ClipSend Privacy Policy

Welcome to ClipSend. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cross-device file transfer application and services, including our mobile applications (iOS and Android), web application (clipsend.io), and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you voluntarily provide to us:

• Account Information: When you register for an account, we collect your email address and password (encrypted).
• Device Information: When you register or log in, we automatically collect device information including device ID, device name, platform type (iOS/Android/Web), operating system version, and device identifiers.
• Third-Party Authentication: If you choose to sign in using Firebase Authentication (Google Sign-In, Apple Sign-In), we collect your Firebase UID, email, name, profile picture, and authentication provider information.
• File and Content Information: When you use our file transfer features, we collect information about the files you transmit, including file name, file size, MIME type, upload timestamp, and file content metadata.
• Email History: We collect and store email addresses you use for file transfers to provide quick selection in future transfers.
• Subscription Information: If you purchase a premium subscription, we collect subscription status, type, expiration date, auto-renewal status, and RevenueCat user ID.
• Storage Configuration: For premium users who configure custom S3 storage, we collect S3 access credentials, bucket names, endpoints, and related configuration data.

1.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

• FCM Token: We collect Firebase Cloud Messaging (FCM) tokens to send push notifications to your devices.
• Usage Data: We collect information about how you use our Service, including transmission records, download statistics, and service interactions.
• Transfer Metadata: We collect metadata about file transfers including recipient information, transmission timestamps, and transfer status.
• Technical Data: We collect technical information including IP address, browser type, operating system, unique device identifiers, and app version.

1.3 Third-Party Services

We integrate with third-party services that may collect information:

• Firebase Services: Google Firebase is used for authentication, push notifications, and real-time database features. Firebase may collect and process data as described in Google's Privacy Policy.
• SendCloud: We use SendCloud for email delivery services related to file transfer notifications.
• Cloud Storage: Your files are stored in cloud storage providers (AWS S3, Aliyun OSS, or your custom S3-compatible storage). We use pre-signed URLs to allow direct upload/download to these services.
• RevenueCat: For premium subscriptions, we use RevenueCat for payment processing and subscription management. RevenueCat may collect payment and subscription data.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision and Features

• To provide, maintain, and improve our file transfer services
• To authenticate users and manage accounts
• To enable file uploads and downloads using pre-signed URLs
• To send push notifications and email notifications for file transfers
• To manage device registration and multi-device synchronization
• To generate QR codes for file sharing
• To provide file preview and download capabilities

2.2 Business Operations

• To process premium subscriptions and payment transactions
• To manage subscription status and auto-renewal
• To enforce service usage limits (e.g., 10 transfers for free users)
• To comply with legal obligations and respond to legal requests
• To detect and prevent fraud or abuse

2.3 Analytics and Improvement

• To analyze usage patterns and improve service performance
• To develop new features and functionality
• To optimize file storage and transfer speeds
• To monitor system health and troubleshoot issues

2.4 Customer Support

• To respond to your inquiries and support requests
• To provide technical assistance
• To send important service updates and notifications

3. Legal Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the information and context:

Legal Basis	Purpose
Contractual Necessity	To perform our Terms of Service and provide the requested services
Legitimate Interests	To improve our services, prevent fraud, analyze usage patterns, and ensure security
Consent	When you voluntarily provide information, agree to data processing, or use certain features
Legal Obligation	To comply with applicable laws, regulations, or court orders

4. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

4.1 With Your Consent

• When you explicitly authorize us to share information
• When you share files with other users through our Service

4.2 Service Providers

We share information with trusted service providers who perform services on our behalf:

• Cloud Storage Providers: AWS S3, Aliyun OSS, and your custom S3-compatible storage for file storage
• Firebase (Google): For authentication, push notifications, and real-time database services
• SendCloud: For email delivery services
• RevenueCat: For subscription and payment processing
• Hosting Providers: For cloud infrastructure and server hosting

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to a successor entity.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

• Respond to lawful requests and legal processes
• Enforce our Terms of Service
• Protect our rights, privacy, safety, or property
• Prevent or investigate fraud, security issues, or violations of law

5. Data Storage and Retention

5.1 Storage Location

Your data is stored in cloud storage services:

• User accounts and metadata are stored in MySQL databases hosted by our cloud infrastructure provider
• Files are stored in cloud storage buckets (AWS S3, Aliyun OSS, or your custom S3-compatible storage)
• Free users' files are stored in our default system storage
• Premium users' files can be stored in their custom S3-compatible storage

5.2 Retention Periods

Data Type	Retention Period
Account Information	Until account deletion
Transmitted Files (Free Users)	3 days (automatic deletion)
Transmitted Files (Premium Users)	Up to 1 year (user-configurable)
Transmitted Files (Custom S3 Storage)	Perpetual (user-controlled)
Transfer Records	Retained for service functionality until account deletion
Email History	Until account deletion
Device Information	Until device unbinding or account deletion

5.3 Automatic Deletion

We automatically delete expired files on an hourly schedule:

• Files that exceed their expiration date are automatically removed from storage
• Deleted files cannot be recovered
• This ensures efficient storage management and cost control

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Right to Access (GDPR Article 15)

You have the right to request access to your personal information and obtain a copy of the data we hold about you.

