comply or explain our position. Right to Data Portability: You have the right to receive certain personal data in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible. This right applies to personal data you provided to us, which is processed by automated means, and where the legal basis is either consent or contract. In practice, this would include things like your account information or content you uploaded. If you need an export of your data to port to another service, let us know – we can provide things like CSV or JSON exports of your data within scope. (Note: This is somewhat similar to the access right, but specifically geared towards re-use of the data elsewhere.) Right to Withdraw Consent: In cases where we rely on your consent to process data, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. For example, if you gave consent for marketing emails, you can withdraw it by unsubscribing. If you gave consent for a certain type of data collection (like optional analytics cookies), you can change your preference to withdraw that consent (via cookie settings or browser settings). Once consent is withdrawn, we will stop the processing that was based on consent. Note that many of our processing activities are not based on consent (often they are contract or legitimate interest), so withdrawing consent might not fully stop all processing – only those activities that relied on consent. Right not to be subject to Automated Decision-Making: GDPR gives you the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects. ClipTrack does not make any decisions about you with legal or significant impact without human involvement. Our analytics may classify or score your content (e.g., engagement score) but this is purely for your information and doesn’t affect your rights or access. We have no automated system that, say, denies you service or affects your finances without a person’s review. If that ever changes, we will implement required safeguards and give you rights to contest such decisions. Right to Complaint: If you have concerns about our data practices, you have the right to lodge a complaint with a supervisory authority, particularly in the EU country where you live, work, or where you believe a breach may have occurred. For Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority). Contact details can be found here: www.garanteprivacy.it. If you’re in another EU country, you can find your authority here. We would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any issue, but you are within your rights to go directly to the authorities. Exercising Your Rights: You can exercise most of the above rights by contacting us at privacy@cliptracksolutions.com. Please clearly state your request (what right you want to exercise and regarding what data, if relevant). We may need to verify your identity (to ensure we don’t give your data to someone else or delete the wrong person’s info). For example, we might ask you to send the request from the email associated with your account or ask for other identification info. For access, deletion, and portability requests, we may also ask you to specify the context (e.g., “I’d like all data related to my account X”). We will respond to your request as soon as possible, generally within one month of receipt. If your request is complex or we have many requests, we may extend this by another two months, but we will inform you of the extension and the reason within the first month. If we decline (wholly or partially) a request (such as if it’s unfounded or excessive, or a certain exception applies), we will explain our reasoning. For example, if you request deletion but we must keep some data for legal reasons, we will let you know what we cannot delete and why. We will not discriminate against you for exercising any of these rights. The Service features available to you will remain the same (except as necessary if you delete data needed for those features). California and Other Regions: If you are a California resident, you have similar rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). The rights above cover similar ground (access, deletion, etc.). Notably, CCPA also gives a right to know the “categories” of personal info and sources, which we have described throughout this policy. It also has a right to opt-out of “sales” of personal data – as noted, we do not sell data as defined by CCPA. If you are in California, you or your authorized agent can exercise your rights in the same way as above. Also, if you are under 18 and a registered user of our Service, California’s “Online Eraser” law allows you to request removal of content publicly posted by you; however, currently our service does not involve public postings (it’s a private analytics tool), so this likely isn’t applicable. If you are in other countries with privacy laws (Canada, Brazil’s LGPD, Australia, etc.), we aim to extend the same level of rights to you. For instance, users in Brazil have rights similar to GDPR (access, correction, deletion, etc.), and you can use the same process to reach out and we will address those rights per LGPD requirements. In short, it’s your data, and you have rights to control it. We’re here to help you exercise those rights and to be transparent with you. Don’t hesitate to reach out about any privacy questions or requests.

