Privacy Policy

1. Introduction & Scope

Strategia-X ("Company," "we," "us," or "our") operates ClipForge AI, an AI-powered video clipping software-as-a-service platform available at clipforge.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website, create an account, upload video content, or otherwise interact with the Service.

This Privacy Policy applies to all users of the Service worldwide, including users in the European Economic Area (EEA), United Kingdom (UK), Switzerland, California, and other jurisdictions with specific data protection regulations. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

We are committed to protecting your privacy and complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable US state privacy laws.

For the purposes of the GDPR, Strategia-X acts as the Data Controller for the personal data we collect through the Service. If you have any questions or concerns about this Privacy Policy, please contact us at support@strategia-x.com.

2. Definitions

The following definitions apply throughout this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
• "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
• "Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the purposes of this Privacy Policy, Strategia-X is the Data Controller.
• "Data Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller. Our third-party service providers (such as Supabase, Stripe, and Cloudflare) act as Data Processors.
• "Service" means the ClipForge AI platform, including all associated websites, applications, tools, APIs, and related services operated by Strategia-X.
• "User" (or "you" or "your") means any individual who accesses, browses, or otherwise uses the Service, whether or not they have created an account.
• "User Content" means any video files, audio files, images, text, or other materials that you upload, submit, or transmit to the Service for processing, including the resulting AI-generated clips, captions, and other derivative outputs.
• "Sensitive Personal Information" means Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. Under the CCPA/CPRA, this also includes Social Security numbers, driver's license numbers, financial account information, precise geolocation, and the contents of communications.

3. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information we receive from third parties.

3.1 Information You Provide

When you register for an account, use the Service, or communicate with us, you may provide the following types of information:

• Account Information: Your name, email address, and password hash when you create an account. If you sign in via Google OAuth, we receive your name, email address, and profile picture from Google.
• Payment Information: Billing name, billing address, and payment method details. Payment card numbers are processed directly by our third-party payment processor (Stripe) and are never stored on our servers. We retain only a truncated card identifier, card type, and billing address for record-keeping purposes.
• Video Content: Video files, audio files, and related media that you upload to the Service for AI processing. This may include the visual and audio content of the videos, as well as any metadata embedded in the files (e.g., file name, creation date, camera information).
• Communications: Messages, feedback, support requests, bug reports, and other correspondence you send to us via email, in-app messaging, or other communication channels.
• Survey Responses: Information you provide in response to surveys, questionnaires, or feedback forms we may offer from time to time.
• Preferences and Settings: Your configuration choices within the Service, such as notification preferences, language settings, default export formats, captioning preferences, and interface customizations.

3.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information from your device and about your usage:

• Device and Browser Information: Device type, operating system and version, browser type and version, screen resolution, device identifiers, and hardware configuration.
• IP Address and Geolocation: Your Internet Protocol (IP) address and approximate geographic location derived from your IP address.
• Usage Data: Pages and features you access, actions you take within the Service, timestamps of interactions, session duration, click patterns, navigation paths, and feature usage frequency.
• Cookies and Similar Technologies: Data collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 8 for more details).
• Referral Data: Information about the website, advertisement, or source that referred you to the Service, including referral URLs, campaign identifiers, and search terms used.
• Performance Metrics: Page load times, error logs, crash reports, and other diagnostic data that help us identify and resolve technical issues.

3.3 Information from Third Parties

We may receive information about you from the following third-party sources:

• OAuth / Social Sign-In Providers: When you choose to sign in using Google OAuth, we receive your name, email address, profile picture, and unique account identifier from Google. We only request the minimum permissions necessary for authentication.
• Payment Processors: Stripe provides us with transaction confirmations, payment status updates, subscription status, and limited billing information (such as card type and last four digits) to manage your account and subscriptions.
• Analytics Partners: We may receive aggregated or anonymized analytics data from third-party analytics services to help us understand usage trends, traffic sources, and overall Service performance.

