ClipForge
Back to home

Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

We collect the following information when you use ClipForge:

  • Account information: name, email address, and securely hashed password (bcrypt). Google OAuth users: name, email, and profile picture from Google.
  • Authentication data: JWT session tokens stored in httpOnly cookies. OTP verification codes (temporary, 10-minute expiry).
  • Allstar.gg profile: your Allstar username/URL to fetch your clips.
  • OAuth tokens: access tokens from TikTok, YouTube, Instagram, Facebook, and Twitter/X when you connect those accounts. Tokens are stored encrypted (AES-256-GCM).
  • Clip metadata: titles, thumbnails, and stats fetched from Allstar.gg.
  • Usage data: publish history and subscription usage counters.

2. How We Use Your Information

  • To authenticate you and manage your account.
  • To fetch your gaming clips from Allstar.gg on your behalf.
  • To publish clips to social media platforms as directed by you.
  • To manage your subscription and billing via Stripe.
  • To improve the Service.

3. Data Sharing

We do not sell your personal data. We share data only with the following service providers as necessary to operate ClipForge:

  • Google — OAuth authentication (when you sign in with Google)
  • Email (SMTP) — OTP verification and password reset emails
  • Stripe — payment processing
  • TikTok, YouTube, Instagram, Facebook, Twitter/X — content publishing (only when you initiate a publish)
  • Allstar.gg — clip fetching

4. TikTok Data

When you connect your TikTok account, ClipForge receives an OAuth access token scoped to user.info.basic, video.upload, and video.publish. We use this token solely to upload and publish videos on your behalf. We do not access your TikTok messages, followers, or any data beyond what is necessary for publishing. You can revoke access at any time via TikTok's connected apps settings.

5. Data Retention

We retain your data for as long as your account is active. You may delete your account at any time, which will permanently remove your data from our systems within 30 days.

6. Security

Passwords are securely hashed using bcrypt. Sessions are managed via signed JWT tokens stored in httpOnly cookies. OAuth tokens are encrypted at rest using AES-256-GCM. We use industry-standard practices to protect your data in transit (TLS) and at rest.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data. Contact us at support@clipforge.games to exercise these rights.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice.

9. Contact

Questions about this Privacy Policy? Contact us at support@clipforge.games.