AuraClip Privacy Policy
Effective Date: January 13, 2026
Last Updated: January 13, 2026
This Privacy Policy describes how auraclip.ai ("AuraClip," "we," "us," or "our") collects, uses, processes, and shares personal information when you use our website, services, and applications, including auraclip.ai’s official website, login, asset library, project/timeline editor, AI Assistant (SSE/WebSocket), blog, and backend management (collectively, the "Services").
We are committed to protecting your privacy and handling your data transparently. This policy is designed to comply with the General Data Protection Regulation (GDPR) and UK GDPR for users in the European Economic Area (EEA) and the United Kingdom, and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) for California residents, among other applicable privacy laws.
1. Who We Are
Product Name: AuraClip
Company Name: auraclip.ai
Registered Address: Room 1801, 18/F, Innovate Tower, No. 777 Nathan Road, Mong Kok, Kowloon, Hong Kong
Contact Email for Privacy Matters: support@auraclip.ai
2. Personal Information We Collect
We collect personal information about you from various sources and in different ways, depending on how you interact with our Services.
2.1 Account and Authentication Data
- Data Items:
- Account Login: Username, password (hashed), Google OAuth return fields (e.g., access token) for Google Login.
- Internal Identity: User ID, username, role, token expiration information, name, email (if provided), team_list.
- Purpose: Identity verification, account management, access control, preventing abuse, and security.
- Retention:
- Client-side: Authentication tokens and login status are stored in your browser's
localStorageuntil you log out or clear browser data. - Server-side: Account information is retained for the duration your account is active and for a legally mandated period thereafter for compliance and dispute resolution. Token expiration and refresh policies are managed internally.
- Client-side: Authentication tokens and login status are stored in your browser's
2.2 Team and Administration Data
- Data Items: Team ID, team member relationships, roles (admin/user), administrator action records (audit logs).
- Purpose: Facilitating team collaboration, access control, resource isolation, and compliance management.
- Retention: Administrator audit logs are retained for a minimum of 180 days for security and compliance purposes.
2.3 Asset and Content Data (User-Generated Content)
- Data Items:
- Video/Audio Files: The media files you upload, which may contain images of individuals, voices, geographical locations, watermarks, or other personal content.
- Asset Metadata: File name (user_local_file_name), duration, resolution, frame rate, thumbnail, creation time, user_id/team_id, status.
- Audio Information: Title, author, category (if provided), OSS URL, cover URL (if any).
- Tags/Segmentation Data: System-generated tags (e.g., scenes, actions, objects, emotions), sections (clip start/end times).
- Purpose: Storing and displaying assets, enabling search and categorization, referencing in the editor, generating thumbnails/covers/waveforms, and facilitating export.
- Retention & Deletion:
- Soft Deletion (Recycle Bin): Assets moved to the recycle bin are retained for 30 days and can be restored during this period.
- Permanent Deletion: When you trigger a permanent deletion, the corresponding files in object storage are immediately deleted. We also remove or irreversibly anonymize their references from our database. Minimal operational logs related to the deletion may be retained for security and dispute resolution, but these will not identify the content itself.
2.4 Project and Timeline Engineering Data
- Data Items:
- Project Information: Title, thumbnail, duration, viewed_at, created_at/updated_at, team_id/user_id.
- Timeline Engineering:
timeline_content(tracks, video/audio/subtitle items, trimming intervals, volume/mute settings, etc.). - Project Cover:
cover.jpg(uploaded from front-end screenshots).
- Purpose: Project saving and recovery, editing and version iteration, cover display, and export synthesis.
- Retention & Deletion: Project data, including covers and related session/material references, are deleted when the associated project is deleted by the user.
2.5 AI Conversation and Message Data
- Data Items: User input, AI assistant output, timestamps,
session_id/project_id, tool call information (function name, parameters, results for refreshing timelines/executing edits), workspace data (timeline structure, track information for AI context). - Purpose: Providing AI-assisted editing, conversational project modification, multi-round iteration, and automatic generation/adjustment of timelines. Also used for troubleshooting, security, and abuse prevention (limited to necessary scope).
- Sharing/Transfer: Our AI service will transmit necessary messages, context, and workspace data to third-party Large Language Model (LLM) providers for inference.
- Shared Data Categories: Text prompts, conversational context, timeline structure, and potentially material URLs/clip information.
- Purpose of Sharing: Solely to fulfill the specific generation or editing request you initiate.
