Privacy Policy

Smart Clip (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you use the Smart Clip application and related services, including our iOS, Android, and macOS apps as well as our browser extensions (collectively, the “Service”).

By accessing or using Smart Clip, you acknowledge that you have read and understood this Privacy Policy and agree to the data practices described herein. If you do not agree with these practices, please do not use our Service.

Owner and Data Controller: Pedro Manfredi (Clutch Developer), Pau Alsina 64, bloque A, 3, 1, Barcelona 08024, Spain. Contact: info@clutchdeveloper.com.

We collect only the minimum data necessary to provide and improve the Service. The categories of data we collect are:

• Personal Data— your email address and name, provided voluntarily during account registration or sign-in (e.g., via Sign in with Apple, Google, or email).
• Usage Data— information about how you interact with the Service, including features used, interaction patterns, session duration, and in-app actions. This data is collected automatically and is used in aggregated, anonymized form.
• Device Data— technical identifiers such as operating system type and version, app version, device model, screen resolution, and language settings. This information is used for compatibility, debugging, and performance optimization.
• Payment Data— subscription and purchase transactions are handled entirely by third-party payment processors (Apple App Store, Google Play Store, and Stripe via RevenueCat). We do not collect, store, or have access to your payment card details or financial information.
• Crash & Diagnostic Data— crash reports, error logs, and performance metrics collected automatically to help us identify and resolve technical issues.

We do NOT collect, store, transmit, or retain the content of your writing. Text you compose or paste into Smart Clip is processed entirely in real-time on-device or via secure, ephemeral API calls to our AI providers. No writing content is persisted on our servers at any point.

Your personal data is processed using computers and IT systems following procedures and modalities strictly related to the purposes indicated in this policy. In addition to Smart Clip's own infrastructure, data may be accessible to certain categories of authorized personnel, specifically technical staff, administrative personnel, and customer support representatives, as well as third-party data processors engaged by Smart Clip.

Our primary servers and data infrastructure are hosted on Google Cloud Platform in Frankfurt, Germany (EU). All data processing operations take place within the European Union unless explicitly stated otherwise in the Third-Party Services section of this policy.

We apply industry-standard technical and organizational measures to ensure data security, including encryption in transit and at rest, access controls, and regular security assessments.

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable law. Specific retention periods are as follows:

• Account data(email, name) — retained for the duration your account is active. Upon account deletion, personal identifiers are removed within 30 days.
• Usage analytics — retained for up to 24 months in anonymized, aggregated form. Raw event data linked to user identifiers is anonymized or deleted after 12 months.
• Crash and diagnostic data— retained for up to 12 months from the date of collection.
• Payment and subscription records— retained as required by applicable tax and financial regulations, typically up to 7 years.
• Support communications— retained for up to 3 years to maintain continuity of support and resolve disputes.

After the applicable retention period, data is securely deleted or irreversibly anonymized.

We collect and process personal data for the following purposes, each with its corresponding legal basis under GDPR where applicable:

• Provide and maintain the Service— to authenticate users, sync preferences, and deliver core functionality. Legal basis: performance of a contract.
• Process payments and manage subscriptions— to handle purchases, renewals, refunds, and billing inquiries. Legal basis: performance of a contract.
• Send service notifications and updates— to communicate important changes, security alerts, or critical service information. Legal basis: legitimate interests / performance of a contract.
• Analyze anonymized usage patterns— to understand product usage, improve features, and inform development priorities. Legal basis: legitimate interests (data is anonymized before analysis).
• Diagnose technical issues and bugs— to identify, reproduce, and resolve crashes and performance problems. Legal basis: legitimate interests.
• Prevent fraud and abuse— to detect unauthorized access, policy violations, or fraudulent activity. Legal basis: legitimate interests / legal obligation.
• Comply with legal obligations— to respond to lawful requests from public authorities and meet regulatory requirements. Legal basis: legal obligation.
• Marketing communications(only with your explicit consent) — to send promotional emails or newsletters about new features. You may withdraw consent at any time. Legal basis: consent.

