Menu
HeyClipper Privacy PolicyLast updated: January 15, 2025

Your creative collaborations deserve transparent data protections.

HeyClipper is the operating system for short-form campaign production. This policy explains how we collect, use, and safeguard data for creators, brands, agencies, and administrators so you can collaborate confidently.

Enterprise-grade security

OAuth scopes and Stripe-managed payouts keep passwords and payment data encrypted at the source.

Trusted infrastructure

HeyClipper runs on Vercel and MongoDB Atlas with redundant backups in the United States and European Union.

Controls for every role

Manage connected accounts, permissions, and notification preferences directly in your dashboard.

1. Who we are and scope

HeyClipper Labs Inc. builds HeyClipper, the collaboration platform that connects creators, brands, and agencies for short-form campaign production. This notice covers the personal and business data we process when you access heyclipper.com, mobile experiences, or HeyClipper-managed integrations.

If laws in your region provide stronger protections, we apply those standards. Capitalized terms carry the same meanings as in our Terms of Service unless defined here.

2. Information we collect

Account & Identity Details

Collected when you create or manage a HeyClipper account for any role (creator, brand, agency, or admin).

  • Full name, email address, role type, password hash, and optional profile photo or bio.
  • Company-level information such as brand name, agency roster, and client relationships.
  • Verification materials when submitted, including government ID snapshots, tax identifiers, or business certificates.

Connected Accounts & Performance Insights

Only gathered after you authorize HeyClipper to sync statistics from connected social channels.

  • OAuth tokens and refresh tokens issued by TikTok, YouTube, and Instagram to keep metrics current.
  • Audience and performance analytics surfaced in dashboards (followers, engagement rate, content metadata).
  • Permissions granted to HeyClipper by each platform and log history of sync events.

Campaign & Collaboration Activity

Information created while campaigns are scoped, staffed, produced, and approved in HeyClipper.

  • Campaign briefs, deliverable requirements, creative notes, and content review status.
  • Messages, attachments, feedback threads, and approvals exchanged between collaborators.
  • Submission metadata such as file names, thumbnails, captions, and performance tracking.

Payments, Payouts & Compliance

Processed through Stripe or other payment partners and stored with appropriate safeguards.

  • Billing contacts, invoicing addresses, tax classification, and payout preferences.
  • Transaction identifiers, payout history, and ledger entries for audit purposes.
  • Fraud flags, chargeback responses, and compliance checkpoints that protect the ecosystem.

Usage & Device Information

Automatically captured to keep HeyClipper reliable, performant, and secure across devices.

  • Device identifiers, browser and OS details, IP address, and preferred language or locale.
  • Feature engagement, page performance analytics, and error diagnostics.
  • Cookie identifiers and similar technologies that remember login state and preferences.

3. How we use information

HeyClipper processes data only for reasons tied directly to delivering and protecting the platform.

Authenticate users, maintain accounts, and deliver tailored experiences by role.
Match creators, brands, and agencies through recommendations powered by campaign requirements.
Automate campaign workflows—from briefs and approvals to delivery checklists and status alerts.
Facilitate secure payments, payouts, invoicing, and regulatory reporting through Stripe.
Monitor platform health, troubleshoot issues, and improve HeyClipper with aggregated analytics.
Detect, investigate, and prevent fraud, abuse, and policy violations across the marketplace.
Comply with legal, tax, and safety obligations in the regions where HeyClipper operates.

4. Legal bases for EU/UK data subjects

When the GDPR, UK GDPR, or similar laws apply, HeyClipper relies on the following lawful bases:

  • Contract: delivering the services you or your organization requested.
  • Legitimate interests: securing the platform, detecting misuse, and improving collaboration tools.
  • Consent: connecting social accounts, receiving marketing updates, or sharing testimonials.
  • Legal obligation: fulfilling bookkeeping, tax, AML, and regulatory reporting duties.

5. How we share information

We never sell personal data. Sharing is limited to the categories below with contractual safeguards.

Service providers

Stripe, Vercel, MongoDB Atlas, customer support tooling, analytics providers, and vetted auditors under data processing agreements.

Collaborators

Campaign details and submissions are visible to authorized collaborators so they can plan, review, and approve deliverables.

Compliance requests

Required disclosures in response to lawful requests, subpoenas, court orders, or to defend HeyClipper and our community.

Business transitions

If HeyClipper merges or restructures, successor entities inherit data protections consistent with this policy. We will notify you before material changes take effect.

6. Retention and security

HeyClipper keeps personal data only as long as necessary for contractual obligations, legal requirements, or legitimate business interests. Standard retention timelines include:

  • Account information retained for the life of the account and deleted within 90 days of closure unless law requires longer storage.
  • Campaign archives stored for the timeframe teams select (default 24 months) to support audits and brand safety reviews.
  • Financial records retained up to seven years to satisfy accounting and tax requirements.

Encryption in transit (TLS 1.2+) and at rest, role-based access controls, mandatory 2FA for staff, and automated anomaly detection all safeguard HeyClipper systems.

7. Your choices and rights

Depending on your jurisdiction, you may exercise the following rights. We respond within 30 days or as required by local regulations.

  • Access, correct, or delete personal data stored in HeyClipper. You can self-serve many edits from your profile; our team will assist with additional requests.
  • Export campaign artifacts, submission records, and performance analytics relevant to your account.
  • Opt out of marketing communications while still receiving essential transactional updates.
  • Restrict or withdraw consent for connected social accounts at any time from the Connected Accounts hub.
  • Appeal moderation or account actions through the support channel noted below.

To initiate a request, contact privacy@heyclipper.com from the email associated with your account. We may verify your identity before proceeding.

8. Cookies and analytics

HeyClipper uses cookies, local storage, and similar technologies to keep you signed in, remember preferences, power analytics, and measure campaign performance. You can manage cookies through your browser settings. Rejecting certain cookies may limit functionality like persistent sessions.

9. International data transfers

HeyClipper is headquartered in the United States with infrastructure across the US and EU. When we transfer data internationally, we rely on Standard Contractual Clauses, data processing addenda, and comparable safeguards required by applicable law.

10. Policy updates and notifications

We may update this policy to reflect product changes, legal requirements, or new safeguards. Material updates will be communicated through in-app notices or email at least seven days before they take effect, unless law requires immediate changes.

11. Contact

Questions about privacy or data protection can be directed to privacy@heyclipper.com. If you are located in the EU or UK, you may also lodge a complaint with your local supervisory authority.

privacy@heyclipper.com