- No Training: This data is not used by AuraClip or our LLM providers to train their large language models or any other models.
- Cross-Border Data Transfers: See Section 7 for details on international data transfers.
- Retention: Conversation records are stored for an extended period to facilitate your ongoing use of the AI Assistant and review past interactions.
- User Rights: While direct in-app deletion or export is not currently supported, you may submit requests to
support@auraclip.aito access or delete your AI conversation data. We will process such requests in accordance with applicable legal requirements, subject to identity verification and our security/compliance retention obligations.
- User Rights: While direct in-app deletion or export is not currently supported, you may submit requests to
2.6 Points, Membership, and Redemption Codes
- Data Items: Point balance, point transaction history (including source: chat/subscription/topup/manual/system), membership status (level, name, activation/expiration time, features), redemption codes (code, batch, type, value, usage count, expiration, disable reason).
- Purpose: Entitlement management, usage metering, risk control, anti-abuse, and operational activities (e.g., redemption code distribution).
- Special Note (Payment): Our payment system is not yet live. This Privacy Policy does not cover automatic renewals, recurring billing, or payment card information processing. Should we introduce paid features in the future, we will update these terms and provide separate notices as required by law.
- Beta/Testing Period Rules: During beta or testing phases, points may be reset daily, and quotas may change. We reserve the right to adjust these rules for service improvement, and such changes will be announced. There is no guarantee of constant quotas during these periods.
2.7 Device Information, Logs, and Analytics
- Google Analytics (gtag.js): We use Google Analytics across our Services.
- Collected Data: Device/browser information, pages visited, events, cookie identifiers, approximate geographical location, and IP address (typically processed by Google).
- Purpose: Website analytics, performance optimization, and understanding user engagement.
- Service Logs (Self-Built):
- Collected Data: API and WebSocket log fields, potentially including IP addresses, timestamps, and request/response data.
- Purpose: Service operation, performance monitoring, security, and troubleshooting.
- Retention: Service logs are retained for a minimum of 180 days, and security audit logs are retained for 180 days, in line with industry best practices and compliance requirements. Data is anonymized or de-identified where possible.
3. Cookies and Local Storage
We use cookies and similar tracking technologies to operate and improve our Services. When you visit our website, you will be presented with a Cookie Consent Banner (CMP) allowing you to manage your preferences for non-essential cookies.
3.1 Essential Cookies/Local Storage
These are strictly necessary for the operation of our Services and cannot be switched off.
auraclip_locale(cookie): Stores your language preference (expires in 1 year, SameSite=Lax, Secure under HTTPS).localStorage: auth-storage: Stores authentication tokens and user login status.localStorage: auraclip_locale: Backup for language preference.localStorage: ai_video_source_strategy: Stores your AI material source strategy preference.sessionStorage: waveform_*: Caches audio waveform data for performance.
3.2 Analytics Cookies (Third-Party)
These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. They are only activated with your explicit consent via our Cookie Consent Banner.
- Google Analytics Cookies: Such as
_ga,_gid,_gat_*, etc., used to collect information about how visitors use our site.
3.3 Managing Cookies
You can manage your cookie preferences through our Cookie Consent Banner. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly.
4. How We Share Personal Information
We do not sell your personal information. We may share your personal information with third parties in the following circumstances:
4.1 With Service Providers and Sub-processors
We engage trusted third-party service providers to perform functions on our behalf. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
| Third-Party Category / Provider Name | Purpose | Data Shared | Data Used for Training? |
|---|---|---|---|
| Google OAuth | Third-party login | OAuth login tokens and process-required information (used to exchange for internal login status). | No |
| Google Analytics | Website analytics, performance optimization | Browsing behavior, device information (as configured in GA). | No |
| Large Language Model (LLM) Providers: OpenAI, Anthropic, Google | AI generation and editing inference (to fulfill user requests) | User input (text prompts), conversational context, workspace data (timeline structure, track information, potentially material URLs/clip information) – only to the necessary extent to complete your request. | No (explicitly confirmed) |
| Sanity | Content management for website/blog | Content query requests (generally does not include user personal information). | N/A |
Blog Content Source (t-gtm.vertu.cn) | Fetching and caching blog content | Standard web requests for content. While generally not containing personal information, please note this is a third-party domain from which content is fetched and cached. (If this is your own domain, this entry would be adjusted.) | N/A |
4.2 For Legal Reasons
We may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation; (b) protect and defend the rights or property of AuraClip; (c) act in urgent circumstances to protect the personal safety of users of the Services or the public; or (d) protect against legal liability.