To deliver the Service, we engage the following third-party processors and sub-processors. Each is bound by appropriate data processing agreements and privacy safeguards:

• Analytics — Google Firebase Analytics (Google Ireland Limited, Ireland / EU) — anonymized usage analytics and event tracking. Data processed under EU Standard Contractual Clauses.
• Analytics — Mixpanel(Mixpanel, Inc., San Francisco, USA) — product analytics and funnel analysis. Data transferred under SCCs.
• Crash Reporting — Firebase Crashlytics (Google Ireland Limited, Ireland / EU) — automated crash reporting and stack traces.
• Crash Reporting — Sentry(Functional Software, Inc., San Francisco, USA) — error monitoring and performance tracing. Data transferred under SCCs.
• Payments — RevenueCat(RevenueCat, Inc., San Francisco, USA) — subscription management and entitlement tracking. Data transferred under SCCs.
• Payments — Apple App Store(Apple Inc., Cupertino, USA) — in-app purchase processing for iOS and macOS.
• Payments — Google Play Store(Google LLC, Mountain View, USA) — in-app purchase processing for Android.
• Hosting — Google Cloud Platform(Google Cloud EMEA Limited, Frankfurt, Germany / EU) — primary infrastructure, databases, and API hosting within the EU.
• Authentication — Firebase Authentication (Google Ireland Limited, Ireland / EU) — secure email and social sign-in flows.
• Authentication — Sign in with Apple(Apple Inc., Cupertino, USA) — Apple-managed authentication for iOS and macOS.
• Push Notifications — Firebase Cloud Messaging (Google Belgium, Belgium / EU) — delivery of push notifications to iOS, Android, and macOS devices.

We never sell your personal data to any third party for advertising or marketing purposes, and we never will.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. Our security practices include:

• Encryption in transit— all data transmitted between your device and our servers is protected using TLS 1.3.
• Encryption at rest— data stored on our servers is encrypted using AES-256.
• Access controls— strict role-based access control (RBAC) limits data access to authorized personnel with a legitimate need.
• Authentication— all internal systems require multi-factor authentication (MFA).
• Regular security audits— periodic security reviews, penetration testing, and vulnerability assessments.
• Vulnerability monitoring— continuous monitoring of our infrastructure for known vulnerabilities and security misconfigurations.
• Incident response— a documented incident response plan is in place to identify, contain, and remediate security events. In the event of a data breach affecting your rights, we will notify relevant supervisory authorities within 72 hours and affected users without undue delay, as required by GDPR.

While we take all reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We encourage you to use a strong, unique password for your Smart Clip account.

Our primary data processing infrastructure is located within the European Union (Frankfurt, Germany). However, some of our third-party service providers are based in the United States and other countries outside the European Economic Area (EEA).

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)— approved by the European Commission, used with US-based processors such as Mixpanel, Sentry, and RevenueCat.
• Adequacy decisions— where the European Commission has determined that the destination country offers an adequate level of data protection.
• Data Processing Agreements (DPAs)— all third-party processors are contractually bound to process data only on our instructions and in accordance with applicable privacy law.

You may request a copy of the relevant safeguards by contacting us at info@clutchdeveloper.com.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights with respect to your personal data under the General Data Protection Regulation (GDPR) and applicable national law:

• Right of access— you have the right to request a copy of the personal data we hold about you.
• Right to rectification— you have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure(“right to be forgotten”) — you have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
• Right to restriction of processing— you have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability— you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to object— you have the right to object to processing based on legitimate interests or for direct marketing purposes (see the section below).
• Right to withdraw consent— where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint— you have the right to file a complaint with the relevant supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD), accessible at www.aepd.es.

Where processing of your personal data is based on our legitimate interests, you have the right to object to that processing at any time. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Where your personal data is processed for direct marketing purposes, you have an unconditional right to object at any time. We will stop processing your data for direct marketing immediately upon receiving your objection, without requiring justification.

To exercise your right to object, please contact us at info@clutchdeveloper.com or use the unsubscribe link included in any marketing communication.

