NEXTCLIP PRIVACY POLICY

Last Updated: May 28, 2026
Effective Date: November 26, 2025

---

INTRODUCTION

NextClip LLC ("NextClip," "we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

By using NextClip, you consent to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use our Services.

---

QUICK REFERENCE

<a id="data-deletion"></a>

Data Deletion Instructions

Need to disconnect social media or delete your account?

Option 1: Disconnect Social Media Accounts To remove Instagram, TikTok, YouTube, or other connected platforms:

1. Log in to your NextClip dashboard
2. Go to Profile Settings
3. Click "Disconnect" next to the platform you want to remove

This immediately removes all OAuth access tokens.

Option 2: Delete Your Entire Account To request complete deletion of your NextClip account and all associated data:

• In the NextClip iOS app: Go to Settings → Request account deletion and confirm. This submits your deletion request directly from within the app.
• Or contact us: Contact Support or email support@nextclip.net
• Subject: "Account Deletion Request"
• Processing time: Within 30 days (GDPR compliant)

What gets deleted:

• OAuth access tokens and social media connections
• Personal information (name, email, profile data)
• Analytics and demographics
• Messages and communications
• Payment information (anonymized transaction records retained for legal/tax compliance)

Facebook/Instagram Account Deletion: If you deleted your Facebook or Instagram account, we automatically remove your associated NextClip OAuth data within 30 days.

For full details, see Section 6.3: Deletion Rights below.

---

TABLE OF CONTENTS

Quick Links:

• Data Deletion Instructions
• Social Media API Integrations (YouTube, Instagram, Twitter/X, TikTok, Discord)

Full Policy:

1. Information We Collect
2. How We Use Your Information
3. How We Share Your Information
4. Data Retention
5. Data Security
6. Your Privacy Rights
7. International Data Transfers
8. Cookies and Tracking Technologies
9. Children's Privacy
10. Third-Party Services 10A. Social Media API Integrations
11. Communications
12. California Privacy Rights (CCPA)
13. European Privacy Rights (GDPR)
14. Changes to This Privacy Policy
15. Contact Us

---

1. INFORMATION WE COLLECT

1.1 Information You Provide

Account Information:

• Full name
• Email address
• Username
• Password (encrypted)
• Date of birth
• Phone number (optional)
• Profile photo (optional)

Payment Information (Collected by Stripe):

• Bank account details
• Tax identification (SSN, EIN, or international equivalent)
• Payment method information
• Billing address
• Transaction history

Profile Information:

• Bio and description
• Social media handles
• Portfolio links
• Professional credentials

Content You Post:

• Campaign descriptions and requirements
• Submissions (videos, images)
• Content assets provided to creators
• Comments and messages
• Reviews and ratings

Guardian Account Information (for minors 13-17):

• Guardian's full name and contact information
• Guardian's identity verification documents
• Relationship to minor
• Guardian's payment and tax information

1.2 Information Collected Automatically

Usage Information:

• Pages visited and features used
• Time spent on the Platform
• Click patterns and navigation paths
• Search queries
• Campaign and submission interactions

Device Information:

• IP address
• Device type and model
• Operating system
• Browser type and version
• Screen resolution
• Device identifiers (e.g., advertising ID)

Location Information:

• General location (city, country) derived from IP address
• Precise location (if you grant permission)

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Web beacons
• Local storage
• Analytics and tracking pixels

1.3 Information from Third Parties

Social Media Platforms: If you link social media accounts or post content on third-party platforms:

• Public profile information
• View counts and engagement metrics
• Platform-specific analytics
• Discord profile information (user ID, username, avatar, server membership)

Stripe Connect:

• Payment processing information
• Identity verification results
• Compliance and risk information

Background Check Services (if applicable):

• Identity verification
• Fraud prevention checks

Analytics Services:

• Aggregated usage data
• Performance metrics

---

2. HOW WE USE YOUR INFORMATION

2.1 To Provide and Improve Services

Core Platform Functions:

• Create and manage your account
• Process and facilitate transactions
• Enable communication between users
• Display your profile and content
• Match creators with brand campaigns
• Track and verify submissions

Service Improvement:

• Analyze usage patterns and trends
• Test new features and functionality
• Improve user experience
• Optimize platform performance
• Develop new products and services

2.2 For Safety and Security

Fraud Prevention:

• Detect and prevent fraudulent activity
• Verify identity and prevent impersonation
• Monitor for view manipulation and fake engagement
• Investigate suspicious transactions
• Enforce our Terms of Service