9. Data Security

We take the security of your personal data seriously and implement a variety of technical and organizational measures to protect it against unauthorized access, loss, alteration, or disclosure. However, no system is 100% secure, so we want to be transparent about our practices and also what you can do to help keep your data safe. Security Measures We Use: Encryption: All communications between your browser/app and our servers are encrypted using HTTPS/TLS. This means that data in transit is protected from eavesdropping. Additionally, we encrypt sensitive data at rest. For example, our databases use encryption at rest, and any passwords you set are stored hashed (not in plain text). If we store API tokens (like your TikTok access token), we encrypt them in the database or vault so that even if someone got the raw database, they couldn’t easily use those tokens. Access Controls: We limit access to personal data to those employees, contractors, and service providers who need to know that information to operate, develop or support our Service. ClipTrack team members are trained on the importance of privacy and security. Internal access to systems is protected via strong authentication (e.g., multi-factor authentication, key-based access) and is logged. We segment duties so no single person has wide-ranging access without oversight. Testing and Updates: We regularly update our software and dependencies to address security vulnerabilities. We also employ standard security practices such as firewalls, intrusion detection/prevention systems, and monitoring of our infrastructure. We may conduct periodic security audits and penetration testing, either internally or with external specialists, to find and fix vulnerabilities. Data Minimization: We only collect data that we need. By not storing unnecessary personal data, we reduce the risk exposure. For example, as mentioned, we don’t store your raw payment info, and we don’t ask for things like your address or ID unless absolutely needed. Less data stored means less data that can potentially be compromised. Backups and Recovery: We perform regular backups of critical data to prevent loss. These backups are encrypted and stored securely. We have disaster recovery plans to restore availability of data in case of physical or technical incidents. Anonymization: Where feasible, we anonymize or pseudonymize data. For instance, when analyzing general trends, we might remove personal identifiers. If we use production data for testing improvements, we strip user identities. This ensures that even within our environment, not everyone interacts with real personal data. Third-Party Security: We vet our third-party service providers for strong security practices. We review their security documentation/certifications (e.g., many have SOC 2 or ISO 27001 certifications). We ensure through contracts that they must implement appropriate security measures. If any provider notifies us of a breach or issue on their side, we act promptly to assess impact on our users. User Responsibilities: While we do our part, you also play a role in keeping your data safe. We encourage you to use a strong, unique password for ClipTrack and to keep your login credentials confidential. Do not share your password with others. If you suspect someone has gained access to your account, change your password immediately and contact us. Be aware of phishing: ClipTrack will never ask you for your password via email, and any official communication will come from our domain. If you receive suspicious communication claiming to be us, double-check the sender and contact us when in doubt. When you integrate ClipTrack with TikTok or other accounts, ensure you follow secure practices (like using official OAuth flows) – we only use official flows so you shouldn’t be giving your TikTok password directly to us, only to TikTok’s login form. Keep your devices secure. Use antivirus software, install updates, and avoid using the Service on devices that you suspect are compromised. Reporting Incidents: Despite our efforts, if a security breach were to occur that affects your personal data, we will act promptly. We have an incident response plan that includes: identifying and eliminating the cause of the breach, mitigating any further data loss, assessing impact, and notifying affected users and relevant authorities as required by law. For example, under GDPR, we would notify the supervisory authority within 72 hours if a breach likely poses a risk to user rights, and we’d inform affected individuals without undue delay if there’s a high risk to them. If you have reason to believe that your data is no longer secure or if you discover any vulnerability or incident related to ClipTrack, please contact us immediately at security@cliptracksolutions.com or privacy@cliptracksolutions.com. We appreciate feedback and will address issues as a top priority. Account Protection: We may provide additional security features like two-factor authentication (2FA) for your account. If available, we highly recommend enabling 2FA, which adds a layer of security beyond just your password. By using ClipTrack, you acknowledge that you understand the inherent risks of data transmission over the internet, but also that we are committed to taking reasonable and appropriate steps to secure your information. While we cannot guarantee absolute security, we will continuously update and improve our security measures to protect your data.

10. Third-Party Links and Services

Our Service may contain links to third-party websites, content, or services that we do not own or control. For example, our interface might link to TikTok profiles, or our website might include a link to our social media pages or to articles on a blog. This Privacy Policy applies only to ClipTrack’s processing of your data, not to any third-party services that are not under our control. If you click on a third-party link or integrate with a third-party service (like using TikTok’s platform through our app), be aware that you are leaving our Service and any data you provide to that third party or that is collected by that third party is governed by their own privacy policy and terms. We are not responsible for the privacy practices of other sites or services. For instance: If we direct you to TikTok for OAuth login, the data you provide to TikTok (your login credentials) is handled under TikTok’s privacy and security measures, not ours. TikTok might also collect info about that integration (like that you authorized our app). If our website has a link to a partner or a blog that’s hosted elsewhere, any info you provide there (like signing up for their newsletter, or cookies they drop) would be subject to that site’s policies. We encourage you to review the privacy policies of any third-party services you interact with. In particular, relevant ones might include: TikTok’s Privacy Policy, Stripe’s Privacy Policy, Supabase’s Privacy Notice, and AWS’s Privacy Notice (for AWS, it’s typically covered under Amazon’s general privacy notice). ClipTrack’s inclusion of a link or integration does not imply an endorsement of the third party’s practices. It’s simply there for functionality or reference. If you believe a third-party linked from our Service is misusing your personal data or engaging in unlawful practices, please inform us and we’ll take it into account, though we may not have the ability to intervene directly.