6.2 Right to Rectification (GDPR Article 16)

You have the right to request correction of inaccurate or incomplete personal information.

6.3 Right to Erasure ("Right to Be Forgotten") (GDPR Article 17)

You have the right to request deletion of your personal information, subject to legal obligations and legitimate interests.

6.4 Right to Restrict Processing (GDPR Article 18)

You have the right to request restriction of processing of your personal information.

6.5 Right to Data Portability (GDPR Article 20)

You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

6.6 Right to Object (GDPR Article 21)

You have the right to object to processing of your personal information based on legitimate interests.

6.7 Right to Withdraw Consent

If processing is based on consent, you have the right to withdraw consent at any time.

6.8 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights:

• Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You can opt-out of the "sale" or "sharing" of your personal information (Note: We do not sell your personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Limit Use: You can request limits on the use of your sensitive personal information

6.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@clipsend.io
• Email: support@clipsend.io
• Website: https://clipsend.io/contact

We will respond to your request within 30 days (or as required by applicable law).

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

7.1 Encryption

• All data transmissions use HTTPS/TLS encryption
• Files are stored using encrypted cloud storage
• Passwords are hashed using secure algorithms before storage
• Pre-signed URLs provide secure, time-limited access to files

7.2 Access Controls

• Role-based access control for employees
• Unique user authentication credentials
• Automatic device management and tracking
• Session management and time-limited access tokens

7.3 Infrastructure Security

• Secure cloud infrastructure hosting
• Regular security audits and vulnerability assessments
• Intrusion detection and monitoring systems
• Incident response procedures and breach notification protocols

8. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

9.1 Data Transfer Safeguards

• We rely on standard contractual clauses (SCCs) for data transfers outside the EEA
• We ensure adequate protection through appropriate technical and organizational measures
• We comply with GDPR requirements for cross-border data transfers

9.2 Storage Locations

• Our servers may be located in various geographic regions
• You can choose storage locations when configuring custom S3 storage
• File transfers may involve cross-border data transmission

10. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

10.1 Types of Cookies

Cookie Type	Purpose	Duration
Essential Cookies	Authentication, session management, security	Session or 30 days
Functional Cookies	User preferences, language settings	Up to 1 year
Analytics Cookies	Usage analytics, performance monitoring	Up to 2 years

10.2 Your Choices

You can control cookies through your browser settings. However, disabling cookies may affect Service functionality.

11. Third-Party Services

Our Service integrates with third-party services. This Privacy Policy does not apply to third-party services. We encourage you to review their privacy policies:

11.1 Third-Party Links

• Firebase (Google): Firebase Privacy Policy
• Google: Google Privacy Policy
• Apple: Apple Privacy Policy
• RevenueCat: RevenueCat Privacy Policy
• AWS S3: AWS Privacy Policy
• SendCloud: SendCloud Privacy Policy

12. Do Not Track Signals

Our Service does not currently respond to Do Not Track (DNT) signals from browsers. However, you can control tracking through your browser settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page with an updated "Last Updated" date
• Sending email notifications to registered users (for material changes)
• Displaying a prominent notice in our Service

You are advised to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes become effective constitutes acceptance of those changes.

14. Data Protection Officer

We have a designated Data Protection Officer (DPO) to handle privacy matters. You can contact our DPO at:

• Email: dpo@clipsend.io
• Subject: "Privacy Inquiry - [Your Name]"

15. Contact Information

16. Governing Law

This Privacy Policy is governed by applicable data protection laws, including:

• General Data Protection Regulation (GDPR) for users in the European Economic Area
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents
• Applicable local data protection laws in other jurisdictions

17. Additional Information for Specific Regions

17.1 European Economic Area (EEA)

If you are located in the EEA, you have enhanced rights under GDPR. Please see Section 6 for details on your rights, including the right to access, rectification, erasure, and data portability.

17.2 United Kingdom (UK)

If you are located in the UK, this Privacy Policy complies with the UK GDPR and the Data Protection Act 2018.

17.3 California, United States

If you are a California resident, you have specific rights under CCPA/CPRA. Please see Section 6.8 for details on your California privacy rights.

17.4 Switzerland

If you are located in Switzerland, this Privacy Policy complies with the Swiss Federal Data Protection Act (DPA).

Last Updated: October 26, 2025