Platform Security:

• Protect against unauthorized access
• Prevent spam and abuse
• Detect and respond to security incidents
• Monitor for violations of our policies

2.3 For Legal and Compliance

Legal Obligations:

• Comply with applicable laws and regulations
• Respond to legal requests (subpoenas, court orders)
• Issue tax forms (1099-NEC for U.S. users)
• Maintain records as required by law
• Report suspicious activities to authorities

Dispute Resolution:

• Investigate and resolve disputes
• Enforce our Terms of Service
• Defend legal claims
• Provide evidence in arbitration or litigation

2.4 For Communications

Transactional Communications (cannot opt out):

• Account notifications and updates
• Payment confirmations and receipts
• Security alerts
• Service announcements
• Changes to Terms or policies

Marketing Communications (can opt out):

• Product updates and new features
• Promotional offers and discounts
• Tips and best practices
• Newsletters and blog posts
• Surveys and feedback requests

2.5 For Marketing and Analytics

Platform Marketing:

• Display your submissions in marketing materials (with consent)
• Create case studies and success stories
• Showcase creator achievements
• List brand names and logos of users

Analytics:

• Understand how users interact with the Platform
• Measure effectiveness of features
• Track conversion and retention
• Generate reports and insights

Community Features:

• Display achievements and milestones in Discord community
• Post leaderboard rankings with earnings (with your consent)
• Feature high-performing clips in Discord spotlight (opt-in only)
• Facilitate community engagement and recognition

---

3. HOW WE SHARE YOUR INFORMATION

3.1 With Other Users

Public Profile Information: Visible to all users:

• Username and profile photo
• Bio and description
• Portfolio and past work
• Reviews and ratings
• Public submissions and campaigns

Limited Information Shared: When you interact with other users:

• Brands see creator applications and submissions
• Creators see campaign details and brand requirements
• Both parties see relevant transaction information

Not Shared:

• Email address (unless you choose to share)
• Payment information
• Personal identification documents
• Private messages (except with intended recipients)

3.2 With Service Providers

We share information with trusted third-party service providers who help us operate the Platform:

Stripe (Payment Processing):

• Payment and bank account information
• Identity verification data
• Transaction details
• Tax information

AWS (Cloud Hosting):

• All data stored on our servers
• Backups and redundancy

Supabase (Database and Authentication):

• Account information
• User-generated content
• Platform data

Analytics Providers:

• Google Analytics
• Mixpanel
• Usage data and metrics

Communication Services:

• Email service providers (e.g., SendGrid)
• SMS providers (if applicable)
• Push notification services

Customer Support:

• Support ticket systems
• Chat tools
• User inquiry information

OpenAI (AI Content Moderation & Brand Profiling):

• User-generated text — including chat messages, campaign titles and descriptions, creative briefs, application messages, and profile bios — sent for automated safety and policy screening
• Brand website metadata sent to generate structured brand profiles
• OpenAI acts as our service provider and, per its API terms, does not use this data to train its models

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.3 For Legal Reasons

We may disclose information if required by law or if we believe in good faith that disclosure is necessary to:

• Comply with legal obligations (subpoenas, court orders)
• Protect our rights, property, or safety
• Protect users' rights, property, or safety
• Prevent fraud or illegal activity
• Investigate violations of our Terms of Service
• Respond to government requests

3.4 Business Transfers

If NextClip is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. You will be notified of any such change.

3.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

3.6 Aggregate and De-Identified Data

We may share aggregate, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Industry statistics
• Platform performance metrics
• Research and analysis
• Marketing materials

3.7 Discord Community Integration

If you connect your Discord account, we share performance data with Discord servers as detailed in Section 10A.4, including:

• Public announcements of achievements and milestones (with your consent)
• Leaderboard rankings with earnings amounts (with your consent)
• Real-time stats in response to bot commands (private to you)
• Rank/tier status for role assignment

This sharing is necessary to provide the Discord integration features you opted into by linking your account. You can control what data is publicly visible in your Privacy Settings.

---

4. DATA RETENTION

4.1 General Retention Policy

We retain your information for as long as necessary to:

• Provide the Services
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

4.2 Specific Retention Periods

Account Information:

• Active accounts: Retained while account is active
• Closed accounts: Deleted within 90 days (unless legal requirement)

Transaction Records:

• Retained for 7 years for tax and legal compliance

Content:

• Public content: May be retained for platform operation
• Deleted content: Removed within 30 days (may persist in backups for 90 days)

Communications:

• Support tickets: Retained for 3 years
• Messages: Retained while account is active, deleted within 90 days of account closure

Logs and Analytics:

• Usage logs: Retained for 2 years
• Security logs: Retained for 7 years

4.3 Legal Holds

If information is subject to legal hold (litigation, investigation), retention periods may be extended.