4.3 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
4.4 With Your Consent
We may share your information for any other purpose with your explicit consent.
5. Legal Basis for Processing (for EEA and UK Users)
We process your personal information based on the following legal grounds:
- Performance of a Contract: To provide you with the Services, including creating, storing, editing, and exporting your projects, and providing AI assistance.
- Legitimate Interests: For our legitimate interests or those of a third party, such as security, fraud prevention, abuse prevention, service improvement, analytics, and troubleshooting, provided these interests are not overridden by your data protection rights. We conduct a legitimate interest assessment for such processing.
- Consent: Where you have given explicit consent, particularly for non-essential cookies (e.g., analytics) and certain marketing communications. You have the right to withdraw your consent at any time.
- Legal Obligation: To comply with our legal obligations.
6. International Data Transfers (for EEA and UK Users)
As AuraClip operates globally and uses third-party service providers, your personal information may be transferred to, stored, and processed in countries outside of the European Economic Area (EEA) and the United Kingdom, including the United States, where data protection laws may differ from those in your jurisdiction.
When transferring your data to such third countries, we ensure that appropriate safeguards are in place to protect your privacy rights, typically by:
- Using Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO.
- Ensuring the recipient is located in a country deemed to provide an adequate level of data protection by the European Commission or UK government.
- Implementing supplementary measures such as robust encryption, access controls, and regular security audits.
By using our Services, you understand and agree to the transfer of your information to these countries.
7. Your Data Protection Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
7.1 For Users in the EEA and UK (GDPR/UK GDPR)
- Right to Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to Be Forgotten"): Request deletion of your personal data under certain conditions.
- Right to Restriction of Processing: Request that we limit the way we use your data.
- Right to Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller. While direct in-app export is not currently supported for all data, you may request a copy of your applicable data by contacting us.
- Right to Object: Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.
- Right to Lodge a Complaint: Lodge a complaint with your supervisory authority (e.g., the Data Protection Commission in Ireland or the ICO in the UK).
7.2 For California Residents (CCPA/CPRA)
- Right to Know: Request categories and specific pieces of personal information we collect, the sources, purposes, and categories of third parties with whom we share it.
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Selling or Sharing: AuraClip does not sell your personal information in the traditional sense. We also do not "share" your personal information for cross-context behavioral advertising.
- Right to Limit Use and Disclosure of Sensitive Personal Information: We only use sensitive personal information (such as account login credentials) as necessary to provide the Services and within the scope of permitted business purposes under the CPRA.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA/CPRA rights.
7.3 How to Exercise Your Rights
To exercise any of these rights, please contact us at support@auraclip.ai.
- We will verify your identity before fulfilling your request, which may require you to provide additional information.
- We will respond to your request within the timeframes required by applicable law.
- We may retain certain information as required by law or for legitimate business purposes (e.g., to complete a transaction, detect security incidents, or comply with legal obligations).
8. Data Retention and Deletion Practices
- Account Information: Retained as long as your account is active and for a legally mandated period thereafter.
- Material Data:
- Soft Delete (Recycle Bin): Retained for 30 days.
- Permanent Delete: Files in object storage are immediately deleted upon user initiation. Related database records are deleted or anonymized.
- AI Conversation Data: Retained for an extended period to provide service continuity. While direct in-app deletion is not supported, you may request deletion via
support@auraclip.ai, and we will process it according to applicable laws, subject to verification and retention obligations. - Service Logs: Access logs are retained for 180 days. Security audit logs are retained for 180 days.
- Points, Membership, and Redemption Records: Retained for 180 days to manage entitlements, resolve disputes, and comply with financial/tax regulations.
- Analytics Data: Retained according to Google Analytics' standard retention policies, which you can manage in your Google account settings.
9. Children's Privacy
Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to remove that information from our servers. If you believe a child under 13 has provided us with personal information, please contact us at support@auraclip.ai.
10. Security of Your Information
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include data encryption, access controls, secure server infrastructure, and regular security assessments. While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically for any changes.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: support@auraclip.ai
Address: auraclip.ai, Room 1801, 18/F, Innovate Tower, No. 777 Nathan Road, Mong Kok, Kowloon, Hong Kong
