Privacy Policy
Derniere mise a jour : May 6, 2026
Document: Privacy Policy Version: 1.0 (Draft) Effective Date: 06 May 2026 Last Reviewed: 06 May 2026 Governing Law: England and Wales
Privacy Policy
Who We Are
ALL-IN-ONE DIGITAL SOLUTIONS LTD ("we", "us", "our") operates the ClipToText.ai platform ("Service"), accessible at https://cliptotext.ai.
We are registered in England and Wales under company number 15957512, with our registered address at 2nd Floor, Collage House, 17 King Edwards Road, Ruislip, Middlesex, HA4 7AE, United Kingdom.
We are the data controller for personal data processed in connection with the Service.
Contact details:
- General enquiries: support@cliptotext.ai
- Data protection enquiries: privacy@cliptotext.ai We have assessed our obligations under Article 37 UK GDPR and DPA 2018. We do not carry out large-scale systematic monitoring of individuals, nor do we process special categories of personal data as a core activity. A formal Data Protection Officer (DPO) is therefore not required at this stage. This assessment is documented internally and will be reviewed annually or upon material changes to our processing activities.
[ICO GUIDELINE: Controllers must provide identity and contact details under UK GDPR Article 13. DPO assessment documented per ICO DPO guidance, January 2021. Review annually.]
1. Definitions
In this Policy:
| Term | Meaning |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person, as defined in UK GDPR Article 4(1). |
| Processing | Any operation performed on personal data, including collection, storage, use, disclosure or deletion. |
| Controller | The entity that determines the purposes and means of processing personal data. |
| Processor | An entity that processes personal data on behalf of a controller. |
| Data Subject | The identified or identifiable individual to whom personal data relates. |
| Service | The ClipToText.ai platform, including all features, APIs and sub-domains. |
| Subscriber | A natural or legal person who holds a paid or trial subscription to the Service. |
| End User | A visitor to, or subscriber of, a website published by a Subscriber using the Service. |
| Site | A client website managed through the Service under the multi-tenant architecture. |
| UK GDPR | The retained EU law version of the General Data Protection Regulation, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019. |
| DPA 2018 | The Data Protection Act 2018. |
| ICO | The Information Commissioner's Office, the UK supervisory authority for data protection. |
2. Scope of This Policy
This Policy describes how we collect, use, store, share and protect personal data when you:
2.1. Create an account and use the Service as a Subscriber; 2.2. Visit our website at https://cliptotext.ai; 2.3. Correspond with us by email or other means; 2.4. Subscribe to marketing communications.
If you are a Subscriber and you collect or process personal data belonging to your End Users via the Service, you act as a controller in respect of that data and we act as your processor. This relationship is governed by our Data Processing Agreement (see separate document). This Privacy Policy applies to our processing of your personal data as a Subscriber, not to your End Users' data.
3. Data We Collect
3.1 Account and Identity Data
When you register for the Service, we collect:
- Full name
- Email address
- Password (stored as a cryptographic hash — never in plain text)
- Account preferences and settings
- Subscription plan and billing tier
- Google account identifier (if you register via Google OAuth)
3.2 Usage and Technical Data
When you use the Service, we automatically collect:
- IP address and approximate geolocation (country/city level)
- Browser type, version and operating system
- Device type and screen resolution
- Pages visited, features used, and time spent on each
- API request logs (endpoint, timestamp, response code)
- Error logs and crash reports
- Session identifiers and authentication tokens
3.3 Content Submitted for Processing
When you submit content for processing, we collect:
- YouTube URLs submitted for transcription and article generation
- Transcription output generated by our AI pipeline (text derived from audio)
- Uploaded audio or video files (if applicable)
- Generated articles, titles, meta descriptions and images produced by the Service
- Custom prompts or instructions you provide to the AI
Important note regarding YouTube content: We transcribe the audio of YouTube videos you submit. We do not store, redistribute or republish the original video or audio file. Transcription output is stored solely to provide you with the Service and is subject to your retention controls.
3.4 Payment Data
We use Stripe to process payments. We do not directly store full payment card numbers, CVV codes or full bank account details. We receive and store:
- Stripe Customer ID
- Payment method type (e.g. "Visa ending 4242")
- Billing address
- Transaction history (amounts, dates, plan changes)
- Subscription status
[ICO GUIDELINE: Payment data handled via a PCI-DSS compliant processor (Stripe) reduces controller obligations, but billing metadata is still personal data — ICO guidance on financial data, 2022.]