4. How We Use Your Information

We use the information we collect for the following purposes, each paired with the applicable legal basis under the GDPR:

• Providing and Operating the Service: To create and manage your account, authenticate your identity, process your video uploads, generate AI-powered clips, deliver captions, and provide all core functionality of the Service.Legal basis: Performance of a contract
• Processing Payments: To process transactions, manage your subscription, issue invoices and receipts, handle refunds, and maintain billing records.Legal basis: Performance of a contract
• AI Video Processing: To analyze your uploaded video content using our AI and machine learning models for the purpose of clip detection, automatic captioning, smart reframing, and other video processing features.Legal basis: Performance of a contract
• Transactional Communications: To send account confirmations, password resets, billing receipts, subscription notifications, service updates, security alerts, and other communications necessary for the operation of the Service.Legal basis: Performance of a contract / Legitimate interest
• Customer Support: To respond to your inquiries, support requests, bug reports, and feedback, and to provide technical assistance.Legal basis: Performance of a contract / Legitimate interest
• Service Improvement: To analyze usage patterns, identify trends, conduct research, and improve the functionality, performance, reliability, and user experience of the Service.Legal basis: Legitimate interest
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, unauthorized access, abuse of the Service, and other security threats.Legal basis: Legitimate interest / Legal obligation
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including tax reporting and record-keeping obligations.Legal basis: Legal obligation
• Marketing Communications: To send you promotional materials, newsletters, product announcements, and other marketing communications, but only where you have given your explicit opt-in consent or where permitted under applicable law. You can unsubscribe at any time.Legal basis: Consent
• Analytics and Aggregation: To generate aggregated, de-identified, or anonymized data sets for statistical analysis, benchmarking, and business intelligence purposes. Such data cannot be used to identify you.Legal basis: Legitimate interest

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your Personal Data only when we have a valid legal basis to do so. Our legal bases for processing include:

• Performance of a Contract (Article 6(1)(b)): Processing is necessary to perform our contract with you, including providing the Service, managing your account, processing your video content, handling payments, and delivering the features you have subscribed to.
• Consent (Article 6(1)(a)): Where you have given us your explicit, freely given, specific, informed, and unambiguous consent to process your Personal Data for a specific purpose, such as receiving marketing communications or enabling non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legitimate Interest (Article 6(1)(f)): Processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving the Service, ensuring security, preventing fraud, conducting analytics, and operating our business effectively. We conduct a balancing test for each processing activity relying on this basis.
• Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with a legal obligation to which we are subject, such as tax reporting requirements, responding to valid legal requests from public authorities, and maintaining required business records.
• Vital Interest (Article 6(1)(d)): In rare circumstances, processing may be necessary to protect the vital interests of you or another natural person, such as in emergency situations involving threats to personal safety.

Where we rely on legitimate interest as the legal basis, you have the right to object to such processing. To learn more about the specific legal basis for any particular processing activity, or to exercise your right to object, please contact us at support@strategia-x.com.

6. Video Content & AI Processing

This section provides specific information about how we handle the video content you upload to the Service and how our AI/ML technology processes that content. We understand that your video content may contain sensitive or proprietary material, and we treat it with the highest level of care and confidentiality.

6.1 How Video Content Is Processed

When you upload a video to ClipForge AI, our AI and machine learning models analyze the video to provide the features you have requested. This processing may include, but is not limited to:

• Analyzing visual and audio content to identify optimal clip segments
• Generating automatic captions and subtitles through speech-to-text analysis
• Performing smart reframing to optimize content for different aspect ratios
• Detecting scene changes, speaker transitions, and engagement patterns
• Extracting metadata necessary for processing (duration, resolution, codec information)

6.2 We Do NOT Use Your Videos to Train AI Models

Your uploaded video content is never used to train, fine-tune, or improve our AI or machine learning models. Your videos are processed solely and exclusively to provide you with the Service's features as you have requested. We do not aggregate, sample, or otherwise incorporate your video content or its derivatives into any training datasets.

6.3 Purpose Limitation

Your video content is processed exclusively for the purpose of delivering the ClipForge AI Service to you. We do not access, review, or use your video content for any other purpose, including advertising, profiling, or sale to third parties. Our employees and contractors do not view your video content unless you explicitly request support that requires them to do so, and even then, access is strictly limited, logged, and subject to confidentiality obligations.

6.4 Video Retention and Auto-Deletion

Uploaded video content and the resulting processed clips are retained on our servers for a period of 30 days following processing completion. After this 30-day period, your video content is automatically and permanently deleted from our active storage systems. Residual copies in encrypted backup systems are purged within 90 days. You may also choose to manually delete your video content at any time through your account dashboard before the automatic deletion occurs.