4.4 Backup Data

Deleted data may persist in backups for up to 90 days before permanent deletion.

---

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security measures including:

Technical Safeguards:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Regular security audits
• Intrusion detection systems
• Firewalls and access controls

Organizational Safeguards:

• Employee training on data protection
• Access limited to authorized personnel only
• Background checks for employees with data access
• Incident response procedures
• Regular security reviews

Third-Party Security:

• Stripe for payment security (PCI-DSS compliant)
• AWS for infrastructure security
• Regular vendor security assessments

5.2 No Guarantee

Despite our efforts, no security system is impenetrable. We cannot guarantee absolute security. You provide information at your own risk.

5.3 Your Responsibilities

You are responsible for:

• Keeping your password secure and confidential
• Using strong, unique passwords
• Enabling two-factor authentication (if available)
• Logging out of shared devices
• Reporting suspicious activity immediately

5.4 Breach Notification

In the event of a data breach affecting your information:

• We will notify affected users without unreasonable delay
• Notification will be sent via email
• We will report to relevant authorities as required by law

---

6. YOUR PRIVACY RIGHTS

6.1 Access and Correction

You have the right to:

• Access your personal information
• Correct inaccurate information
• Update your account information

How to Exercise:

• Update most information directly in account settings
• Email legal@nextclip.net for access to all information

6.2 Data Portability

You have the right to receive your personal data in a portable format.

How to Exercise: Email legal@nextclip.net with subject "Data Portability Request"

Response Time: 30 days

6.3 Deletion

You have the right to request deletion of your personal information, subject to legal exceptions.

How to Exercise:

• In the NextClip iOS app: Settings → Request account deletion
• By email: legal@nextclip.net with subject "Deletion Request"

Exceptions: We may retain information if required for:

• Legal compliance (tax records, transaction history)
• Fraud prevention
• Exercising legal rights
• Completing transactions

Response Time: 30 days

6.4 Opt-Out of Marketing

You may opt out of marketing communications at any time:

• Click "unsubscribe" in email footer
• Update preferences in account settings
• Email support@nextclip.net

Note: You cannot opt out of transactional communications (account notices, payment confirmations, etc.).

6.5 Do Not Track

Some browsers have "Do Not Track" features. We do not currently respond to Do Not Track signals.

---

7. INTERNATIONAL DATA TRANSFERS

7.1 Data Location

NextClip is based in the United States. Your data is stored on servers in the United States.

7.2 Transfer Mechanisms

For international users, we transfer your data to the United States using:

For EU/UK Users:

• Standard Contractual Clauses (SCCs) approved by European Commission
• Additional technical and organizational safeguards
• Compliance with EU-U.S. Data Privacy Framework (if applicable)

For Other International Users:

• Your consent to transfer (by using the Services)
• Contractual protections with service providers
• Industry-standard security measures

7.3 Your Rights Regarding Transfers

EU/UK Users:

• You may request information about transfer mechanisms
• You may object to transfers in certain circumstances
• You may lodge complaints with supervisory authorities

To request SCC details: Email legal@nextclip.net

---

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Types of Cookies We Use

Essential Cookies (Cannot Opt Out):

• Authentication and session management
• Security features
• Load balancing
• Core platform functionality

Analytics Cookies (Can Opt Out):

• Google Analytics
• Mixpanel
• Usage tracking and optimization

Functional Cookies (Can Opt Out):

• User preferences
• Language settings
• Display customization

Advertising Cookies (Can Opt Out):

• Retargeting ads
• Campaign tracking
• Conversion measurement

8.2 How to Control Cookies

Browser Settings: Most browsers allow you to:

• Block all cookies
• Block third-party cookies
• Delete cookies after each session
• Receive alerts when cookies are set

Cookie Preference Center: Manage non-essential cookies in your account settings.

Third-Party Opt-Outs:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• NAI Opt-Out: https://optout.networkadvertising.org

8.3 Other Tracking Technologies

Web Beacons (Pixels): Small graphics used to track email opens and user behavior.

Local Storage: Stores data locally in your browser for performance.

