Privacy Policy
This Privacy Policy explains how klipsy ("we", "us", "our"), operating klipsy.ai and app.klipsy.ai, processes your personal data when you visit our websites, join our waitlist, or use our services.
We comply with the EU General Data Protection Regulation (GDPR / Regulation (EU) 2016/679) and the Austrian Data Protection Act (DSG).
1. Data controller
klipsy
1120 Vienna, Austria
Email: hello@klipsy.ai
Privacy contact: hello@klipsy.ai
Full legal entity details: Impressum
2. What we collect
2.1 When you join the waitlist
- Email address — to contact you about launch
- Locale (browser language) — to send communication in your language when possible
- UTM source — to understand which campaigns drove the signup
- Signup timestamp
2.2 When you create an account (post-launch)
- Email address, name, avatar URL — provided via Clerk authentication
- Locale, account creation date, last login date
- Credit wallet balance and transaction history
- Generated content metadata — prompts, parameters, model used (NOT the generated outputs themselves, those are owned by you)
2.3 When you make a payment
- Stripe customer ID and subscription ID — to manage your billing
- Payment method last 4 digits, brand, expiry — for display only; full card data is held by Stripe, never by us
- Invoice records — required by Austrian tax law for 7 years
2.4 Technical data (all visitors)
- IP address, user agent, referrer, accessed paths — logged in server access logs for security and debugging
- Cookies — see our Cookie Policy
3. Legal basis (Art. 6 GDPR)
| Purpose | Basis |
|---|---|
| Waitlist signup | Consent (Art. 6(1)(a)) |
| Account creation, service delivery | Contract (Art. 6(1)(b)) |
| Billing, invoicing, payment processing | Contract + legal obligation (Art. 6(1)(b), (c)) |
| Server logs, security, fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Transactional emails (account, billing) | Contract (Art. 6(1)(b)) |
| Marketing emails / newsletters | Consent (Art. 6(1)(a)) — opt-out anytime |
| Tax record retention | Legal obligation (Art. 6(1)(c)) |
4. Sub-processors
We use the following processors who may handle your data on our behalf:
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Infrastructure hosting (servers, database) | Germany / EU |
| Clerk, Inc. | User authentication | USA (SCC + DPF) |
| Stripe Payments Europe Ltd. | Payment processing, invoicing | Ireland / EU |
| Zoho Corporation B.V. | Customer support email (hello@, support@) | EU (Netherlands data center) |
| Resend, Inc. | Transactional and newsletter email delivery | USA (SCC + DPF) |
| Google LLC (Gemini API) | AI content generation | USA (SCC + DPF) |
| Cloudflare, Inc. | R2 object storage for generated assets (post-launch) | EU regions |
| Replicate, Inc. | AI model inference (post-launch) | USA (SCC + DPF) |
5. International transfers
Some processors are based in the USA. Transfers rely on the EU-U.S. Data Privacy Framework (DPF) where the processor is certified, and on Standard Contractual Clauses (SCCs) approved by the European Commission as additional safeguards.
6. Retention
- Waitlist data: until launch + 90 days, or until you unsubscribe
- Account data: while your account is active + 30 days after deletion request
- Generated content metadata: while your account is active + 90 days
- Invoices and payment records: 7 years (Austrian tax law, § 132 BAO)
- Server access logs: 30 days
- Marketing engagement events (opens, clicks): 12 months
7. Your rights
Under GDPR you have the right to access, correct, delete, restrict, port, and object to processing of your data. See our dedicated GDPR Rights page for full details on how to exercise these.
8. Security
We use TLS 1.3 for all data in transit, encrypted database backups, scoped access tokens, and 2FA on all admin accounts. We do not store passwords (handled by Clerk via secure hashing) or card data (handled by Stripe via PCI DSS Level 1 infrastructure).
9. Children
klipsy is not intended for users under 16. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact hello@klipsy.ai and we will delete it.
10. Changes
If we materially change this policy, we'll notify you at least 30 days in advance via email (for registered users) or a banner on klipsy.ai (for waitlist members).
11. Complaints
You can lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at) or your local EU data protection authority.