Privacy Policy

1. Who We Are

ClipMixAI ("we", "us") is an AI-powered music video and song creation platform. We offer AI video generation, AI song composition, video editing, and social media publishing tools. Protecting your personal data is important to us.

2. Data We Collect

When using ClipMixAI, we collect the following data:

• Account details: email, name, encrypted password (bcrypt hash)
• Uploaded files: audio files (MP3/WAV/FLAC/AAC/OGG) and photos for video creation
• Usage data: job history (status, creation date, video size)
• Technical data: IP address (only for rate limiting, not stored), country (detected via Cloudflare headers for analytics)
• Behavioral data: pages visited, navigation journey, session duration, device type, screen resolution, browser language, and referral source — collected to understand how visitors use our site and improve the experience
• Demographic data (via Google Analytics): aggregated age bracket, gender, and interest categories — only collected when you consent to analytics cookies and Google Signals is enabled. This data is anonymized and aggregated by Google; we do not receive individually identifiable demographic information
• Support chat data: conversation messages exchanged through our live support chat, including any email address you voluntarily provide for follow-up. Support conversations are stored and may be reviewed by our team to improve service quality
• AI content inputs: song lyrics, theme descriptions, musical preferences, scripts, brand briefs, screenplay/scene prompts, and other text inputs provided for AI song generation, video creation, voiceover, brand-video and ad-spot scripting. These inputs are sent to third-party AI providers (large-language-model and media-generation services) for processing and are not used to train AI models
• Face reference photos (Character / Avatar / FaceCast): when using Character mode, Avatar Studio, FaceCast, or any feature that requires a face reference, the uploaded photo is analyzed using automated age-estimation technology to enforce our child-safety policy and is then sent to our GPU rendering providers solely to generate the requested video frames. The age-estimation result is discarded immediately and no facial-recognition embeddings, face-prints, or other biometric identifiers are retained for the purpose of uniquely identifying you. The reference photo itself is stored alongside the resulting job in your account so you can re-render or download it, and is permanently deleted when you delete the job or your account
• Voice samples & cloned voices (optional): if you opt in to voice cloning — for AI voiceover, Avatar talking-head, voice-cloned singing in /music, or speaker-preserving video translation — we record or extract a short voice sample (typically 15–60 seconds) and send it to our voice-cloning provider, which returns a private voice ID linked only to your account. We log the exact timestamp and source of your consent (singing_voice_consent_at) and keep a copy of the consent audio sample as a legal record of permission, as required by GDPR Article 9 (special-category biometric data). You can revoke consent and request deletion of the cloned voice and consent sample at any time from Settings or by contacting privacy@clipmixai.com. Voice cloning is never enabled without your explicit, informed opt-in
• Brand kit & website discovery: for the Brand Video wizard, you may provide a website URL. We then fetch publicly available pages from that domain (sitemap.xml, homepage, about page) to extract brand identity signals — colors, fonts, logo URL, tagline, voice/tone — which are stored in your private brand kit and used solely to generate your videos. We do not crawl password-protected pages, paywalled content, or any URL outside the domain you submitted
• Video translation inputs: when you submit a video for translation/dubbing, we extract the audio, transcribe it, translate the transcript, and (if you opt in to speaker-preserving dubbing) clone the original speaker's voice from the first ~30 seconds. The video is stored encrypted in your account and used solely to fulfil the translation job; the cloned voice is treated as biometric data per the section above
• Promotional data: coupon/promo codes used, newsletter subscription status, and email engagement preferences

