CLIP-IT!

Privacy Policy

Effective date: 9 June 2026

About this Policy

This privacy policy is applicable to the CLIP-IT! app for mobile devices, together with any related services operated by Stijn Pennings (collectively, the "Application"). Stijn Pennings is hereinafter referred to as the "Service Provider".

Data Controller Information

Stijn Pennings acts as the Data Controller responsible for the processing of your personal data.

Name: Stijn Pennings

Address: Atalantaplein 57

Email: stijn.c.pennings@gmail.com

For data protection inquiries and to exercise your GDPR rights, please contact the Data Controller using the information above.

Information We Obtain and How It Is Used

The Application and related services acquire the information you supply when you download, access, or register for the service. Registration with the Service Provider is not mandatory. However, you might not be able to use some of the features offered by the service unless you register.

Where you purchase a subscription through the Application, the Service Provider receives a verified confirmation of your subscription status from Apple via StoreKit. This confirmation does not include any payment card details, bank information, or billing address — those are processed exclusively by Apple. See the Purchases & Subscriptions section for full details.

The Service Provider may also use the information you provide to send important information, required notices, and, where permitted by law, marketing communications.

Cookies and Similar Technologies

The Application or its third-party SDKs may use cookies, SDKs, pixels, and similar technologies to support functionality, analytics, and service delivery. Where required by law, the Service Provider will obtain your consent before using non-essential tracking technologies.

Automated Decision-Making and Profiling

If the Application uses automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, you have the right to request human review, express your point of view, and contest the decision. Information about the logic involved and the likely consequences of that processing will be provided where required by law.

Information Collected Automatically

In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device's unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.

Location Data

This Application does not gather precise information about the location of your mobile device.

Artificial Intelligence (AI) Technologies

The Application does not use Artificial Intelligence (AI) technologies to process your data or provide features.

Third-Party Access to Your Information

Only aggregated, anonymized data is periodically transmitted to external services to aid the Service Provider in improving the Application and their service. The Service Provider may share your information with third parties in the ways described in this privacy statement.

Analytics — PostHog

The Application uses PostHog (PostHog, Inc.) for product analytics. PostHog may collect usage data, device information, and identifiers to help the Service Provider understand how the Application is used. PostHog processes this data on servers located within the European Economic Area (EU Cloud). PostHog processes data in accordance with its own privacy policy, available at posthog.com/privacy. The Service Provider has entered into a Data Processing Agreement with PostHog as required by GDPR Article 28.

Payments — Apple Inc.

In-app subscription purchases are processed by Apple Inc. (One Apple Park Way, Cupertino, CA 95014, USA) through the App Store. Apple acts as the merchant of record and handles all billing, receipts, and payment data. CLIP-IT! only receives a cryptographically verified entitlement signal from Apple via StoreKit indicating whether a subscription is active — no payment card details, bank information, or billing address are ever transmitted to or stored by the Service Provider. Apple's privacy practices are described at apple.com/legal/privacy.

The Service Provider may also disclose your information:

Where the GDPR applies, the Service Provider enters into Data Processing Agreements (DPAs) with third-party service providers that process personal data on its behalf, as required by Article 28 of the GDPR.

Purchases and Subscriptions

CLIP-IT! offers optional paid subscriptions that unlock additional features within the Application:

Without a paid subscription, CLIP-IT! provides a limited number of free exports per calendar month. A watermark is applied to exported clips on the free tier. No payment is required to record or play back clips.

Payment processing. All payments are processed exclusively by Apple Inc. through the Apple App Store. The Service Provider never receives, accesses, or stores your payment card details, bank information, or billing address. Apple's handling of your payment data is governed by Apple's Privacy Policy at apple.com/legal/privacy.

Subscription status. The Application receives only a cryptographically verified confirmation of your active subscription tier from Apple via StoreKit. This entitlement signal is used solely to unlock the corresponding features within the app and is not shared with third parties.

Auto-renewal. Subscriptions automatically renew at the end of each billing period (monthly or annual) unless cancelled at least 24 hours before the renewal date. Your Apple ID account will be charged for renewal within 24 hours before the current period ends at the price confirmed at time of purchase.

