AuraClip Privacy Policy

2.1 Account and Authentication Data

• Data Items:
  • Account Login: Username, password (hashed), Google OAuth return fields (e.g., access token) for Google Login.
  • Internal Identity: User ID, username, role, token expiration information, name, email (if provided), team_list.
• Purpose: Identity verification, account management, access control, preventing abuse, and security.
• Retention:
  • Client-side: Authentication tokens and login status are stored in your browser's localStorage until you log out or clear browser data.
  • Server-side: Account information is retained for the duration your account is active and for a legally mandated period thereafter for compliance and dispute resolution. Token expiration and refresh policies are managed internally.

2.2 Team and Administration Data

• Data Items: Team ID, team member relationships, roles (admin/user), administrator action records (audit logs).
• Purpose: Facilitating team collaboration, access control, resource isolation, and compliance management.
• Retention: Administrator audit logs are retained for a minimum of 180 days for security and compliance purposes.

2.3 Asset and Content Data (User-Generated Content)

• Data Items:
  • Video/Audio Files: The media files you upload, which may contain images of individuals, voices, geographical locations, watermarks, or other personal content.
  • Asset Metadata: File name (user_local_file_name), duration, resolution, frame rate, thumbnail, creation time, user_id/team_id, status.
  • Audio Information: Title, author, category (if provided), OSS URL, cover URL (if any).
  • Tags/Segmentation Data: System-generated tags (e.g., scenes, actions, objects, emotions), sections (clip start/end times).
• Purpose: Storing and displaying assets, enabling search and categorization, referencing in the editor, generating thumbnails/covers/waveforms, and facilitating export.
• Retention & Deletion:
  • Soft Deletion (Recycle Bin): Assets moved to the recycle bin are retained for 30 days and can be restored during this period.
  • Permanent Deletion: When you trigger a permanent deletion, the corresponding files in object storage are immediately deleted. We also remove or irreversibly anonymize their references from our database. Minimal operational logs related to the deletion may be retained for security and dispute resolution, but these will not identify the content itself.

2.4 Project and Timeline Engineering Data

• Data Items:
  • Project Information: Title, thumbnail, duration, viewed_at, created_at/updated_at, team_id/user_id.
  • Timeline Engineering: timeline_content (tracks, video/audio/subtitle items, trimming intervals, volume/mute settings, etc.).
  • Project Cover: cover.jpg (uploaded from front-end screenshots).
• Purpose: Project saving and recovery, editing and version iteration, cover display, and export synthesis.
• Retention & Deletion: Project data, including covers and related session/material references, are deleted when the associated project is deleted by the user.

2.5 AI Conversation and Message Data

• Data Items: User input, AI assistant output, timestamps, session_id/project_id, tool call information (function name, parameters, results for refreshing timelines/executing edits), workspace data (timeline structure, track information for AI context).
• Purpose: Providing AI-assisted editing, conversational project modification, multi-round iteration, and automatic generation/adjustment of timelines. Also used for troubleshooting, security, and abuse prevention (limited to necessary scope).
• Sharing/Transfer: Our AI service will transmit necessary messages, context, and workspace data to third-party Large Language Model (LLM) providers for inference.
  • Shared Data Categories: Text prompts, conversational context, timeline structure, and potentially material URLs/clip information.
  • Purpose of Sharing: Solely to fulfill the specific generation or editing request you initiate.
  • No Training: This data is not used by AuraClip or our LLM providers to train their large language models or any other models.
  • Cross-Border Data Transfers: See Section 7 for details on international data transfers.
• Retention: Conversation records are stored for an extended period to facilitate your ongoing use of the AI Assistant and review past interactions.
  • User Rights: While direct in-app deletion or export is not currently supported, you may submit requests to support@auraclip.ai to access or delete your AI conversation data. We will process such requests in accordance with applicable legal requirements, subject to identity verification and our security/compliance retention obligations.