To exercise any of the rights described in this policy, please submit a written request to our privacy team:

• Email: info@clutchdeveloper.com

Please include your full name and the email address associated with your Smart Clip account, along with a clear description of the right you wish to exercise. We may ask you to verify your identity before processing your request in order to protect your data from unauthorized access.

All requests are processed free of charge. We will respond within 30 days of receiving a valid request. In cases of complexity or high volume, we may extend this period by an additional 60 days, in which case we will inform you within the initial 30-day period.

Smart Clip is not directed at, and is not intended for use by, children under the age of 13. In certain EU member states where national law sets a higher age threshold, Smart Clip is not intended for children under the age of 16.

We do not knowingly collect personal data from minors. If we become aware that we have inadvertently received personal data from a person under the applicable age threshold, we will take immediate steps to delete that data from our systems.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at info@clutchdeveloper.com so we can take the appropriate corrective action.

Smart Clip may send push notifications to your device to inform you of important service updates, subscription status changes, and new feature announcements. Push notifications are delivered via Firebase Cloud Messaging.

You may opt in or out of push notifications at any time through your device's notification settings (iOS: Settings → Notifications; Android: Settings → Apps → Smart Clip). Please note that disabling push notifications may result in you missing time-sensitive service communications, such as subscription expiry reminders or security alerts.

We do not send promotional push notifications without your prior consent, which may be granted and revoked at any time.

Our website and browser extension may use cookies and similar tracking technologies (such as local storage and session storage) to support core functionality, remember user preferences, and collect anonymized analytics data.

• Strictly necessary cookies— required for the website and extension to function. These cannot be disabled.
• Functional cookies— used to remember your preferences such as language and theme settings.
• Analytics cookies— used to collect anonymized information about how visitors use our website, helping us improve the user experience.

We do not use cookies for advertising, retargeting, or cross-site behavioral tracking. You can manage or disable cookies at any time through your browser settings. Note that disabling certain cookies may affect the functionality of our website or browser extension.

We respect Do Not Track (“DNT”) signals. When your browser transmits a DNT signal, our website and browser extension will honor that preference and refrain from collecting analytics or behavioral data during your session. Please note that not all third-party services we use are required to honor DNT signals; however, we commit to passing your preference to our analytics providers where technically feasible.

Our Service may contain links to third-party websites, applications, or services that are not operated by Smart Clip. These links are provided for your convenience and informational purposes only. We have no control over the content, privacy practices, or policies of any third-party sites or services, and we accept no responsibility for them. We strongly encourage you to review the privacy policy of every external site you visit. The inclusion of a link does not imply endorsement by Smart Clip.

Smart Clip reserves the right to use your personal data for the purpose of establishing, exercising, or defending legal claims arising from the use of the Service or related disputes.

We may be required to disclose your personal data to competent public authorities, law enforcement agencies, or courts when such disclosure is necessary to comply with a legal obligation, to protect the vital interests of a person, or to prevent, detect, or prosecute criminal activity. In such cases, we will disclose only the minimum data required and will endeavor to notify you of the disclosure where legally permissible.

We may update this Privacy Policy from time to time to reflect changes in our data practices, the Service, or applicable law. The updated version will always be accessible at this URL, and the “last updated” date at the top of the page will be revised accordingly.

For significant changes— those that materially affect your rights or how we process your data — we will notify you via:

• Email to the address associated with your account.
• An in-app notification the next time you open Smart Clip.

Where a change affects processing that was previously based on your consent, we will request fresh consent before applying the updated practices. Continued use of Smart Clip after notification of non- material changes constitutes your acknowledgment of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: info@clutchdeveloper.com
• General inquiries: info@clutchdeveloper.com
• Postal address: Pedro Manfredi (Clutch Developer), Pau Alsina 64, bloque A, 3, 1, Barcelona 08024, Spain.

We are committed to working with you to resolve any concerns about your privacy. If you feel that your concern has not been adequately addressed, you have the right to contact the Agencia Española de Protección de Datos (AEPD) or the supervisory authority in your country of residence.