Privacy Policy

InsperLab Inc. ("Company," "we," "us") operates the Clipus platform (clipus.io). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service, including our Chrome browser extension ("Clipus — SaaS Screenshot & UI Capture").

2.1 Account Information

When you create an account, we collect your email address and display name. If you sign in with Google OAuth, we receive your Google profile email. If you subscribe to a paid plan, payment processing is handled by Stripe, and we do not store your credit card information.

2.2 Chrome Extension Data

When you actively start a capture session through our Chrome Extension by clicking "Start Capture," we collect:

• Screenshots: Visual captures of the active browser tab during capture sessions only.
• Click Coordinates: The x/y position of user clicks within the captured page.
• Page Layout Data: DOM element positions and dimensions (via getBoundingClientRect) for UI analysis.
• Page Metadata: Page title and URL of the captured page.

Translation Pre-caching: During an active capture session, visible text on the page is periodically sent to our servers for translation pre-caching. This improves video generation speed by preparing translations in advance. Text is sent only while the capture session is active and only from the page you are recording. The cached translations are stored with a 30-day expiration and associated only with the website domain — no personal data is included.

On-Device Processing: The extension includes an on-device OCR engine (ONNX-based) that detects and localizes text within captured screenshots for multilingual localization purposes. This processing occurs entirely within your browser using a local offscreen document — no image data is sent to external servers for text detection. The extension may also optionally download an on-device AI model (Gemma) from HuggingFace for local text processing. This download occurs only when you explicitly initiate it and the model runs entirely within your browser.

Host Permissions: The extension requires access to all HTTPS websites (host_permissions: https://*/*) because Clipus is designed to work with any SaaS platform — including HubSpot, Notion, Linear, Figma, and others. The extension only activates on explicit user action (clicking "Start Capture") and never accesses pages passively or in the background.

Important: We only collect this data from pages you explicitly select for capture. The extension does not collect data passively, does not monitor your general browsing activity, does not access your browsing history or bookmarks, and does not operate on pages outside of active capture sessions. The extension does not record video or audio.

2.3 URL Crawling Data

If you use the URL Crawl feature on clipus.io, we capture screenshots and page metadata from the public URL you provide. This only applies to publicly accessible pages.

2.4 Public API Data

When you use the Clipus Public API (REST API, Slack Bot, or MCP server), we collect:

• API Key Usage: We log which API key was used, timestamp, and request metadata for rate limiting and billing purposes. We store a cryptographic hash of your API key — the full key is shown only once at creation.
• Submitted URLs: Public URLs you submit via the API are crawled using Browserless to capture screenshots and page metadata, identical to the URL Crawl feature.
• Webhook URLs: If you configure a webhook endpoint, we store the URL and send campaign results to it over HTTPS. We do not store the response from your webhook server.

2.5 Slack Integration Data

When you connect your Slack workspace to Clipus:

• Slack User ID: We store your Slack user ID to link it with your Clipus account. We do not access your Slack messages, channels, or workspace data beyond what is needed to process the /clipus command.
• Workspace OAuth Token: When you install the Clipus Slack app via OAuth, we store an encrypted bot token and workspace identifier (team ID, team name) to deliver slash command responses to your workspace. Tokens are encrypted at rest using AES-256-GCM.
• Channel Context: When you use the slash command, we temporarily store the channel ID to send campaign results back to the correct channel. This is not retained after delivery.

2.6 Beta Signup Data

If you sign up for the beta program, we collect your email address and website URL. This data is used solely to manage beta invitations.

2.7 Support Requests

If you submit a support request, we collect your email address, request category, and message content to respond to your inquiry.

We use collected information solely for:

• Processing captured data to generate demo videos as requested by you
• Providing AI-powered script generation and voiceover synthesis
• Distributing videos to platforms you have authorized (YouTube, TikTok, Instagram)
• Improving our Service's accuracy and performance
• Communicating Service updates and responding to support requests

We do not sell your personal information or captured content to third parties. We do not use your content for AI model training without your explicit consent.

Your data is stored on secure cloud infrastructure (Supabase, hosted on AWS). All data transmission between the Chrome Extension and our servers is encrypted using HTTPS/TLS. Captured content (screenshots, interaction data) is stored temporarily for processing and is automatically deleted 30 days after video generation, unless you choose to retain it.

We use the following third-party services to operate Clipus:

• Supabase: Database, authentication, and file storage
• Vercel: Web application hosting
• Anthropic (Claude API): AI processing for script generation and UI analysis
• ElevenLabs: Text-to-speech voice generation
• OpenAI (Whisper): Audio transcription for subtitle synchronization
• Browserless: Server-side browser rendering for multilingual screenshot generation
• Inngest: Task orchestration for the video generation pipeline
• Stripe: Payment processing (not yet active during beta)
• YouTube / TikTok / Instagram APIs: Video distribution with your explicit authorization via OAuth
• Slack API: Slash command processing and result delivery to authorized channels
• Upstash Redis: Rate limiting and API key usage tracking

Each third-party service processes data in accordance with their own privacy policies. We minimize the data shared with third parties to only what is necessary for their specific function.

You have the right to:

• Access and download your personal data
• Request correction of inaccurate data
• Request deletion of your data and account
• Export your generated videos and associated data
• Disconnect social media platform connections at any time
• Opt out of non-essential communications

To exercise any of these rights, contact us at [email protected] or use our support page.

Account information is retained while your account is active. Captured screenshot and interaction data is automatically deleted 30 days after video generation. Translation cache entries (domain-level text and translations only, no personal data) expire automatically after 30 days. Generated videos are retained until you delete them or close your account. API keys remain active until revoked by you or upon account deletion. API usage logs are retained for 90 days for billing and abuse prevention. Upon account deletion, all associated data — including API keys, Slack links, and webhook configurations — is permanently removed within 30 days.

Your data may be processed on servers located in the United States (AWS us-east-1). We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from minors.

We may update this Privacy Policy periodically. Material changes will be communicated via email notification at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

For privacy-related inquiries or to exercise your data rights:

• Email: [email protected]
• Support: clipus.io/support

InsperLab Inc.
Republic of Korea