11. Cross-Border and International Users

This Privacy Policy is intended to be global. ClipTrack Solutions is an Italian-based service, but we welcome users from around the world (as long as using our service is lawful in your country). Regardless of where you live or where you use our Service, we aim to provide the same standard of privacy protection. European Union/EEA: If you are in the EU, we comply with the GDPR as detailed throughout this policy. Our lead data protection authority can be the Garante in Italy, but we also respect local DPA oversight. You have the rights outlined in Section 8. We have explained our lawful bases, and provided info on international transfers (Section 5). We will also comply with the EU ePrivacy Directive (Cookie law) by obtaining consent for cookies as required. United Kingdom: Post-Brexit, we treat UK user data under UK GDPR which mirrors the EU GDPR, and the UK ICO is the authority. Everything we say about GDPR applies similarly to the UK. We may designate a UK representative if needed, but so far, as an EU company, there is alignment. Switzerland: We consider Swiss data protection law (FADP) as well. Transfers from Switzerland to US follow similar safeguards as EU. Swiss individuals have similar rights. United States: For U.S. users, while there isn’t a federal GDPR equivalent, we follow principles of transparency and choice. If you are in California, CCPA rights apply (as discussed, similar to GDPR rights). We do not sell personal info, nor share it for behavioral advertising. If you are in states like Virginia, Colorado, etc. with new privacy laws, those give you rights to access, correct, delete, etc. – which we already provide. We also note that our services are not directed to children under 13 (COPPA), and we don’t knowingly collect info from them, in line with U.S. law. Canada: For Canadian users, we handle data per PIPEDA principles. Your consent is assumed for providing the service, and we’ll seek additional consent where required. You have rights to access and correction similarly. Australia, New Zealand: We aim to comply with Australian Privacy Principles and NZ Privacy Act where applicable, giving you rights to access/correct and safeguarding your data. Brazil: Under LGPD, Brazilian users have rights much like GDPR (access, correction, deletion, etc.) – which we accommodate. We might designate a local representative if volume of data justifies it. Other Regions: We can’t list every country, but rest assured we attempt to comply with all applicable data protection laws. If there’s a conflict between local law and something in this policy, local law will prevail for those residents, and we will adjust our practices accordingly. International Availability: Because our data is stored in the US (and possibly the EU), by using the Service you acknowledge the cross-border nature of data flows (as per Section 5). We have implemented safeguards accordingly. If you are in a jurisdiction like China or Russia that has data localization requirements, note that your data will not be stored in those countries – using ClipTrack might not be compliant with those local laws, so please be aware of your local regulations. We target our services mainly to users in jurisdictions open to cross-border transfers. If we decide to restrict or customize our Service in certain locations due to local laws (for example, not offering service in a country because of strict data rules), we will geo-block or inform those users accordingly. As of now, we offer a global service under one privacy standard.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will notify you in advance when required by law. Notification of Changes: Posting on Site/App: We will post the revised Privacy Policy on our website (and within the app if applicable) with a new “Last Updated” date. Email Notice: If the changes are significant (especially if they affect your rights or the way we use data in a way you might not expect), we will also send a notice to the primary email address associated with your ClipTrack account or provide an in-app notification. We may outline the key changes in that message. Advance Notice: Where required by applicable law, we will provide at least [30 days]’ notice (or whatever period the law specifies) before the new terms take effect, giving you the opportunity to review them. Minor changes (like clarifications, or changes that do not materially lessen your privacy rights) may be effective immediately upon posting. If you continue to use the Service after the effective date of the updated Privacy Policy, it means you accept the changes. If you do not agree with the changes, you should stop using the Service and may request deletion of your data. We encourage you to periodically review this page for the latest information on our privacy practices. We will also keep prior versions of this Privacy Policy (with their effective dates) available upon request so you can see what’s changed.

13. Contact Information

Your feedback and questions about privacy are important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, you can reach out to us: By Email: For privacy-specific inquiries or requests (exercise of rights, data questions, etc.), please email privacy@cliptracksolutions.com. This goes to our team responsible for data protection. By Mail: Privacy Team – ClipTrack Solutions, [Postal Address, City, ZIP, Italy]. (Insert our mailing address here.) By Phone: [If we have a phone line for support, list it, or otherwise omit if not applicable]. (Email is generally preferable for a written record of privacy requests.) If you need to contact our Data Protection Officer (if we have appointed one) or an EU/UK representative, we will provide their contact details here as well. As of now, our privacy team handles these duties. We will respond to inquiries as soon as possible, typically within a few business days. For formal privacy rights requests, see Section 8 on expected timelines. Language: This Privacy Policy may be provided in multiple languages for convenience. In case of any differences in interpretation, the English version (or Italian version if we designate it so, given our jurisdiction) will prevail. Thank you for entrusting ClipTrack Solutions with your data. We are committed to protecting your privacy and using your data responsibly to provide a valuable Service to you.