Privacy Policy

This Privacy Policy explains how Clipdrop Live ("we", "our", "us") - operated by Sjuul Studios, a sole proprietorship (eenmanszaak) based in the Netherlands, registered with the Dutch Chamber of Commerce under KVK number 92316476 and VAT (BTW) ID NL004948553B64 - handles information when you use the Clipdrop Live desktop application and the website at clipdroplive.com (together, "the Service").

The short version: your DJ sets stay on your device. We don't upload your audio or video to our servers. The only data we store on our side is what you give us directly - like an email address if you sign up for early access.

1. What we process locally on your device

The Clipdrop Live desktop app analyses audio and video files you choose to import. This processing happens entirely on your computer. We do not have access to those files, and they are not transmitted to us.

2. What we collect on our servers

Email address (if you provide one)

If you submit your email through the early-access form on our website, we store it solely to contact you about Clipdrop Live availability. We don't sell, rent, or share it with third parties for marketing purposes.

Basic website analytics

We may use privacy-respecting analytics on the website to understand aggregate visitor patterns (e.g. country, page, referrer). We do not use cookies that identify you personally.

Account data (when you create an account)

If and when account creation is enabled, we store the email address and password hash you provide, plus any optional profile fields you choose to fill in (e.g. DJ alias, primary genre). Authentication is handled by Supabase, our authentication provider, on EU-based infrastructure. We never store passwords in plain text.

Payment data (when you subscribe)

Paid subscriptions are processed by Stripe Payments Europe, Limited (Ireland) and Stripe, Inc. (United States). We do not see or store your card number, CVV, or full bank details. Stripe sends us limited data needed to operate your subscription: country, last 4 digits of the card, billing email, invoice history, and VAT status. Stripe's own privacy policy applies to their handling of your payment information. Because Stripe operates infrastructure in the United States, your payment metadata may be transferred outside the European Economic Area; Stripe relies on Standard Contractual Clauses and its Data Processing Addendum for these transfers.

Sub-processors

We use the following third-party service providers ("sub-processors") to operate the Service. Each is contractually bound to handle personal data only on our instructions.

• Supabase, Inc. - authentication, database, and edge functions. Hosted in the European Union (Frankfurt region). Privacy policy.
• Stripe Payments Europe, Ltd. / Stripe, Inc. - payment processing, invoicing, VAT calculation, and chargeback handling. EU + US. Privacy policy.
• Website hosting - clipdroplive.com is hosted on EU-based infrastructure (TransIP B.V., Netherlands, or Cloudflare, Inc. depending on deployment). TransIP · Cloudflare.
• Email delivery - transactional email (account confirmations, password resets, invoices) is sent via Supabase's built-in email service or, where indicated, via a separate provider listed here as it is added.

We will update this list when we add or change a sub-processor. Existing paid users are notified by email before a material change takes effect.

3. Cookies

The Clipdrop Live website uses a small number of cookies and similar technologies. We classify them as follows:

• Strictly necessary cookies - required for the website to work (e.g. remembering your cookie preference itself, keeping you logged in once accounts are enabled). These do not require consent under GDPR/ePrivacy.
• Analytics cookies - only set if you accept them in the cookie banner. They help us understand aggregate usage. We use a privacy-respecting analytics provider that does not build cross-site profiles.
• Marketing cookies - we currently do not use marketing or advertising cookies. If we add any in the future, we will update this policy and ask for your consent first.

You can change your cookie choice at any time by clicking "Cookie settings" in the website footer, or by clearing your browser's site data for clipdroplive.com.

4. Social platform connections (OAuth)

If you connect a TikTok, Instagram, or Facebook account inside Clipdrop Live to publish clips directly, the following applies:

• OAuth access tokens and refresh tokens are stored locally on your device, in your operating system's secure credential store (macOS Keychain, Windows Credential Manager, or Linux Secret Service).
• Tokens are never transmitted to our servers.
• When you click "Share", the video file and the metadata you typed (caption, etc.) are sent directly from your device to the social platform's API. We are not in the middle of that transfer.
• You can disconnect any social account at any time from the app's Settings → Connected Accounts. This removes the stored token from your device.