3.5 Communications Data
When you contact us:
- Content of emails, support tickets and chat messages
- Your email address and any other contact details you provide
3.6 Marketing Preferences
With your consent:
- Whether you have opted in to marketing communications
- Your communication preferences (email frequency, content type)
- Campaign engagement data (open rates, click-throughs) — where tracked
3.7 Cookies and Tracking Data
Please refer to our Cookie Policy for full details of the cookies and similar technologies we use. In summary, we collect:
- Session cookies (strictly necessary)
- Authentication tokens
- Analytics data (via anonymised analytics tools)
- Preference cookies
3.8 Multi-Tenant Site Configuration Data
Each Subscriber manages one or more Sites within the Service. We store:
- Site identifiers (
site_id) and sub-domain configuration - Site settings (language, template, SEO configuration)
- API keys and credentials provided by the Subscriber for third-party integrations (e.g. WordPress, Blogger, Shopify, Webflow) — stored encrypted at rest
- Newsletter subscriber lists uploaded or collected by the Subscriber via their Sites
Multi-tenant isolation: Each Subscriber's data is logically isolated by site_id. Subscribers cannot access, view or modify another Subscriber's data. Technical measures enforcing this isolation are described in our Security Policy.
4. How We Collect Your Data
We collect data:
4.1. Directly from you — when you register, subscribe, submit content, contact us or configure your Site. 4.2. Automatically — through cookies, server logs and analytics tools when you use the Service. 4.3. From third parties — from Stripe (payment confirmation), Google (if you use Google OAuth login), and Cloudflare (security and performance data).
5. Lawful Basis for Processing
[ICO GUIDELINE: Article 6 UK GDPR requires a lawful basis for every processing activity. Legitimate interests assessments (LIAs) should be documented. ICO Lawful Basis guidance, updated 2024.]
| Processing Activity | Lawful Basis | Details |
|---|---|---|
| Account registration and management | Contract (Art. 6(1)(b)) | Necessary to provide the Service you have signed up for. |
| Processing YouTube URLs and generating articles/images | Contract (Art. 6(1)(b)) | Core service delivery — the primary purpose of the subscription. |
| Processing payments and billing history | Contract (Art. 6(1)(b)) and Legal Obligation (Art. 6(1)(c)) | Required to fulfil the subscription agreement and comply with tax/accounting obligations. |
| Sending transactional emails (account confirmations, receipts, service notifications) | Contract (Art. 6(1)(b)) | Necessary for service delivery and account management. |
| Sending marketing emails (offers, feature updates, newsletters) | Consent (Art. 6(1)(a)) | Only where you have explicitly opted in. You may withdraw consent at any time. |
| Security monitoring and fraud prevention | Legitimate Interests (Art. 6(1)(f)) | We have a legitimate interest in protecting our platform and Subscribers from fraud, abuse and security threats. This does not override your interests or fundamental rights. |
| Analytics to improve the Service | Legitimate Interests (Art. 6(1)(f)) | LIA summary: Purpose — understanding usage patterns to improve product quality and reliability. Necessity — no less intrusive means achieves the same insight. Balance — data is anonymised where feasible; no sensitive data is involved; Subscribers reasonably expect usage monitoring as a standard SaaS practice. Individual impact is minimal. Our interests do not override data subjects' rights. |
| Compliance with legal obligations (tax, court orders, regulatory requests) | Legal Obligation (Art. 6(1)(c)) | Required by applicable law. |
| Storing API keys for third-party integrations | Contract (Art. 6(1)(b)) | Required to provide the integration features you have configured. |
| Retaining records post-termination | Legal Obligation (Art. 6(1)(c)) and Legitimate Interests (Art. 6(1)(f)) | Accounting records, dispute resolution and regulatory compliance. |
6. How We Use Your Data
We use personal data for the following purposes:
6.1. Service delivery — creating your account, processing your content submissions, generating AI articles and images, publishing to your integrated platforms. 6.2. Billing and subscription management — processing payments, managing renewals, handling upgrades, downgrades and cancellations. 6.3. Customer support — responding to your enquiries and resolving issues. 6.4. Service communications — sending you important notices about your account, including security alerts, subscription changes and planned maintenance. 6.5. Marketing (consent only) — sending you promotional emails, product updates and offers. You may opt out at any time via the unsubscribe link in any marketing email or by contacting support@cliptotext.ai. 6.6. Security and fraud prevention — monitoring for abuse, detecting unauthorised access attempts, and protecting the integrity of the platform and your data. 6.7. Analytics and product improvement — understanding usage patterns to improve the Service. Where analytics data includes personal data, it is processed on the basis of legitimate interests and anonymised where technically feasible. 6.8. Legal compliance — meeting our obligations under applicable law, including responding to lawful requests from public authorities. 6.9. AI processing — generating content (articles, images) using AI models operated by our sub-processors (OpenAI). Your submitted content (YouTube URL transcriptions, custom prompts) is transmitted to OpenAI's API solely for this purpose. We do not use your content to train AI models without your separate, explicit consent. OpenAI's API Terms of Service (effective March 2023, confirmed current as of May 2026) explicitly state: "We do not use data submitted by customers via our API to train our models, unless you explicitly share your data with us." This clause reflects that confirmed position.