Managing and cancelling subscriptions. You can view, change, or cancel your subscription at any time through your Apple ID account settings: Settings → [your name] → Subscriptions. Cancellation takes effect at the end of the current paid period; you retain full access until then.

Refunds. Refund requests for App Store purchases must be directed to Apple at reportaproblem.apple.com. The Service Provider has no ability to issue refunds for App Store transactions.

International Data Transfers

The Service Provider or its third-party service providers may transfer personal data outside the European Economic Area (EEA). Where such transfers occur, the Service Provider will use an appropriate transfer mechanism required by GDPR Chapter V, including:

Countries outside the EEA may not provide the same level of data protection as the EEA. Where required by law, the Service Provider will apply appropriate safeguards and obtain any consent required for the transfer.

Note: Analytics data processed by PostHog is stored on EU-based servers and does not involve a transfer outside the EEA.

Opt-Out Rights

You can stop further collection of information from your mobile device by uninstalling the Application. Uninstalling will stop the Application from collecting data from your device, but it does not automatically delete information that has already been transmitted to the Service Provider or to third parties.

To request deletion of your personal data, withdraw consent, or exercise any of your rights, contact the Service Provider at stijn.c.pennings@gmail.com.

Data Retention

The Service Provider retains personal data based on its necessity for the stated purposes:

You have the right to request deletion of your personal data at any time, except where retention is required by law. To do so, contact stijn.c.pennings@gmail.com. The Service Provider will respond within the time required by applicable law. Please note that some User Provided Data may be required for the Application to function properly.

Children's Privacy

The Application is not intended for children under 16 years of age, or where a higher age of digital consent is established under applicable law. The Service Provider does not knowingly solicit data from children or market the Application to them.

The Service Provider encourages parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide personally identifiable information through the Application and/or Services without their permission. If you have reason to believe that a child has provided personally identifiable information, please contact the Service Provider at stijn.c.pennings@gmail.com so that the necessary actions can be taken.

If you are under 16 years of age, or where a higher age of digital consent is established by applicable law, your parent or guardian must provide consent on your behalf where permitted by law.

Security

The Service Provider is committed to safeguarding the confidentiality of your information. The Service Provider implements physical, electronic, and procedural safeguards to protect information it processes and maintains. Access is limited to authorized employees and contractors who need to know that information to operate, develop, or improve the Application. However, no security system can prevent all potential security breaches.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, the Service Provider will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law. Where the breach is likely to result in a high risk to your rights and freedoms, the Service Provider will also notify you without undue delay, providing information about the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach.

Changes to this Privacy Policy

The Service Provider may update this Privacy Policy from time to time. The Service Provider will notify you of material changes by posting the updated Privacy Policy with an effective date. Where required by law, the Service Provider will seek your consent to material changes before they take effect.

Previous versions of this Privacy Policy will be maintained and made available upon request by contacting the Service Provider at stijn.c.pennings@gmail.com.

Your GDPR Data Protection Rights

Under the GDPR, you have the following rights:

Right of Access — You can request access to your personal data.
Right to Rectification — You can request correction of inaccurate data.
Right to Erasure — You can request deletion of your personal data (the "right to be forgotten").
Right to Restrict Processing — You can request that the Data Controller limits how they use your data.
Right to Data Portability — You can request a copy of your data in a structured, commonly used, machine-readable format.
Right to Object — You can object to processing based on legitimate interests. You have an absolute right to object to processing for direct marketing purposes at any time.
Right to Withdraw Consent — Where processing is based on your consent, you can withdraw it at any time via the Application's settings or by contacting the Data Controller.
Rights Regarding Automated Decision-Making — You have rights related to automated decisions that affect you.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority. Contact details can be found at: edpb.ec.europa.eu

If you are located in the United Kingdom, you may contact the Information Commissioner's Office at ico.org.uk.

Your California Privacy Rights (CCPA/CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

To exercise any of these rights, please contact the Service Provider at stijn.c.pennings@gmail.com. You may designate an authorized agent to make a request on your behalf.

Contact the Data Controller

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider:

Stijn Pennings

Atalantaplein 57, 2288HJ Rijswijk, The Netherlands

stijn.c.pennings@gmail.com

The Service Provider will respond within one month of receiving your request, extendable by up to two months where necessary due to the complexity or volume of requests, as permitted by applicable law.