Legal

Privacy Policy

Last updated: May 2026

The short version

ClipShip processes your videos entirely on your computer. Your footage, audio, and transcripts never leave your machine. We do not upload, store, or access your content.

What ClipShip collects

When using the desktop app (ClipShip Local):

  • No video or audio content is transmitted anywhere
  • No transcripts are sent to our servers
  • If you opt in to anonymous analytics, we collect: app version, OS, basic usage counts (videos processed). No content, no identifying information.
  • If you use the "Connect your AI account" option, your API key is stored in your operating system's secure keychain (Windows Credential Manager / macOS Keychain / Linux Secret Service). The key is sent directly from your computer to the AI provider (OpenAI, Claude, Gemini, Groq, or OpenRouter). We never see, collect, or transmit your key.
  • For purchase verification and license activation, we collect your email address, a non-reversible hardware fingerprint (used to enforce one license per device), and the device hostname (so you can identify which machine to sign out when switching devices).

When using clipship.co (this website):

  • If you download ClipShip, we record a download click with UTM/referrer data, country, browser user agent, and a daily hashed IP signal. We do not store raw IP addresses in the download table.
  • If you sign up for updates or email support, we collect the email address and message details you provide.
  • We use Microsoft Clarity for anonymous website analytics (page views, scroll depth). No personal data is shared.
  • We may use Google Analytics 4 for aggregate website and download-click analytics.

Connected social media accounts (YouTube, Instagram, TikTok)

ClipShip lets you publish your edited clips directly to YouTube Shorts, Instagram Reels, and TikTok. To enable this, you connect each platform via that platform's own OAuth flow. Here is exactly what we do with the data:

What we access

  • YouTube (via Google APIs): your channel name and ID (so we can show you which channel is connected), and permission to upload videos to your channel.
  • Instagram (via Meta Graph API): your Instagram Business or Creator account profile (name, ID), and permission to publish content (Reels) to your account.
  • TikTok (via TikTok Content Posting API): your TikTok username and profile, and permission to publish videos to your account.

We never access your watch history, search history, contacts, messages, or any data unrelated to publishing clips you created in ClipShip. We never read existing content from your account beyond confirming the account is connected.

What we store

  • OAuth tokens (the credentials each platform issues to authorize ClipShip to post on your behalf): stored encrypted in your operating system's secure credential store on your computer. Tokens are NOT transmitted to our servers.
  • Connected username/handle: stored locally so the app can show "Connected as @yourname". Not transmitted to our servers.

What we transmit, when, and to whom

When you click "Post to YouTube" / "Post to Instagram" / "Post to TikTok", ClipShip on your computer sends the video file, your caption, and your OAuth token directly to that platform's API. No data passes through our servers in this flow. Each post is initiated by an explicit user click — we never post automatically, on a schedule, or in the background.

Limited Use compliance (Google API Services)

ClipShip's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the minimum scopes required for the feature you initiate (uploading clips you generated).
  • We do not transfer your YouTube data to third parties.
  • We do not use your YouTube data for advertising, analytics, or training AI/ML models.
  • Your YouTube data is not read or accessed by humans on our team.

How to disconnect a connected account

Open ClipShip → Settings → Social Accounts → Disconnect next to the platform. This deletes the OAuth token from your computer. You can also revoke access directly from each platform's dashboard:

How we protect your data

We implement industry-standard security measures to protect the confidentiality, integrity, and availability of the data we handle on your behalf. Sensitive data — including OAuth tokens for connected accounts (YouTube, Instagram, TikTok), API keys for AI providers, and account credentials — is protected at every layer:

  • Encryption in transit. All communication between the ClipShip desktop app, our Cloudflare-hosted API, and connected platforms (Google APIs, Meta Graph API, TikTok Content Posting API, AI providers) is encrypted using HTTPS with TLS 1.2 or higher. No ClipShip data is ever transmitted over unencrypted channels.
  • Encryption at rest.All persistent data on our infrastructure (Cloudflare D1 database for license records, Cloudflare R2 for temporary upload-bridge files) is encrypted at rest with AES-256 by Cloudflare. OAuth tokens for your connected social accounts and your AI provider API keys are stored on YOUR computer in your operating system's secure credential store (Windows Credential Manager, macOS Keychain, or Linux Secret Service), which is itself encrypted by the operating system.
  • Authentication and access control. User sign-in is handled by Firebase Authentication (by Google), which manages password hashing and session lifecycles to industry standards. Every authenticated request from the desktop app to our API is verified using a signed Firebase JWT token; we reject any request whose signature does not validate. Internal access to user records is limited to the minimum number of engineers required to operate the service, audited on every access.
  • Webhook authenticity. Payment webhooks (Dodo Payments) and other inbound automated events are verified using HMAC-SHA256 signatures before any state-changing operation runs. Tampered or replayed events are rejected.
  • Sensitive-token isolation.Your AI provider API keys and your social media OAuth tokens never leave your computer. They are stored in your operating system's secure credential store and used only to make direct calls from your machine to the relevant platform's API. They are never transmitted to, processed by, or logged by ClipShip's servers under any circumstance.
  • Data minimization. Your videos, audio, transcripts, and editing data are processed entirely on your own computer and are never uploaded to our servers. The less sensitive data we collect, the less is at risk; we deliberately minimize our server-side footprint.
  • Network protection.Our API endpoints sit behind Cloudflare's DDoS protection and Web Application Firewall. Rate limits and abuse heuristics block automated attacks before they reach application logic.
  • Operational security. Production credentials (API keys, signing keys, webhook secrets) are stored as encrypted secrets in our infrastructure provider and are never embedded in the source code or shipped with the desktop installer.
  • Breach notification. If we become aware of a data breach that affects your personal information, we will notify affected users by email within 72 hours of discovery and provide guidance on protective steps you can take.

No method of transmission or storage on the internet is 100% secure, and we cannot guarantee absolute security. We continuously evaluate and improve our security practices. If you discover a vulnerability, please report it responsibly to [email protected].

How we use your data

  • Email (account, newsletter, or purchaser): to send product updates, license keys, and support replies. Never sold to third parties.
  • Hardware fingerprint: to enforce one license per device per the licensing terms you agreed to at purchase.
  • Anonymous analytics (opt-in): to understand which features matter most. Aggregate only.

Third-party services we use

  • Cloudflare (DNS, CDN, spam protection, license verification API)
  • Vercel (website hosting)
  • Firebase Auth (account sign-in, by Google)
  • Resend (transactional email delivery)
  • Dodo Payments (payment processing)
  • Microsoft Clarity (website analytics, anonymous)
  • Google Analytics 4 (aggregate website analytics, if enabled)

None of these services have access to your video content, editing data, or social-media OAuth tokens.

Your rights and data deletion

You can request deletion of your account data (email, license records, device fingerprint, hardware metadata) at any time by emailing [email protected]. We will delete your data within 30 days of receiving the request.

Since the desktop app processes video content entirely locally and stores OAuth tokens on your own computer, there is no video data, transcript data, or social-media OAuth token data on our servers to delete. Disconnecting a social account from ClipShip Settings, or revoking access from the platform's dashboard, immediately stops all access.

Children's privacy

ClipShip is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has registered for ClipShip, contact us and we will delete their data.

Changes to this policy

We may update this privacy policy from time to time. Significant changes will be communicated via email to registered users and via an in-app notice. Last updated date at the top of this page reflects the most recent change.

Contact

Questions about privacy? Email [email protected].

Try ClipShip for free

Repurpose long videos into ready-to-post clips. Local AI, no cloud, no subscription. A one-time price for unlimited clips.

Download for Windows