Privacy Policy.

From humans signing up:

• Email address (verified via Magic Labs OTP).
• Stripe customer record (cus_…, payment method on file — held by Stripe, not us).
• Subscription tier, billing period, usage counters (clips/month, Lyria gens/month).
• API key metadata: short label, creation time, last-used time, call counter. We store only the SHA-256 hash of the raw key — never the raw key itself.

From media you upload:

• The video file (held in /tmp/ffmpeg-chat-uploads/ for the duration of a render session).
• Per-clip metadata: source URL, smart-crop coordinates, transcript timing, hook text. Persisted next to the rendered clip.

From agents (mcpay):

• Per-call telemetry: tool name, charge amount, success/failure, balance after. The bearer SHA-256 hash; never the bearer itself.
• For MPP signups: payment receipt (transaction hash for crypto, payment_intent ID for card). No buyer wallet beyond the on-chain payer of record.

• We don't run third-party analytics (no Google Analytics, no Mixpanel, no Segment).
• We don't fingerprint browsers.
• We don't sell or share data with advertisers — there are no advertisers.
• We don't read your raw video pixel data for any purpose other than rendering your clip.

User records and API key hashes are stored in our own database (currently a JSON file in dev; PostgreSQL or D1 in production). API key balances for agentic users live in a Cloudflare Durable Object on the West Coast.

Uploaded video files and rendered output sit on the rendering server's local disk. We retain rendered clips for 30 days by default; uploaded sources are deleted at the end of the render session unless you've added them to a permanent collection.

Stripe — payment method, billing address, subscription state. Required to charge you. Stripe's privacy policy applies.

Magic Labs — your email at OTP verification time. Magic doesn't see your subsequent activity on ClipEngine. Magic's privacy policy.

OpenRouter — the LLM-driven hook-generation and chat features send the relevant transcript snippet (not the whole video) to OpenRouter, which then forwards to whichever model you've selected (Anthropic, Google, OpenAI, etc.).

That's it. No advertisers, no data brokers, no cross-site retargeting.

We set one HTTP-only cookie (auth_token) — an HMAC-SHA256-signed session JWT, 30-day TTL. We use Magic Labs' SDK in the browser, which sets its own SDK cookies for OTP flow. No tracking pixels.

You can:

• See everything we have on you — email [email protected].
• Delete your account and everything associated with it — same address.
• Export your data in a portable format (JSON of your records, MP4s of your renders).
• Revoke any API key at /account/keys.

Deletion is best-effort within 30 days. Backups roll off after 90 days. We don't sell personal information, so the CCPA "do not sell" right is moot.

ClipEngine is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe a minor has signed up, email us and we'll delete the account.

Sessions are HMAC-signed with a key only the server holds. API keys are SHA-256-hashed before persistence. Stripe handles all card data — we never see it. The agent ledger is in a Cloudflare Durable Object with atomic charging via blockConcurrencyWhile. We rate-limit auth, billing, and agent endpoints. None of this is a guarantee — security is a process, not a checkbox — but it's the baseline we maintain.

Material changes get emailed to active subscribers and posted here with a new "Last updated" date. Continued use after a change is acceptance.

Privacy questions or data requests: [email protected].