2.6 Points, Membership, and Redemption Codes

• Data Items: Point balance, point transaction history (including source: chat/subscription/topup/manual/system), membership status (level, name, activation/expiration time, features), redemption codes (code, batch, type, value, usage count, expiration, disable reason).
• Purpose: Entitlement management, usage metering, risk control, anti-abuse, and operational activities (e.g., redemption code distribution).
• Special Note (Payment): Our payment system is not yet live. This Privacy Policy does not cover automatic renewals, recurring billing, or payment card information processing. Should we introduce paid features in the future, we will update these terms and provide separate notices as required by law.
• Beta/Testing Period Rules: During beta or testing phases, points may be reset daily, and quotas may change. We reserve the right to adjust these rules for service improvement, and such changes will be announced. There is no guarantee of constant quotas during these periods.

2.7 Device Information, Logs, and Analytics

• Google Analytics (gtag.js): We use Google Analytics across our Services.
  • Collected Data: Device/browser information, pages visited, events, cookie identifiers, approximate geographical location, and IP address (typically processed by Google).
  • Purpose: Website analytics, performance optimization, and understanding user engagement.
• Service Logs (Self-Built):
  • Collected Data: API and WebSocket log fields, potentially including IP addresses, timestamps, and request/response data.
  • Purpose: Service operation, performance monitoring, security, and troubleshooting.
  • Retention: Service logs are retained for a minimum of 180 days, and security audit logs are retained for 180 days, in line with industry best practices and compliance requirements. Data is anonymized or de-identified where possible.

3.1 Essential Cookies/Local Storage

These are strictly necessary for the operation of our Services and cannot be switched off.

• auraclip_locale (cookie): Stores your language preference (expires in 1 year, SameSite=Lax, Secure under HTTPS).
• localStorage: auth-storage: Stores authentication tokens and user login status.
• localStorage: auraclip_locale: Backup for language preference.
• localStorage: ai_video_source_strategy: Stores your AI material source strategy preference.
• sessionStorage: waveform_*: Caches audio waveform data for performance.

3.2 Analytics Cookies (Third-Party)

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They are only activated with your explicit consent via our Cookie Consent Banner.

• Google Analytics Cookies: Such as _ga, _gid, _gat_*, etc., used to collect information about how visitors use our site.

3.3 Managing Cookies

You can manage your cookie preferences through our Cookie Consent Banner. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly.

4.1 With Service Providers and Sub-processors

We engage trusted third-party service providers to perform functions on our behalf. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

4.2 For Legal Reasons

We may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation; (b) protect and defend the rights or property of AuraClip; (c) act in urgent circumstances to protect the personal safety of users of the Services or the public; or (d) protect against legal liability.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

7.1 For Users in the EEA and UK (GDPR/UK GDPR)

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data under certain conditions.
• Right to Restriction of Processing: Request that we limit the way we use your data.
• Right to Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller. While direct in-app export is not currently supported for all data, you may request a copy of your applicable data by contacting us.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.
• Right to Lodge a Complaint: Lodge a complaint with your supervisory authority (e.g., the Data Protection Commission in Ireland or the ICO in the UK).

7.2 For California Residents (CCPA/CPRA)

• Right to Know: Request categories and specific pieces of personal information we collect, the sources, purposes, and categories of third parties with whom we share it.
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Selling or Sharing: AuraClip does not sell your personal information in the traditional sense. We also do not "share" your personal information for cross-context behavioral advertising.
• Right to Limit Use and Disclosure of Sensitive Personal Information: We only use sensitive personal information (such as account login credentials) as necessary to provide the Services and within the scope of permitted business purposes under the CPRA.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA/CPRA rights.

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@auraclip.ai.

• We will verify your identity before fulfilling your request, which may require you to provide additional information.
• We will respond to your request within the timeframes required by applicable law.
• We may retain certain information as required by law or for legitimate business purposes (e.g., to complete a transaction, detect security incidents, or comply with legal obligations).