Privacy Policy

This Privacy Policy explains what information RallyClips collects, how we use it, who we share it with, and the choices you have. It applies to the RallyClips website, web app, and mobile apps (the “Service”).

1. Information we collect

Account information

When you sign up, we collect your email address, password (stored as a salted hash by our auth provider), and any profile details you choose to add, such as a display name, handle, or avatar.

Uploaded content

We collect the video files you upload, along with derived data: extracted frames (held temporarily for processing), generated clips, thumbnails, and metadata such as detected rally timestamps, shot classifications, and any tags you add manually.

Payment information

When you subscribe to a paid plan, payment is handled by Stripe. We do not see or store your full card number. We receive limited billing data from Stripe (such as the last four digits of your card, card brand, expiration month/year, billing country, and subscription status) so we can show your billing details and enforce subscription limits.

Usage and device data

We collect basic technical data when you interact with the Service: IP address, browser or app version, OS, referring URL, timestamps, and event logs (e.g., which clips you played). We use this data to operate, secure, and improve the Service.

Cookies and similar technologies

We use first-party cookies and local storage to keep you signed in, remember preferences, and protect against abuse. We do not currently use third-party advertising cookies.

2. How we use your information

• To provide and operate the Service (account login, video processing, clip playback, sharing).
• To run automated rally detection, thumbnailing, and (where enabled) AI classification on your uploads.
• To process payments and manage subscriptions through Stripe.
• To enforce usage limits, prevent abuse, and secure the Service.
• To communicate with you about your account, billing, security, and product updates.
• To analyze aggregated, de-identified usage patterns to improve the Service.

3. Where your data is stored

Videos, clips, and thumbnails are stored in Cloudflare R2 (object storage) in the “rallyclips-media” bucket. Cloudflare encrypts data at rest and in transit. Access to objects is gated by short-lived signed URLs scoped to specific files.

Account data, metadata, and analytics are stored in a self-hosted PostgreSQL database (Supabase) running on a server we operate in Germany. Database backups are encrypted and retained for a limited period.

Payment data is held by Stripe under their own privacy policy. See stripe.com/privacy.

4. AI processing

To detect rally boundaries and (where the feature is enabled) classify shots or identify players, we send a small number of representative frames from your videos to Google’s Gemini Vision API. Per Google’s terms for paid API usage, these frames are not used to train Google’s models. We do not share full videos with Google or any other AI vendor.

5. Service providers we share data with

• Cloudflare — object storage (R2) for videos, clips, and thumbnails.
• Stripe — payment processing and subscription billing.
• Google — Gemini Vision API for automated video analysis.
• Hetzner — server hosting for our API, worker, and database.
• Transactional email provider — for sign-up confirmations, password resets, and billing notices.

We do not sell your personal information. We do not share your data with advertisers.

6. Public content

Clips, playlists, and profiles you choose to make public are visible to anyone with the URL and may appear in our public feed. If a public clip is later set to private or deleted, cached copies may persist briefly with downstream caches and viewers’ browsers.

7. Data retention

We retain your account data and uploaded content for as long as your account is active. When you delete your account, we delete your videos, clips, thumbnails, and profile data within 30 days, except for limited records we must retain to comply with legal, tax, or fraud-prevention obligations (e.g., billing records). See the data deletion page for details.

8. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, or to object to certain processing. To exercise these rights:

• Visit the data deletion page to delete your account.
• Email [email protected] for access, correction, or export requests.

We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising your privacy rights.

9. Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it.

10. Security

We use industry-standard security practices including TLS in transit, encryption at rest for backups and object storage, short-lived signed URLs for media, salted password hashing via our auth provider, and least-privilege access controls. No system is perfectly secure, and we cannot guarantee absolute security.

11. International transfers

We operate from the United States and store data on servers in Germany and on Cloudflare’s global object-storage network. By using the Service, you consent to your data being transferred to and processed in these locations.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before they take effect.

13. Contact

Questions about this policy or how we handle your data? Email [email protected].