3. How We Use the Data

• Creating and managing your account
• Generating AI music videos and AI-composed songs
• Storing and delivering your videos
• Processing payments (via Stripe)
• Protection against abuse (rate limiting)
• Analyzing site usage to improve the service (with your consent)
• Understanding visitor journeys and behavior patterns to improve the user experience
• Aggregating demographic insights (age, gender, interests) to better serve our audience — only with your consent
• Providing live support and responding to your inquiries via our support chat
• Sending newsletters and promotional communications (only with your consent; you can unsubscribe at any time)
• Publishing videos to social media platforms (Pinterest, Facebook, Instagram) on your behalf when you explicitly request it
• Video editing services (trim, text overlays, filters, cropping, speed adjustment)
• Generating brand videos from your website and brand kit, including AI-assisted script and storyboard creation that you must explicitly approve before rendering
• Video translation and dubbing, including transcription, translation, and (with your explicit opt-in) speaker-voice preservation
• Avatar / FaceCast talking-head generation, voice cloning, and lip-sync — only for the features you actively use and only with your explicit consent for any biometric processing

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract: account management, video generation, and payment processing — necessary to provide the service you requested.
• Consent: analytics cookies (Google Analytics 4) are only activated after you give explicit consent through our cookie banner.
• Legitimate interest: security measures, fraud prevention, service improvement, and the marketing-attribution and audience-matching activities described in Section 6 (sharing of pseudonymized — SHA-256 hashed — email with Google Ads / Google Analytics 4). You have the right to object to processing under legitimate interest at any time via Settings → Privacy.

5. Storage & Security

Your data is stored on secure servers in the European Union (Hetzner, Germany) and on S3-compatible object storage (Cloudflare R2). Passwords are stored only as encrypted hashes (bcrypt). All communication is exclusively via HTTPS. Third-party authorization tokens (Pinterest, Facebook/Instagram) and voice-clone IDs are stored securely on our servers and automatically refreshed; they are permanently deleted when you disconnect the integration or delete your ClipMixAI account. Some of our AI sub-processors are located outside the EU/EEA (notably the United States); transfers are protected by the EU Standard Contractual Clauses or equivalent safeguards, and only the minimum data needed to fulfil your request is sent.

6. Data Sharing

We do not sell or share your personal data with third parties, except:

• When required for payment processing (Stripe) — billing data and payment-method details are handled directly by Stripe under their own privacy policy
• When required for cloud storage and delivery (Hetzner in Germany for compute, Cloudflare R2 for media object storage)
• When you consent to analytics (Google Analytics 4, including Google Signals for demographic insights)
• When required for AI-powered video, image, and avatar generation (FAL.ai, Replicate, RunPod, HuggingFace, D-ID, Hedra, HeyGen, PixVerse, Kling) — only your uploaded media and prompts for the specific job are sent; no account or identity data is shared
• Memory Studio (family-photo videos) — when you upload personal photos to create a memory video, those photos are sent to our AI image and animation providers (FAL.ai for face-preserving composition and face swap, Replicate for animation) so the model can synthesize the final clip. Photos and the generated video are stored on Cloudflare R2 and are deleted 30 days after the job completes. You can delete a job (and all its photos) at any time from the Memory Studio dashboard.
• When required for AI scripting, screenwriting, lyrics, support chat, brand-kit analysis, and ad-spot generation (Anthropic Claude, Google Gemini, OpenAI) — only the prompt for the specific task is sent. Our providers contractually do not use this data to train their models
• When required for AI voiceover and voice cloning (ElevenLabs) — your script text and, if you opt in, a short voice sample are sent. The cloned voice ID is private to your account
• When required for AI song generation (MiniMax Music and our hosted YuE model on RunPod) — only your lyrics, theme descriptions, musical preferences (genre, mood, duration), and (with explicit consent) your voice sample are sent; no personal identity data is shared
• When required for video transcription, translation, and dubbing (OpenAI Whisper, faster-whisper running on our GPU providers) — only the audio extracted from your video is sent
• When required for brand-kit web discovery (Jina AI, Tavily) — only the public website URL you provided is sent so we can fetch publicly available brand information
• When required for transactional email delivery (Resend) — only the recipient address and the email contents are sent
• When you choose to publish content to Pinterest via our integration, your video/image and description are sent to Pinterest on your behalf. This only happens when you explicitly request it
• When you connect your Facebook Page or Instagram account for publishing, we access your page list, page metadata, and Instagram business profile. Your videos and captions are sent to Facebook/Instagram on your behalf only when you explicitly request it. You can disconnect at any time from the Dashboard or by removing ClipMixAI from Facebook Settings → Apps and Websites
• When you connect your X (Twitter) account for publishing, we access your X user id, username, and display name via OAuth 2.0. Your tweets and any attached media are sent to X on your behalf only when you explicitly request it. Access tokens are encrypted at rest and refreshed automatically. You can disconnect at any time from the Dashboard, which revokes the token and deletes the stored X account data
• When you complete a paid purchase, we share a one-way pseudonymized (SHA-256 hashed) version of your email address with Google (Google Ads + Google Analytics 4) so that Google can: (a) attribute the conversion to any prior advertising click, (b) build statistical "similar audiences" of prospective customers who resemble you, and (c) avoid showing you ads you do not need (e.g. acquisition ads). Your plain-text email is never shared. The same pseudonymized identifier is also sent server-side from our backend during purchase events for measurement reliability (independent of browser cookies and ad-blockers). The legal basis is legitimate interest (Article 6(1)(f) GDPR). You may opt out at any time, with one click, via Settings → Privacy or via the dedicated link in any policy-update email we send you. Opting out triggers immediate removal from Google's customer-match audience and stops further pseudonymized identifier sharing.
• When required by law