7. How We Share Your Information

We do not sell your Personal Data. We do not share your Personal Data for cross-context behavioral advertising. We may share your information only in the following circumstances:

7.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your Personal Data only to the extent necessary to perform the specific tasks we have engaged them for, and they are contractually obligated to protect your data and not to use it for any other purpose. Our key service providers include:

• Supabase: Authentication services, database hosting, and data storage.
• Stripe: Payment processing, subscription management, billing, and fraud prevention.
• Cloudflare: Content delivery network (CDN), web hosting, DDoS protection, and performance optimization.
• Google: OAuth authentication services for social sign-in functionality.

7.2 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, court order, subpoena, or other legal process; (b) protect and defend the rights or property of Strategia-X; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.

7.3 Business Transfers

In the event that Strategia-X is involved in a merger, acquisition, reorganization, asset sale, bankruptcy, or similar transaction, your Personal Data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your Personal Data is transferred and becomes subject to a different privacy policy. The acquiring entity will be required to honor the commitments we have made in this Privacy Policy.

7.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you with third parties for industry analysis, benchmarking, research, and other purposes. This data does not constitute Personal Data under applicable privacy laws.

7.5 With Your Consent

We may share your Personal Data with third parties when you have explicitly authorized or directed us to do so.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons and pixels) to collect information, improve the Service, and provide you with a better experience. When you first visit the Service, you are presented with a cookie consent banner that allows you to manage your cookie preferences.

8.1 Types of Cookies We Use

• Essential Cookies (Strictly Necessary): These cookies are required for the Service to function properly. They enable core functionality such as authentication, session management, security features, and load balancing. These cookies cannot be disabled without impacting the functionality of the Service and do not require your consent.
• Functional Cookies (Preferences): These cookies remember your preferences and settings to provide a more personalized experience. This includes preferences such as language selection, theme choices, default export settings, and cookie consent preferences. These cookies are set only with your consent.
• Analytics Cookies (Performance): These cookies help us understand how visitors interact with the Service by collecting and reporting information in an aggregated and anonymized form. They help us measure page views, session duration, bounce rates, and feature usage. These cookies are set only with your consent.

8.2 Managing Cookies

You can manage your cookie preferences in the following ways:

• Cookie Consent Banner: When you first visit the Service, you can accept or reject non-essential cookies via the cookie consent banner. You can update your preferences at any time by clicking the cookie settings link in the footer of the Service.
• Browser Settings: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling essential cookies may prevent you from using certain features of the Service.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

9. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The specific retention periods depend on the type of data:

• Account Data: We retain your account information (name, email, preferences) for as long as your account remains active. Upon account deletion, we remove or anonymize your account data within 30 days, except where retention is required by law.
• Video Content: Uploaded videos and processed clips are automatically deleted 30 days after processing completion. You may manually delete your content at any time before the automatic deletion. Residual copies in encrypted backups are purged within 90 days.
• Billing and Payment Records: We retain transaction records, invoices, and billing information for a period of 7 years to comply with tax, accounting, and financial reporting obligations.
• Server Logs and Diagnostic Data: Server logs, error reports, and performance metrics are retained for 90 days for operational, troubleshooting, and security purposes, after which they are automatically purged.
• Communications and Support Records: Support tickets and correspondence are retained for 2 years after the last interaction, or for the duration of your account, whichever is longer, to provide continuity of support and resolve recurring issues.

Post-Deletion Procedures

When data reaches the end of its retention period or you request deletion, we take steps to securely delete or irreversibly anonymize the data. Deletion from active systems occurs promptly, and data is purged from backup systems within 90 days. We may retain anonymized, aggregated data indefinitely, as it cannot be used to identify you.

10. Data Security

We take the security of your Personal Data seriously and implement comprehensive technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). This includes all API communications, file uploads, and authentication exchanges.
• Encryption at Rest: All data stored on our servers, including your Personal Data, video content, and backups, is encrypted using AES-256 encryption.
• Access Controls: We enforce the principle of least privilege, ensuring that only authorized personnel with a legitimate business need can access your data. Access is protected by multi-factor authentication and is logged and audited.
• Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses.
• Incident Response: We maintain a documented incident response plan for promptly detecting, investigating, containing, and remediating security breaches. In the event of a data breach that affects your Personal Data, we will notify you and the relevant supervisory authorities in accordance with applicable law (within 72 hours under the GDPR).
• SOC 2 Practices: Our security practices are aligned with SOC 2 Type II standards for security, availability, and confidentiality. We also require our critical service providers to maintain comparable security certifications.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our security practices and promptly addressing any vulnerabilities identified.

11. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer Personal Data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use the European Commission-approved Standard Contractual Clauses as the primary mechanism for transferring Personal Data outside the EEA. These clauses impose contractual obligations on the data importer to protect your data to the standard required by the GDPR.
• Data Processing Agreements (DPAs): We enter into Data Processing Agreements with all third-party service providers that process Personal Data on our behalf. These agreements require processors to implement appropriate technical and organizational measures to protect your data.
• EU-US Data Privacy Framework: Where applicable, we rely on the EU-US Data Privacy Framework, the UK Extension, and the Swiss-US Data Privacy Framework as an additional safeguard for transfers to certified organizations in the United States.

You may request a copy of the safeguards we have in place by contacting us at support@strategia-x.com.

12. Your Rights Under GDPR (EEA/UK/Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (and the UK GDPR) with respect to your Personal Data:

• Right of Access (Article 15): You have the right to request a copy of the Personal Data we hold about you, along with information about how it is processed, the purposes of processing, the categories of data, recipients, and retention periods.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate Personal Data and completion of incomplete Personal Data without undue delay.
• Right to Erasure (Article 17): You have the right to request deletion of your Personal Data ("right to be forgotten") when, among other grounds, the data is no longer necessary for its original purpose, you withdraw consent, or the data has been unlawfully processed.
• Right to Restriction (Article 18): You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you oppose erasure.
• Right to Data Portability (Article 20): You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller without hindrance from us, where processing is based on consent or a contract and carried out by automated means.
• Right to Object (Article 21): You have the right to object to the processing of your Personal Data based on our legitimate interests, including profiling. You also have the absolute right to object to processing for direct marketing purposes at any time.
• Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects concerning you. ClipForge AI does not currently make automated decisions that have legal or similarly significant effects on users.
• Right to Withdraw Consent: Where we process your Personal Data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a Data Protection Authority (DPA) in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement. A list of EEA DPAs is available at edpb.europa.eu. For the UK, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.

How to Exercise Your Rights

To exercise any of the rights described above, please submit a request by email to support@strategia-x.com with the subject line "GDPR Data Rights Request." We may need to verify your identity before processing your request. We will respond to your request within 30 days of receipt. In complex cases, this period may be extended by an additional 60 days, in which case we will inform you of the extension and the reasons for the delay within the initial 30-day period. There is no fee for exercising your rights unless your request is manifestly unfounded or excessive.

13. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your Personal Information (as defined under California law). This section describes your rights and how to exercise them.

Your California Privacy Rights

• Right to Know (Access): You have the right to request that we disclose to you the categories and specific pieces of Personal Information we have collected about you in the preceding 12 months, the categories of sources from which the information was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request the deletion of your Personal Information that we have collected, subject to certain exceptions (such as completing a transaction, detecting security incidents, complying with legal obligations, or enabling internal uses reasonably aligned with your expectations).
• Right to Correct: You have the right to request that we correct inaccurate Personal Information that we maintain about you, taking into account the nature of the information and the purposes for which we process it.
• Right to Opt-Out of Sale or Sharing: You have the right to direct us not to "sell" or "share" your Personal Information (as those terms are defined under the CCPA/CPRA). We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: You have the right to request that we limit the use and disclosure of your Sensitive Personal Information to only what is necessary to perform the Service or provide the goods reasonably expected by an average consumer. We only collect Sensitive Personal Information when strictly necessary and do not use it for purposes beyond providing the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you the Service, charge you different prices, provide a different quality of service, or otherwise retaliate against you for exercising your privacy rights.

Categories of Personal Information Collected in the Past 12 Months

"Do Not Sell My Personal Information"

Strategia-X does not sell, and has not sold in the preceding 12 months, any Personal Information of consumers as defined by the CCPA/CPRA. We do not share Personal Information with third parties for monetary or other valuable consideration. We do not share Personal Information for cross-context behavioral advertising. Because we do not sell or share your Personal Information, there is no need to opt out. However, if you wish to submit a request or have questions, please contact us at support@strategia-x.com.

How to Submit a Verifiable Consumer Request

To exercise any of your CCPA/CPRA rights, you (or your authorized agent) may submit a verifiable consumer request by emailing us at support@strategia-x.com with the subject line "CCPA/CPRA Data Rights Request." We will verify your identity by matching information you provide with information we already have on file. You may make a verifiable consumer request up to two times within a 12-month period. We will respond to your request within 45 days of receipt. If we require additional time, we will inform you of the reason and the extension period (up to an additional 45 days). If you use an authorized agent, we may require proof of authorization and may still verify your identity directly.