5. What we do not do

• We do not collect or store your DJ sets, audio, or video.
• We do not sell personal data.
• We do not train machine learning models on your content.
• We do not share your information with advertisers.

6. Legal basis (GDPR)

For users in the European Economic Area, our legal bases for processing are:

• Consent - when you sign up for early access or connect a social account.
• Legitimate interest - for basic, non-identifying website analytics.
• Contract - when processing is necessary to provide a service you've requested.

7. Your rights

Under the GDPR and equivalent laws, you have the following rights regarding personal data we hold about you:

• Access (Art. 15) - request a copy of the data we hold about you.
• Rectification (Art. 16) - ask us to correct inaccurate or incomplete data.
• Erasure (Art. 17, "right to be forgotten") - ask us to delete your data, subject to legal retention obligations (e.g. tax invoices).
• Restriction of processing (Art. 18) - ask us to pause processing in defined cases.
• Data portability (Art. 20) - receive your data in a structured, machine-readable format.
• Objection (Art. 21) - object to processing based on legitimate interest, including direct marketing.
• Withdraw consent - where processing relies on consent, you can withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email business@sjuulstudios.com. We verify your identity to prevent impersonation and respond within one month (extendable by two months for complex requests, with notice). Exercising your rights is free unless requests are manifestly unfounded or excessive.

8. Data retention

We keep personal data only as long as necessary for the purpose it was collected, or as required by law. Specifically:

• Early-access email addresses - until you ask us to delete them, or until Clipdrop Live ceases operation, whichever comes first.
• Account data (email, password hash, optional profile fields) - for the life of your account. Deleted within 30 days after you close the account, except where retention is required by law.
• Payment and invoice data - retained for 7 years as required by Dutch tax law (Algemene wet inzake rijksbelastingen, art. 52).
• OAuth tokens for social platforms - stored locally on your device, never on our servers. Removed when you disconnect the account or uninstall the app.
• Support and contact emails - retained for up to 2 years after the issue is resolved.
• Aggregated, non-identifying analytics - retained indefinitely in aggregated form.

9. Children

Clipdrop Live is not directed at children under 16. We do not knowingly collect personal information from children.

10. International transfers

Our primary infrastructure (Supabase database, edge functions, website hosting) is located within the European Economic Area. Our payment processor, Stripe, operates infrastructure in both the EEA and the United States; payment metadata may therefore be transferred to the US. Transfers outside the EEA take place under the European Commission's Standard Contractual Clauses (2021/914) together with each sub-processor's supplementary measures.

You can request a copy of the transfer safeguards in place for any sub-processor by emailing business@sjuulstudios.com.

11. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the following rights regarding personal information we hold about you:

• Right to know - what categories of personal information we collect, the sources, purposes, and categories of recipients.
• Right to delete - request deletion of personal information, subject to legal exceptions.
• Right to correct - request correction of inaccurate personal information.
• Right to opt out of sale or sharing - we do not sell your personal information and we do not share it for cross-context behavioural advertising. There is therefore nothing to opt out of, but you retain the right to be informed.
• Right to non-discrimination - we will not deny service, charge different prices, or provide a different level of quality because you exercised any CCPA right.

To exercise these rights, email business@sjuulstudios.com. We may need to verify your identity before fulfilling the request.

12. Security

We use industry-standard measures to protect the limited data we hold. OAuth tokens are stored in your operating system's secure credential store. Email addresses are stored in encrypted form on our infrastructure. No system is perfect - if we ever experience a breach affecting your data, we will notify you and the relevant supervisory authority within 72 hours, as required by law.

13. Changes to this policy

If we materially change this policy, we will update the "Last updated" date above and, where appropriate, notify users by email. Where a change reduces your rights or expands processing, we obtain consent where required by law.

14. Data controller and contact

The data controller for personal data processed through the Service is:

Sjuul Studios
Sole proprietorship (eenmanszaak)
KVK 92316476 · BTW NL004948553B64
The Netherlands
Email: business@sjuulstudios.com

We are not legally required to appoint a Data Protection Officer (DPO) and have not voluntarily appointed one. All privacy questions and requests are handled by the contact above.

You have the right to lodge a complaint with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. EEA residents can also contact the authority in their country of residence or place of work.