Device Fingerprinting: May be used for fraud prevention and security.

---

9. CHILDREN'S PRIVACY

9.1 Minimum Age

The Services are not intended for children under 13. We do not knowingly collect information from children under 13.

9.2 Guardian-Sponsored Accounts

Minors aged 13-17 may use the Services only through Guardian-Sponsored Accounts:

• Guardian provides all personal information
• Guardian has full control of the account
• All data is associated with the Guardian, not the minor
• Guardian receives all communications

9.3 Parental Rights

Guardians of minors with Guardian-Sponsored Accounts may:

• Access all account information
• Request deletion of information
• Revoke consent at any time
• Close the account

9.4 Discovery of Child Users

If we discover a user under 13 without proper Guardian sponsorship:

• The account will be immediately terminated
• All data will be deleted
• No refunds will be issued

To report underage users: Email legal@nextclip.net

---

10. THIRD-PARTY SERVICES

10.1 Third-Party Platforms

When you post content to third-party platforms (TikTok, Instagram, Twitter/X, YouTube):

• Those platforms' privacy policies apply
• We are not responsible for their data practices
• Review their privacy policies before using

Platform Privacy Policies:

• TikTok: https://www.tiktok.com/legal/privacy-policy
• Instagram: https://help.instagram.com/privacy
• Twitter/X: https://twitter.com/privacy
• YouTube: https://policies.google.com/privacy

10.2 Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for their privacy practices.

10.3 Social Media Features

Social media features (share buttons, widgets) may collect information about your activity. These are governed by the privacy policies of the respective social media companies.

---

10A. SOCIAL MEDIA API INTEGRATIONS

10A.1 Overview

NextClip uses OAuth 2.0 authentication to connect with social media platforms (YouTube, Instagram, Twitter/X, TikTok, Facebook, Discord) to verify content submissions, track performance metrics, facilitate payouts, and enable community features. This section explains how we access, use, store, and protect data from these platforms.

When you connect a social media account:

• You grant us limited, revocable access to specific data via OAuth
• We securely store encrypted access tokens to maintain the connection
• You can disconnect at any time through your Profile Settings
• We comply with each platform's data protection policies

Important Note for Discord: Unlike other platform integrations, Discord integration involves bidirectional data sharing. We not only receive data from Discord, but also send your NextClip performance data (earnings, achievements, rankings) to Discord servers for community features. See Section 10A.4 for complete details.

---

10A.2 YouTube API Services

IMPORTANT NOTICE: NextClip uses YouTube API Services. By connecting your YouTube account, you agree to be bound by the YouTube Terms of Service and the Google Privacy Policy.

What YouTube Data We Access

When you connect your YouTube channel through OAuth, we request access to:

YouTube Data API v3 Scopes:

• youtube.readonly - View your YouTube account
• yt-analytics.readonly - View YouTube Analytics reports for your content
• userinfo.profile - See your personal info, including any personal info you've made publicly available

Specific Data Collected:

• Channel Information: Channel ID, channel name, subscriber count, total views, video count
• Analytics Data: Video view counts, watch time, average view duration, traffic sources, engagement metrics (likes, shares, comments)
• Audience Demographics: Viewer age groups, gender distribution, geographic locations (countries/regions)
• Video Metadata: Video IDs, titles, descriptions, thumbnails, upload dates, view counts
• Performance Metrics: Click-through rate (CTR), audience retention, average view percentage

How We Use YouTube Data

We use YouTube data for the following purposes:

1. Identity Verification: Confirm channel ownership and authenticity
2. Submission Tracking: Verify that submitted content was posted to your connected channel
3. View Count Verification: Track real-time views to calculate campaign payouts based on performance
4. Analytics & Reporting: Display your content performance metrics in your dashboard
5. Payout Calculation: Determine earnings based on verified views against campaign target goals
6. Profile Display: Show your channel statistics to brands when you apply to campaigns
7. Fraud Prevention: Detect view manipulation, fake engagement, or policy violations
8. Audience Matching: Help brands understand if your audience aligns with their target demographics

Limited Use Disclosure

NextClip's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use YouTube data only to provide and improve user-facing features described above
• We DO NOT sell YouTube user data to third parties
• We DO NOT use YouTube data for serving advertisements
• We DO NOT transfer YouTube data to data brokers or for credit assessment
• We DO NOT allow humans to read YouTube data except for security purposes, compliance with applicable law, or with your explicit consent
• We DO NOT use YouTube data for surveillance or tracking purposes unrelated to the Services

