Ir para o conteúdo principal

Política de Privacidade

Last updated: April 2026 · Version 1.3

1. Responsável pelo tratamento

The controller of your personal data is the operator of the Cliptic brand and service (“Cliptic”, “we”). For privacy matters and to exercise your rights, contact: soporte@cliptic.app (please use the subject line “Privacy / data rights”).

If you need full corporate identification of the controller (registered name, company number, registered address), you may request it at the same email address.

2. Dados que coletamos

We collect, among others, the following data:

  • Account data: name or profile identifier, email address, and password hash (bcrypt)
  • Usage data: projects created, annotations, transcripts, export history, and actions relevant to the service
  • Technical data: IP address, browser type, session identifiers, and access logs kept only as long as needed for security and diagnostics
  • Audio files and related metadata: uploaded by you, stored encrypted where the infrastructure supports it
  • Content sent to AI providers: when you enable automatic transcription, diarisation, or other features that call the OpenAI API (or another provider you configure), we transmit the audio and/or text strictly required for that operation, which may include personal data or special categories of data if you include them in your files
  • Payment or billing data: if you make a donation, Stripe or another processor may process payment data, transaction identifiers, and contact details under its own policy

The service is aimed at professional and institutional users; it is not intended for minors.

3. Finalidade do tratamento

Usamos seus dados para:

  • Provide the linguistic annotation and transcription service and manage your account
  • Authenticate users, maintain security, prevent fraud, and provide technical support
  • Run AI features you request (for example, transcription or diarisation) and transmit the necessary data to providers
  • Process donations or other payments you choose to make
  • Comply with legal obligations and respond to lawful requests from authorities
  • Improve reliability and performance using aggregated or technical analytics that do not involve invasive profiling

4. Base legal

Depending on the specific processing, we rely on:

  • Performance of a contract or pre-contractual measures: operating the service, your account, features you request, and service-related communications
  • Consent: where the law requires it or where you enable options that need specific, informed consent
  • Legitimate interests: platform security, technical integrity, abuse prevention, and service improvement, balanced against your rights and freedoms
  • Legal obligation: where we must retain or disclose data to comply with the law

You are responsible for having a lawful basis when you include third parties’ personal data (for example, participants’ voices) in your projects.

5. Armazenamento e segurança

Data is hosted on infrastructure with reasonable security measures and restricted access. Passwords are stored using hashing (bcrypt). Audio files are stored encrypted where the infrastructure supports it. API keys you store (for example, OpenAI) are kept encrypted and used only to run the features you enable on your projects.

Infrastructure providers (hosting, databases, object storage) may have technical access solely to provide their services and, where the law requires, act as processors or under equivalent obligations.

The service is demonstrator-stage and under active development: although we apply reasonable security measures, we cannot guarantee the complete absence of failures, loss, or unauthorised access. It is not a substitute for professional archival or a guaranteed backup system; for important material you should keep copies outside Cliptic.

6. Processadores e serviços de terceiros

We share data with third parties only as needed for the purposes above, for example:

  • OpenAI: processes audio and/or text sent when you use transcription, diarisation, or other features that call its API, under OpenAI’s terms and, where applicable, your own API key
  • Stripe: data needed to process donations or other payments you choose
  • Resend (or another email provider): email addresses and content of transactional messages (password recovery, email verification, service notices)
  • Cloud and CDN providers: hosting and content delivery

We do not sell your personal data to third parties for their own independent marketing. Transfers to subprocessors are governed by applicable legal obligations (for example, data processing agreements under the GDPR).

When you process third-party data as controller, the processing agreement is set out in the Data Processing Agreement (DPA) at the /dpa path.

7. Seus direitos

Where the GDPR or other applicable law grants you rights over your personal data, you may exercise, among others:

  • Access: obtain confirmation of whether we process your data and receive a copy
  • Rectification: correct inaccurate or incomplete data
  • Erasure (“right to be forgotten”): request deletion where legally applicable
  • Restriction: restrict processing in the cases provided by law
  • Portability: receive data you provided to us in a structured, commonly used format where applicable
  • Object: object to certain processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, without affecting the lawfulness of processing before withdrawal
  • Lodge a complaint with the data protection authority in your country of residence or work

To exercise your rights, use your account settings or email soporte@cliptic.app from the same address linked to your account, with a clear description of your request. We may ask for additional information to verify your identity.

8. Conservação de dados

We keep your data while your account is active and for any additional period strictly required for legal obligations or incident resolution.

When you delete your account, we stop using your personal and project data for providing the service in an irreversible way within the period stated in the app (typically up to 30 days), unless we must retain it by law.

Residual copies may exist in backups or technical logs for a limited additional period, after which they are overwritten or anonymised as far as possible.

9. Transferências internacionais

Some providers may be located outside the European Economic Area or your country of residence. Where the GDPR or other applicable law requires it, we use appropriate safeguards (for example, the European Commission’s standard contractual clauses or other recognised measures). You may request a copy or further information about those safeguards by emailing soporte@cliptic.app.

10. Cookies e armazenamento local

We use cookies or similar technologies that are strictly necessary for the service to work, including, as applicable: maintaining session or authentication state, and remembering legitimate interface preferences (for example, sidebar layout or recent active workspace).

We do not use third-party advertising cookies or invasive ad measurement. If we add non-essential cookies or technologies in the future (for example, broader analytics), we will update this policy and, where the law requires, ask for your prior consent or provide configuration options.

11. Alterações nesta política

We may update this policy. We will notify you of material changes via the email associated with your account or a prominent notice in the platform.