Privacy Policy
ClipToFrame — Video Frame Extraction API
Last updated: December 2025
1. Introduction
This Privacy Policy explains how ClipToFrame ("we", "us", "our") collects, uses, and protects your personal data when you use our video frame extraction service at cliptoframe.com.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
- Data Controller: ClipToFrame
- Location: Spain, European Union
- Contact: privacy@cliptoframe.com
3. Personal Data We Collect
We collect the following categories of personal data:
| Data Type | Details | Purpose |
|---|---|---|
| Account Information | Email, first name, last name, date of birth, country, language preference | Account creation, service provision, communication |
| Authentication Data | Hashed passwords, API keys (hashed) | Security and access control |
| Usage Data | API requests, timestamps, video URLs processed | Service operation, rate limiting, analytics |
| Technical Data | IP address, browser type, device information | Security, troubleshooting, service improvement |
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
-
Contract Performance — Art. 6.1.b: Processing necessary to provide the Service you requested (account creation, API access, frame extraction).
-
Legitimate Interests — Art. 6.1.f: Processing for security purposes, fraud prevention, service improvement, and analytics.
-
Legal Obligation — Art. 6.1.c: Processing required to comply with applicable laws.
5. How We Use Your Data
We use your personal data to:
- Create and manage your account
- Process video frame extraction requests
- Enforce rate limits and usage quotas
- Communicate with you about the Service
- Improve and optimize the Service
- Ensure security and prevent abuse
6. Data Storage and International Transfers
6.1 Where We Store Data
Your data is processed and stored using the following service providers:
- MongoDB Atlas: Database hosting (data stored in EU region)
- Render: Backend API hosting (Frankfurt, Germany)
- Netlify: Web frontend hosting (CDN with EU presence)
6.2 International Transfers
Some of our service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data.
7. Data Retention
- Account Data: Retained until you delete your account or request deletion.
- Extracted Frames: Stored temporarily for a maximum of 30 days, then automatically deleted.
- Usage Logs: Retained for up to 12 months for analytics and security purposes.
- IP Addresses: Retained for up to 12 months for security monitoring.
8. Your Rights Under GDPR
Under the GDPR, you have the following rights:
- Right of Access (Art. 15): Request a copy of your personal data.
- Right to Rectification (Art. 16): Request correction of inaccurate data.
- Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
- Right to Restriction (Art. 18): Request limitation of processing.
- Right to Data Portability (Art. 20): Receive your data in a machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests.
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
To exercise any of these rights, please contact us at privacy@cliptoframe.com. We will respond to your request within 30 days.
9. Cookies and Similar Technologies
We use minimal cookies and browser storage technologies:
- Authentication Tokens: JWT tokens stored in localStorage to maintain your session. These are essential for the Service to function.
We do not currently use third-party analytics cookies or tracking technologies.
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit (HTTPS/TLS)
- Password hashing using bcrypt
- API key hashing for secure storage
- Rate limiting to prevent abuse
- Regular security updates and monitoring
11. Children's Privacy
Our Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately at privacy@cliptoframe.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website and updating the "Last updated" date. We encourage you to review this page periodically.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
- Email: privacy@cliptoframe.com
- Website: cliptoframe.com
- Location: Spain, European Union
Supervisory Authority
If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.
© 2025 ClipToFrame. All rights reserved.