Privacy Policy
This Privacy Policy explains what personal data It Patryk Konieczny ("ClipRaid", "we", "us") collects about you, why and on what legal basis we process it, who we share it with, how long we keep it, and the rights you have. ClipRaid is a platform that connects video game studios ("Studios") and content creators ("Creators").
We do not sell your personal data, we do not use it for cross-context behavioral advertising, and we do not run third-party ad trackers.
1. Data Controller and Contact
The controller of your personal data is It Patryk Konieczny, ul. Wandy 14, 03-949 Warszawa, Poland.
For any privacy question or to exercise your rights, contact us at contact@clipraid.com.
2. Scope
This Policy applies to visitors of our websites, registered users of ClipRaid, and people who communicate with us. The Services are intended only for individuals 18 years or older (see Section 11).
This Policy covers processing for which ClipRaid is the controller. It does not cover:
- third-party platforms you connect or visit (for example YouTube, TikTok, Instagram, Twitch), which process your data under their own policies;
- the provider of an AI agent you choose to connect (for example Anthropic, if you connect Claude — see Section 3), which processes the data your agent accesses under your agreement with that provider; or
- a Studio's or Creator's own use of personal data they obtain about each other (for example, contact details used to arrange off-platform payment). When a Studio and a Creator connect, each may act as an independent controller for its own purposes.
3. Personal Data We Collect
Account and authentication. Email address, a hashed password, and (optionally) a phone number. If you enable multi-factor authentication, the factors you register (for example a phone number or a security key).
Profile data.
- Creators: first name, last name, nickname, profile image, country, a short description, social links you add, and whether your profile is public.
- Studio team members: display name, email address, and role within the Studio.
Invitations and signups. Email addresses of people invited to a Studio team or invited to partner, and email addresses captured when you sign up for early access ("off-list" signup).
Connected social accounts (Creators). If you connect a YouTube, TikTok, Instagram, or Twitch account, we receive and store: an account identifier, your handle, the permission scopes you granted, encrypted access and refresh tokens, and metrics such as follower counts and other public statistics we read to operate the Services.
Technical and security data. IP address, browser user-agent, session data, sign-in events (success or failure), and audit records of actions taken in the app (who did what, and a curated, non-secret record of the action).
Proof of consent. When you accept our Terms or other agreements, we record the version accepted, the time, your IP address, and your user-agent as evidence of acceptance.
Communications and notifications. Feedback you submit (a title and message), your notification preferences, and — if you enable browser notifications — your web-push subscription (the push endpoint and keys provided by your browser).
Collaboration data. Records of which Studios and Creators are connected, game keys assigned to a Creator, and campaign information (including informational budget or reward figures set by a Studio).
Store integration (Studios). If a Studio adds its game's store presence (currently Steam), we store the game's store identifiers (store page URL and app ID) and the Steam API key(s) the Studio provides, kept under restricted, server-side-only access. Through that connection we read aggregate game statistics (for example daily wishlist and sales figures, broken down by country) to operate the Services; these statistics describe games, not identified individuals.
Connected AI agents (optional). ClipRaid can act as a remote MCP server ("Connect to Claude"). If you connect your own AI agent, we store an identifier and label for that agent. The agent acts only within the permissions you grant it. Data the agent reads through ClipRaid is transmitted to that agent's provider and processed under your agreement with that provider (see Section 2).
We do not collect payment or financial data. Because all campaign payments are settled directly between Studios and Creators, off-platform, ClipRaid does not collect or store bank accounts, card numbers, or payout details.
4. How We Collect Data
- From you, when you register, complete your profile, submit feedback, accept agreements, or otherwise use the Services.
- Automatically, when you use the Services (technical and security data such as IP address, user-agent, sessions, and log records).
- From third parties, when you choose to connect a social account — we receive profile and metric data from that platform according to the scopes you grant.
- From other users, when someone invites you to a Studio team or to partner — the inviting user is the source of your email address; the invitation email links to this Policy.
5. Purposes and Legal Bases
We process your personal data for the following purposes, each with its legal basis under Article 6(1) GDPR:
| Purpose | Legal basis |
|---|---|
| Create and manage your account; operate the Services (profiles, campaigns, Studio–Creator connections) | Performance of a contract (Art. 6(1)(b)) |
| Connect a social account you choose to link, and read the related metrics | Performance of the service you request (Art. 6(1)(b)); you may disconnect at any time |
| Send web-push notifications | Your consent, given through your browser (Art. 6(1)(a)) |
| Send in-app and email notifications about your own account, your campaigns, and your partnerships | Performance of a contract (Art. 6(1)(b)) |
| Send in-app and email notifications to the members of a Studio team about that Studio's activity | Our legitimate interest in keeping a team informed of what happens in its shared workspace (Art. 6(1)(f)) |
| Early-access ("off-list") signup and any marketing emails | Your consent (Art. 6(1)(a)) |
| Keep the Services secure; prevent fraud, abuse, and unauthorized access; keep login and audit logs | Our legitimate interest in security (Art. 6(1)(f)) |
| Keep proof that you accepted our Terms and other agreements | Our legitimate interest in being able to evidence acceptance and defend against legal claims (Art. 6(1)(f)) |
| Keep records demonstrating consent you have given, where processing is based on consent | Compliance with a legal obligation — the duty to demonstrate consent under Art. 7(1) GDPR (Art. 6(1)(c)) |
| Handle your feedback and support requests | Our legitimate interest in supporting and improving the Services (Art. 6(1)(f)) |
| Share data as part of a merger, acquisition, or similar business transaction (see Section 6) | Our legitimate interest in carrying out and securing the transaction (Art. 6(1)(f)) |
| Comply with legal obligations that apply to us (for example accounting and tax rules) and respond to lawful requests | Compliance with a legal obligation (Art. 6(1)(c)) |
Where we rely on consent, you can withdraw it at any time (this does not affect processing done before withdrawal). Where we rely on legitimate interests, you can object (see Section 9).
