Privacy policy
This policy explains how Kliptix (the “service”) processes personal data for account opening, purchase, AI-driven video creation (script, visuals, voice, edit) and delivery of files.
1. Data controller and legal bases
Controller: Eldoranext (see Legal notices for contact). Processing relies in particular on: performance of the contract (service, account, billing); legal obligation (accounting, invoice retention, tax); legitimate interest (security, fraud prevention, limited service quality) where required. Optional processing (e.g. marketing email) is based on consent, separately from the core service above.
2. Categories of data
- Sign-in data (account, social OAuth id if you use it, email address).
- Billing data (name, address, company ID, VAT) and purchase history as processed with Stripe.
- Usage data: project history, generation settings, credit consumption, timestamps, technical logs.
- Content you enter to produce a video (prompts, script, style choices, file names) and, where applicable, source files you upload.
- Output files (video, stills, audio) kept as long as needed to deliver, allow download, and for support, per our retention rules.
3. Subprocessors and AI engines
In particular: Stripe (payment and, where used, the subscription portal) as a regulated payment service; an AI API broker (e.g. OpenRouter-style) that routes to several model vendors (text, image, sound, video); the infrastructure host (data centres set out in the Legal notices); the identity provider if you sign in with a third party (e.g. Google OAuth). The host may store account and deliverable data; AI execution may be located in Europe, North America, the United Kingdom, Asia, etc., depending on the model path.
4. Transfers outside the European Economic Area
Some models reachable through our orchestration are operated from the United States or, depending on your selection, from other countries (processing may in some cases involve resources in the People’s Republic of China for certain execution paths). Such transfers are for the performance of your contract. Where required, we rely on standard contractual clauses, supplementary measures, or any other valid basis. You may request a high-level description by contacting the address below.
5. What is not sent “as such” to generate a clip
Your administrative customer record (full billing address, card data as held by Stripe) is not sent to model providers only to make a short film. Account identifiers and email power Kliptix (and Stripe for payment) — they are not the creative payload for each request. The text and parameters you type, and media you attach, must be transmitted to the technical engines. Enter only what is necessary, especially in free-text fields; do not include unnecessary special-category data (health, etc.).
6. Your rights (GDPR)
You may request access, rectification or erasure (subject to legal retention), data portability when applicable, withdraw consent to optional processing, restrict processing, or complain to a supervisory authority. For any request, write to [email protected]. We generally respond within one month unless a delay is required for complexity, in which case you will be informed.
7. Retention and security
Invoices and accounting materials are kept for 10 years. Security and account logs are kept for the time required for evidence, support and anti-fraud, then deleted or anonymised. Rendered files are kept long enough to allow access, download and support depending on the plan, then may be purged: keep your own copies. We apply appropriate technical and organisational measures (TLS, access control, vetted host). No system is perfect; you use the service with awareness of the residual risk.
8. Cookies, trackers, logs
Session, language, cart or security cookies, and, where we add them, audience cookies, are managed under the ePrivacy framework and CNIL / GDPR rules (consent, withdraw, reject). IP addresses, user agent and related headers may be processed as connection data, including for the host’s obligations, within appropriate retention. You can block cookies in the browser, possibly limiting features. A future cookie banner, if any, will supplement this page.
9. Minors, corporate accounts, DPA
The service is aimed at users able to give valid consent (typically not under 15/16, depending on the law) without ID checks by default, with suspension if a minor is confirmed. Enterprise accounts may, where offered, be covered by a separate DPA. New subprocessors and regions will be covered under Article 28 and change communications where the risk so requires.
10. Breach notification, records, impact assessment
In case of a personal data breach likely to affect your rights, we will notify the supervisory authority, and, when required, you, within legal time limits, with the main facts. We keep a processing record and, where a high risk processing requires, a DPIA. Media generation or lip-sync, alone, is not a high-risk processing in our standard setup unless you include special categories of data or use cases that make it so.
11. Automated decisions and profiling
We do not use Article 22 GDPR “solely automated” decision-making for legal or similar effects against you, beyond technical orchestration (queues, credit debits, optional fraud heuristics). If we add targeted marketing under future laws, a separate opt-in/notice will apply. You may request a high-level description of our orchestration; we do not disclose trade secrets or full source code beyond what the law and competition require.
12. Exercising your rights, marketing opt-out
We process access, erasure, rectification, limitation, portability and opposition requests in legal time, with receipt acknowledgment, save where the law or a court order requires retention. We do not sell your e-mail to advertisers. Sharing with our listed providers follows Article 28. This page may be updated; the version online applies, without reducing mandatory consumer rights.