7. Automated Decision-Making and Profiling
7.1. The Service uses automated processing to generate articles and images from your input. This is the core purpose of the Service and constitutes automated processing of the content you submit.
7.2. We do not use your personal data to make automated decisions that produce legal or similarly significant effects about you as defined in Article 22 UK GDPR (for example, decisions about creditworthiness, insurance or employment).
7.3. We may use anonymised, aggregated data to analyse usage trends across the platform. This does not involve profiling individual data subjects in a manner that produces legal effects.
7.4. If you believe an automated process has produced an incorrect or unfair outcome, you have the right to request human review. Please contact privacy@cliptotext.ai.
8. Sub-Processors
We share your personal data with the following sub-processors to deliver the Service:
[ICO GUIDELINE: Article 28 UK GDPR requires written contracts with all processors. Sub-processor lists should be kept current and disclosed to data subjects — ICO Contracts and Liabilities guidance, 2022.]
| Sub-Processor | Purpose | Country of Processing | Safeguard |
|---|---|---|---|
| OpenAI, L.L.C. | Text generation (GPT-4), audio transcription (Whisper), image generation (DALL-E 3) | USA | Standard Contractual Clauses (UK Addendum) |
| Stripe, Inc. | Payment processing, subscription management, billing | USA / EU | Standard Contractual Clauses (UK Addendum); Stripe is PCI-DSS Level 1 certified |
| Brevo (Sendinblue SAS) | Transactional and marketing email delivery | EU (France) | Standard Contractual Clauses; EU adequacy maintained |
| Amazon Web Services, Inc. (AWS S3) | File storage (uploaded videos, generated images, transcription files) | USA (us-east-1) | UK International Data Transfer Agreement (IDTA) — AWS Data Processing Addendum |
| Cloudflare, Inc. | CDN, DDoS protection, WAF | USA / global edge network | Standard Contractual Clauses (UK Addendum) |
| Hetzner Online GmbH | Backend hosting — application servers, MariaDB database, Redis cache | Finland, EU (Helsinki) | No transfer — EU/EEA; UK adequacy decision applies |
We require all sub-processors to:
- Process personal data only on our documented instructions;
- Implement appropriate technical and organisational security measures;
- Enter into a written data processing agreement satisfying Article 28 UK GDPR;
- Not engage further sub-processors without our prior written authorisation.
We will notify you of material changes to our sub-processor list with reasonable advance notice.
9. International Transfers
9.1. Some of our sub-processors (OpenAI, Stripe, AWS, Cloudflare) are based in or process data in the United States of America, which is not subject to a UK adequacy decision for all transfers.
9.2. Where we transfer personal data outside the UK to countries without an adequacy decision, we rely on:
- UK International Data Transfer Agreements (IDTAs) and/or
- UK Addendum to EU Standard Contractual Clauses (SCCs)
as approved by the Secretary of State under Section 119A DPA 2018.
9.3. Transfer agreements status: The following transfer mechanisms must be executed before going live: (a) OpenAI — UK Addendum to OpenAI's Data Processing Addendum, available at openai.com/policies/data-processing-addendum; (b) Stripe — UK Addendum to Stripe's Data Processing Agreement, available at stripe.com/legal/dpa; (c) AWS — UK IDTA via AWS Data Privacy page (console.aws.amazon.com); (d) Cloudflare — UK Addendum to Cloudflare's DPA, available at cloudflare.com/gdpr/introduction. All four are standard online sign-up processes requiring no negotiation.
