Privacy Policy
Effective date: May 29, 2026 · Last updated: May 29, 2026
1. Who We Are
Clepora ("we", "us", "our") is a software-as-a-service platform that helps creators and businesses publish content across multiple social media platforms from a single dashboard. Our registered contact address is legal@clepora.com.
This Privacy Policy applies to all users of Clepora's web application, mobile application, and API services (collectively, the "Service").
2. Age Restriction
Clepora is strictly for users aged 18 and over.
We do not knowingly collect personal data from anyone under the age of 18. If we discover that a user is under 18, we will immediately terminate the account and delete all associated data. If you believe a minor has registered, please contact us at legal@clepora.com.
3. Data We Collect
3.1 Account Data
- Name and email address provided at registration
- Encrypted password (we never store plain-text passwords)
- Account creation date and last login timestamp
3.2 Content Data
- Videos and media files you upload for processing
- Captions, titles, descriptions, and hashtags you create
- Publishing schedules and platform connection tokens
3.3 Platform Connection Data
- OAuth access tokens for connected platforms (YouTube, TikTok, Meta, LinkedIn, X, Pinterest, Telegram)
- Platform-specific account identifiers and page IDs
- These tokens are stored encrypted at rest
You can disconnect any connected social account at any timefrom the Connections section of your dashboard (each connected platform has a “Disconnect / release” option). When you disconnect, Clepora revokes the access token with that platform where the platform supports revocation and deletes the stored token and connection from our systems. After disconnecting, Clepora can no longer access or publish to that account.
3.4 Usage Data
- Analytics data retrieved from connected platforms (views, engagement, revenue estimates)
- Feature usage patterns for service improvement
- Error logs and performance data
3.5 Data We Do NOT Collect
- We do not collect payment card numbers (handled directly by our payment processor)
- We do not collect biometric data
- We do not track your activity outside of Clepora
4. How We Use Your Data
- To provide the Service — process your videos, publish to platforms, and display analytics
- To send transactional emails — publish confirmations, view milestone alerts, account notifications
- To improve the Service — aggregate, anonymised usage analysis
- To comply with law — responding to valid legal requests and protecting our rights
- To prevent abuse — detecting and stopping fraud, spam, and policy violations
We do not use your data for:
- Selling to third parties
- Advertising or retargeting
- Training AI models on your private content without explicit consent
5. Third-Party Services
To operate Clepora, we share data with the following processors under strict data processing agreements:
| Service | Purpose | Data shared |
|---|---|---|
| AWS (Amazon) | Object storage, AI inference, content moderation | Media files, video frames |
| Resend | Transactional email delivery | Email address, name |
| YouTube / Google | Video publishing and analytics (when connected) | Videos, captions, OAuth token |
| Meta (Facebook/Instagram) | Publishing and analytics (when connected) | Videos, captions, OAuth token |
| TikTok | Video publishing (when connected) | Videos, captions, OAuth token |
| Publishing and analytics (when connected) | Posts, OAuth token | |
| X (Twitter) | Publishing (when connected) | Posts, videos, OAuth token |
| Publishing (when connected) | Pins, videos, OAuth token | |
| Telegram | Publishing (when connected) | Messages, videos, bot token |
| ACRCloud | Audio copyright fingerprinting | Audio sample (10 seconds) |
| Pixabay | Royalty-free music selection | Search query only |
6. Your Rights
Depending on your location, you have some or all of the following rights:
Right to access
Request a copy of all personal data we hold about you
Right to deletion
Request deletion of your account and all associated data — available directly in Settings → Delete Account
Right to portability
Request your data in a machine-readable format
Right to rectification
Correct inaccurate personal data
Right to restrict processing
Ask us to stop processing your data in certain ways
Right to object
Object to processing based on legitimate interests
Right to withdraw consent
Withdraw consent at any time without affecting prior lawful processing
To exercise any right, email legal@clepora.com. We will respond within 30 days. EU/UK users may also lodge a complaint with their local supervisory authority.
7. Data Deletion
You may delete your account at any time from Settings → Delete Account. Upon deletion:
- All personal data is deleted from our databases within 30 days
- All uploaded media files are deleted from object storage within 30 days
- Platform connection tokens are revoked and deleted immediately
- Anonymised, aggregated analytics data may be retained
- Data required by law may be retained for the legally required period
When you delete your Clepora account, all of your information and every connection to your social media accounts are removed. Clepora revokes and deletes the access tokens for all connected platforms (YouTube, TikTok, Instagram, Facebook, LinkedIn, X, Pinterest, Telegram), which means Clepora will no longer have any access to those social media accounts.
8. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account deletion
- Uploaded media: retained for 90 days after processing, then deleted unless you request earlier deletion
- Published content: we do not retain copies after publishing — content lives on the destination platform
- Analytics snapshots: retained for 2 years
- Legal hold data: retained as required by applicable law
9. Security
- Passwords are hashed using bcrypt — we cannot recover your password
- OAuth tokens are encrypted at rest using AES-256
- All data in transit is encrypted using TLS 1.2 or higher
- Object storage is access-controlled — media is not publicly accessible without a time-limited signed URL
- In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours
10. Regulatory Compliance
Clepora is designed to comply with the following regulations:
- GDPR (EU General Data Protection Regulation 2016/679) — lawful basis for processing, data subject rights, breach notification
- UK GDPR — equivalent protections post-Brexit
- CCPA / CPRA (California Consumer Privacy Act) — right to know, delete, and opt out of sale (we do not sell data)
- COPPA (Children's Online Privacy Protection Act) — no users under 18 permitted
- PIPEDA (Canada) — consent-based processing, access rights
- LGPD (Brazil Lei Geral de Proteção de Dados) — lawful basis, data subject rights
- Australian Privacy Act 1988 — Australian Privacy Principles compliance
- DMCA (Digital Millennium Copyright Act) — registered DMCA agent, takedown procedures
- Platform developer policies — YouTube API ToS, Meta Platform Policy, TikTok Developer Agreement, LinkedIn API ToS
11. Cookies
Clepora uses only essential session cookies required to operate the Service. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required as we use only strictly necessary cookies.
12. International Data Transfers
Your data may be processed in the United States (AWS infrastructure). For EU/UK users, such transfers are made under Standard Contractual Clauses (SCCs) as approved by the European Commission. We do not transfer data to countries without adequate protection without appropriate safeguards.
13. Changes to This Policy
We will notify you of material changes to this policy by email and by posting a notice in the Clepora dashboard at least 30 days before changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.
14. Contact
Data Controller: Clepora
Privacy enquiries: legal@clepora.com
DMCA notices: legal@clepora.com
General support: support@clepora.com