14. Additional US State Privacy Rights

In addition to California, residents of several other US states have privacy rights under their respective state laws. If you are a resident of any of the following states, you may have similar rights to access, correct, delete, and opt out of certain processing of your Personal Data:

• Virginia (VCDPA): Virginia residents have the right to access, correct, and delete their Personal Data, the right to data portability, and the right to opt out of targeted advertising, the sale of Personal Data, and profiling in furtherance of decisions that produce legal or similarly significant effects. You may appeal a denial of your request by contacting us.
• Colorado (CPA): Colorado residents have the right to access, correct, and delete their Personal Data, the right to data portability, and the right to opt out of targeted advertising, the sale of Personal Data, and profiling. You may appeal a denial of your request within a reasonable period.
• Connecticut (CTDPA): Connecticut residents have the right to access, correct, and delete their Personal Data, the right to data portability, and the right to opt out of the sale of Personal Data, targeted advertising, and profiling. You may appeal a denial of your request, and if we deny your appeal, you may contact the Connecticut Attorney General.
• Utah (UCPA): Utah residents have the right to access and delete their Personal Data, the right to data portability, and the right to opt out of the sale of Personal Data and targeted advertising.
• Texas (TDPSA): Texas residents have the right to access, correct, and delete their Personal Data, the right to data portability, and the right to opt out of the sale of Personal Data, targeted advertising, and profiling. You may appeal a denial of your request within a reasonable period.

To exercise any rights available under your state's privacy law, please contact us at support@strategia-x.com with the subject line "State Privacy Rights Request" and indicate your state of residence. We will process your request in accordance with the applicable state law.

15. Children's Privacy

The Service is not intended for, marketed to, or designed to attract individuals under the age of 16 (or under the age of 13 in the United States). We do not knowingly collect, solicit, or maintain Personal Data from anyone under these age thresholds. We comply with the Children's Online Privacy Protection Act (COPPA) and similar laws in other jurisdictions.

If we learn that we have collected Personal Data from a child under the applicable minimum age without verified parental consent, we will take steps to delete that information as quickly as possible. If you are a parent or guardian and believe that your child has provided us with Personal Data, please contact us immediately at support@strategia-x.com so that we can take appropriate action.

16. Third-Party Links

The Service may contain links to third-party websites, services, or applications that are not owned or controlled by Strategia-X. This Privacy Policy applies only to the Service. We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit before providing any Personal Data. The inclusion of a link to a third-party website does not imply endorsement by Strategia-X.

17. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to interpret and respond to DNT signals, the Service does not currently respond to or alter its practices when it receives a DNT signal from a visitor's browser. However, you can manage your tracking and cookie preferences through our cookie consent banner and your browser settings as described in Section 8. We will continue to monitor developments around DNT standards and update our practices accordingly.

For California residents, please note that under the CCPA/CPRA, we honor opt-out preference signals such as the Global Privacy Control (GPC). If we detect a GPC signal from your browser, we will treat it as a valid opt-out request for the sale or sharing of Personal Information, to the extent applicable.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this page.

Material Changes

For material changes that significantly affect how we collect, use, or share your Personal Data, we will provide prominent notice before the changes take effect. This notice may include: (a) an email notification sent to the email address associated with your account; (b) an in-app notification or banner displayed when you next access the Service; and/or (c) a prominent notice posted on this page. Where required by applicable law, we will obtain your consent before implementing material changes.

Non-Material Changes

For non-material changes (such as clarifications, formatting updates, or minor corrections), we will update this page and revise the "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy, except where your consent is specifically required by law.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, wish to exercise any of your data protection rights, or have a complaint about how we handle your Personal Data, please contact us through any of the following channels:

We aim to respond to all privacy-related inquiries within 30 days. For CCPA/CPRA requests, we will respond within 45 days as required by California law.

If you are located in the EEA, UK, or Switzerland and believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA). You can find the contact information for EEA DPAs at edpb.europa.eu. For the UK, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.

20. Supplemental Notices

From time to time, we may provide additional privacy notices or disclosures that supplement this Privacy Policy for specific features, products, or services within ClipForge AI, or for specific jurisdictions with unique regulatory requirements. These supplemental notices will be made available to you at the point of data collection or through the relevant feature interface, and will be incorporated into and form part of this Privacy Policy. In the event of a conflict between this Privacy Policy and a supplemental notice, the supplemental notice shall prevail to the extent of the conflict with respect to the specific feature, product, service, or jurisdiction it covers.