9.4. You may request a copy of the relevant transfer safeguards by contacting privacy@cliptotext.ai.
10. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this Policy, subject to the following retention periods:
[ICO GUIDELINE: Storage limitation principle (Article 5(1)(e) UK GDPR) — data must not be kept longer than necessary. Retention schedules should be documented — ICO Records Management guidance, 2021.]
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account and identity data | Duration of subscription + 12 months post-termination | Account recovery, dispute resolution |
| Billing and transaction records | 7 years from transaction date | HMRC statutory accounting requirement (Companies Act 2006) |
| Content submissions (YouTube URLs, transcription output) | Duration of subscription + 30 days post-termination | Service delivery; deleted after grace period unless exported |
| Generated articles and images | Duration of subscription + 30 days post-termination | Service delivery; available for export before deletion |
| API keys (third-party integrations) | Duration of subscription; deleted immediately on disconnection | Required for integration operation |
| Support and communications | 3 years from last correspondence | Dispute resolution, service improvement |
| Server and security logs | 90 days rolling | Security monitoring and incident investigation |
| Marketing preferences | Until you withdraw consent or we end the marketing programme | Consent-based; withdrawn immediately on opt-out |
| Anonymised analytics data | Indefinitely | Not personal data once anonymised |
10.1. Following account termination, we will delete or anonymise your personal data within the periods stated above, unless we are required by law to retain it for longer.
10.2. You may request early deletion of your data by contacting privacy@cliptotext.ai. We will fulfil erasure requests subject to any overriding legal obligation to retain data.
11. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
[ICO GUIDELINE: Controllers must respond to rights requests within one calendar month (extendable by two further months for complex requests). Requests must be fulfilled free of charge in the first instance — ICO Individual Rights guidance, 2024.]
| Right | What it means |
|---|---|
| Right of access (Article 15) | You may request a copy of all personal data we hold about you. |
| Right to rectification (Article 16) | You may ask us to correct inaccurate or incomplete data. |
| Right to erasure (Article 17) | You may ask us to delete your personal data where there is no lawful basis for continued processing. |
| Right to restriction (Article 18) | You may ask us to pause processing of your data in certain circumstances (e.g. whilst accuracy is disputed). |
| Right to data portability (Article 20) | You may request your data in a machine-readable format where processing is based on contract or consent. |
| Right to object (Article 21) | You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds. |
| Right to withdraw consent (Article 7(3)) | Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. |
| Rights relating to automated decision-making (Article 22) | You have the right not to be subject to solely automated decisions producing significant effects, and to request human review. |
How to exercise your rights: Contact privacy@cliptotext.ai with your request. We may need to verify your identity before fulfilling a request. We will respond within one calendar month. There is no charge for reasonable requests.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction. Key measures include:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256
- Multi-tenant logical isolation — each Subscriber's data is segregated by
site_id - Role-based access controls for internal staff
- Redis cache prefixed by tenant identifier to prevent cross-tenant data leakage
- Regular security reviews
For full details, please see our Security Policy at https://cliptotext.ai/security-policy.
No method of transmission over the internet is completely secure. Whilst we take all reasonable steps to protect your data, we cannot guarantee absolute security.
13. Cookies
We use cookies and similar technologies on our website and platform. For full details of the cookies we use, their purpose, lifespan and how to manage or withdraw consent, please see our Cookie Policy at https://cliptotext.ai/cookie-policy.
14. Children's Data
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact privacy@cliptotext.ai and we will delete it promptly.
15. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, the Service or applicable law. We will notify you of material changes by email (to the address associated with your account) and/or by a prominent notice on the Service, at least 30 days before the change takes effect. The current version is always available at https://cliptotext.ai/privacy-policy.
16. How to Complain
16.1. If you have concerns about how we process your personal data, please contact us first at privacy@cliptotext.ai. We will investigate and respond within 30 days.
16.2. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time:
- Website: www.ico.org.uk
- Telephone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
16.3. If you are located in the European Union, you may also lodge a complaint with your local data protection authority.
This document was prepared as a draft template and must be reviewed and validated by a qualified UK solicitor before publication or reliance. It does not constitute legal advice.
Questions? support@cliptotext.ai · privacy@cliptotext.ai
© 2026 ALL-IN-ONE DIGITAL SOLUTIONS LTD · Company no. 15957512 · Registered in England and Wales
2nd Floor, Collage House, 17 King Edwards Road, Ruislip, Middlesex, HA4 7AE, United Kingdom