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.
Do you have to provide your data? Providing an email address and a password is a requirement necessary to enter into and perform our contract — without them we cannot create or operate your account. Where a form marks a field as required, that data is needed to provide the feature the form belongs to. Everything else — a phone number, MFA factors, connected social accounts, browser notifications, feedback — is optional: not providing it only means the related feature will not be available.
6. Who We Share Data With
We share personal data only as needed for the purposes above:
- Service providers (processors) acting on our instructions, including Supabase (database, authentication, and storage), Vercel (application hosting), and the web-push services of your browser vendor (to deliver notifications). These providers are bound by data-processing terms.
- Other users, as inherent to a marketplace: profile information you make public is visible to others, and when you partner, the other party (a Studio or a Creator) sees the profile and collaboration data needed for that partnership, including connected social metrics where relevant.
- Social and game platforms (YouTube, TikTok, Instagram, Twitch, Steam) when you connect an account or a Studio connects a store integration, limited to what those features require.
- Legal and safety, where required by law or to protect ClipRaid, our users, or others.
- Business transfers, in connection with a merger, acquisition, or similar transaction, subject to this Policy.
We do not sell or share personal data for cross-context behavioral advertising, and we do not disclose it to ad networks.
7. International Transfers
Some of our providers — in particular Supabase and Vercel, which are U.S. companies — and the platforms you choose to connect may process data outside the European Economic Area (EEA), for example in the United States. Where personal data leaves the EEA, we rely on an appropriate safeguard under Chapter V of the GDPR: the European Commission's adequacy decision for the EU–U.S. Data Privacy Framework (for recipients certified under it), or the Commission's Standard Contractual Clauses with supplementary measures as needed. You can obtain a copy of the safeguards we rely on (for example, the relevant Standard Contractual Clauses) by contacting us at contact@clipraid.com.
8. Retention
We keep personal data only as long as necessary for the purposes above, then delete or anonymize it. Where the law requires a longer period (for example, accounting or tax rules), we keep the data for that period.
- Account and profile data — for as long as your account is active, and deleted or anonymized within 90 days after you close your account.
- Connected social tokens and connection data — until you disconnect the account or close your account, then deleted within 30 days.
- Login and security logs — 12 months.
- Audit records of actions — up to 6 years, to meet our accountability obligations and the limitation periods for legal claims under Polish law.
- Proof of consent (Terms and other acceptances) — for as long as you have an account, and then for the duration of applicable limitation periods (up to 6 years under Polish law).
- Feedback — while we handle it and for 12 months afterward.
- Notifications — 12 months, then pruned.
- Early-access signups — until you are onboarded or withdraw consent, and no longer than 24 months if neither happens.
9. Your Rights
Subject to the conditions in the GDPR, you have the right to:
- access your personal data and obtain a copy;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten");
- restrict processing in certain cases;
- data portability — receive data you provided in a structured, machine-readable format;
- object to processing based on our legitimate interests, and to direct marketing at any time; and
- withdraw consent at any time, where processing is based on consent.
To exercise any of these, contact contact@clipraid.com. We may need to verify your identity. We will respond within one month; for complex or numerous requests we may extend this by up to two further months, and we will tell you within the first month if we need the extension.
You also have the right to lodge a complaint with a supervisory authority. In Poland this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl. If you live or work elsewhere in the EU, you may complain to your local authority.
10. Security
We use appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), encryption of stored social-account tokens, hashed passwords, least-privilege access controls, and row-level database protections. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
11. Children
The Services are for individuals 18 and older. We do not knowingly collect personal data from anyone under 18. If we learn that we have, we will delete it and close the account.
12. Cookies
We use only strictly necessary cookies required to sign you in and keep your session secure. We do not use analytics, advertising, or cross-site tracking cookies. Browser notifications rely on the permission you grant in your browser, not on cookies. You can control cookies in your browser settings; disabling necessary cookies may break core functionality.
13. YouTube API Services
When you connect a YouTube (Google) account, ClipRaid uses YouTube API Services to read the account and content data described in Section 3 (for example, your channel identifier and handle, subscriber and view counts, your list of videos, and — where you grant it — aggregate viewer analytics for your own videos). This Section applies in addition to the rest of this Policy.
- By connecting a YouTube account, you also agree to the YouTube Terms of Service (https://www.youtube.com/t/terms).
- Google's handling of your data is governed by the Google Privacy Policy (https://policies.google.com/privacy).
- We use data obtained through YouTube API Services only to provide the features described in this Policy (Sections 3 and 5), share it only as described in Section 6, retain it only as described in Section 8, and protect it as described in Section 10. Our use complies with the Google API Services User Data Policy, including its Limited Use requirements. We do not use this data for advertising, and we do not sell it or transfer it to others except as needed to provide the Services, with your consent, or as required by law.
- You can revoke ClipRaid's access to your YouTube account at any time — either by disconnecting it in the app, or through your Google Account's security settings at https://myaccount.google.com/permissions. After you revoke access, we delete the related connection data as described in Section 8.
14. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will post the updated Policy and update the effective date shown with it, and where appropriate notify you. The updated Policy applies from its effective date.
15. Contact
Questions about this Policy or our data practices? Contact us at contact@clipraid.com, or write to It Patryk Konieczny, ul. Wandy 14, 03-949 Warszawa, Poland.