7. Cookies & Tracking

We use a minimal set of cookies:

• Session cookie: a secure httpOnly JWT cookie for authentication. This is essential for the service and does not require consent.
• Language preference: stores your selected language. Essential.
• Analytics cookies (Google Analytics 4): used to understand site usage (pages visited, traffic sources, device info, demographics). With Google Signals enabled, Google may also collect aggregated age, gender, and interest data from users who have enabled Ads Personalization. These cookies are only activated after you give explicit consent through our cookie consent banner.
• Session tracking (sessionStorage): we store a temporary session identifier, pages visited, and session start time in your browser's sessionStorage. This data is automatically cleared when you close the browser tab and is used to understand navigation patterns. No consent is required as this is essential for service improvement and does not persist beyond the browser session.
• Server-side conversion measurement: for purchase events only, our backend sends an aggregated event (transaction id, value, currency) and a pseudonymized SHA-256 hash of your email directly to Google Analytics 4 from our servers, independently of browser cookies or ad-blockers. This ensures we can reconcile revenue with marketing spend even when client-side tracking is blocked. The processing is covered by legitimate interest under Section 6 above, and you can opt out (along with all audience-matching uses) with one click via Settings → Privacy.

How to manage cookies: When you first visit our site, you will see a cookie consent banner. You can accept or reject analytics cookies. If you reject, no analytics data will be collected. You can change your preference at any time by clearing your browser's local storage and revisiting the site.

For more about Google's data practices, see Google's Privacy Policy. We enable IP anonymization in Google Analytics. We also use Google Signals, which enables cross-device reporting and aggregated demographic data. You can opt out of Google Signals data collection by disabling Ads Personalization in your Google Account settings.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access: view the data we hold about you
• Correction: request correction of inaccurate data
• Deletion: delete your account and all your data through the Dashboard
• Portability: request your data in a readable format
• Objection: object to the processing of your data

For any request, contact us at support@clipmixai.com

9. Reviews and Testimonials

Reviews and feedback you submit on your videos are stored to help us improve the service. They may be displayed in anonymized, aggregated form (without your name, email, or any identifying information) for product-improvement or marketing purposes. If you additionally opt in via the consent checkbox on the review form, we may publish your review together with your first name (and the star rating) as a testimonial on our website or marketing channels. You can withdraw your consent at any time by deleting the review from your dashboard or contacting support.

10. Data Retention

Your data is retained as long as your account is active. Upon account deletion, all personal data, files, videos, and third-party authorization tokens (Pinterest, Facebook/Instagram) are permanently deleted. Videos already published to third-party platforms remain subject to those platforms' own data retention policies.

11. Policy Changes

We may update this policy from time to time. We will notify you of significant changes via email.

12. Contact

For questions about the Privacy Policy: support@clipmixai.com