Data Storage and Security

Encryption:

• OAuth access tokens and refresh tokens are encrypted using AES-256-GCM encryption
• Tokens are never stored in plaintext
• Encryption keys are securely managed and rotated regularly

Access Controls:

• Only authorized NextClip systems can access encrypted tokens
• Human access to YouTube data is prohibited except for security investigations or with explicit user consent
• All API requests are logged for audit purposes

Data Retention

Analytics and Reporting Data:

• Stored indefinitely while your account remains active and connected
• Used consistently with the purposes disclosed above
• Authorization verified every 30 days

Other Authorized Data (Channel Stats, Video Metadata):

• Refreshed every 30 days maximum
• Cached data older than 30 days is automatically purged

After Disconnection:

• OAuth access tokens deleted immediately (within 24 hours)
• Cached channel and video data deleted within 7 days
• Historical analytics data (used in aggregate reporting) retained for up to 90 days, then anonymized

How to Revoke Access

You can revoke NextClip's access to your YouTube data at any time:

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to your YouTube channel
4. Confirm disconnection

Upon disconnection, we will delete your YouTube OAuth tokens within 24 hours and all cached data within 7 days.

Option 2: Revoke via Google Account

1. Visit the Google Security Settings page
2. Find "NextClip" in the list of connected apps
3. Click "Remove Access"

Upon revocation via Google, we will automatically detect the revocation and delete all YouTube data within 30 days.

YouTube Contact & Support

For questions specifically about YouTube data usage:

• Email: legal@nextclip.net with subject "YouTube API Data Inquiry"
• Google Privacy Policy: http://www.google.com/policies/privacy
• YouTube Terms of Service: https://www.youtube.com/t/terms

---

10A.3 Meta Platforms: Instagram, Facebook & Marketing API

IMPORTANT NOTICE: NextClip uses Meta's Instagram Graph API, Facebook Graph API, and Meta Marketing API. By connecting your Instagram or Meta Business account, you agree to be bound by Meta's Platform Terms and Meta's Privacy Policy.

NextClip operates two separate Meta integrations with distinct scopes and purposes depending on your role on the platform.

---

A. Content Creator — Instagram Business Login

When social media creators connect their Instagram account, we use Instagram's official Business Login flow.

Instagram Business Login Scopes:

• instagram_business_basic — Read basic Instagram Business/Creator account profile info (username, follower count, media count, account type)
• instagram_business_manage_insights — Read organic performance insights for your content (views, reach, impressions, engagement metrics)

Specific Data Collected:

• Profile Information: Instagram username, display name, profile picture, account ID, follower count, media count
• Content Performance: Reel and post view counts, impressions, reach, engagement (likes, comments, shares, saves) for submitted content
• Audience Insights: Age range distribution, gender breakdown, geographic distribution (for eligible accounts with sufficient audience)
• Content Details: Post URLs, media IDs, captions, post timestamps

How We Use This Data:

1. Account Verification: Confirm Instagram account ownership and that it is an eligible Business or Creator account
2. Submission Tracking: Verify that submitted Reels or posts were published to your connected account
3. View Verification: Track organic views and engagement to calculate campaign payouts
4. Analytics Display: Show your content performance in your NextClip creator dashboard
5. Profile Showcase: Display your account statistics to brands when you apply to their campaigns
6. Fraud Detection: Monitor for fake engagement, bot activity, or view manipulation

---

B. Brand — Meta Business Account Connection (FB Login for Business)

When brands connect their Meta Business account, we use Facebook Login for Business to enable the Partnership Ads feature.

Facebook Login for Business Scopes:

• ads_management — Create and manage advertising campaigns, ad sets, ad creatives, and ads in your Meta ad account on your behalf when you use the Run Ad feature
• ads_read — Read ad performance metrics from your Meta ad account (spend, impressions, reach, clicks, CPM, CTR, frequency, video watch time) to display in your campaign dashboard
• business_management — Read your Meta Business Manager to enumerate your ad accounts and Facebook Pages; verify Business Manager ownership for partnership permission workflows
• pages_show_list — List the Facebook Pages you manage, to identify your brand Page for use as the ad identity in Partnership Ads
• pages_read_engagement — Read Page metadata used when building Partnership Ad creatives (Page name, linked Instagram Business Account)
• instagram_basic — Verify the Instagram Business Account linked to your Facebook Page; detect and reject PBIA (Page-Backed Instagram Account) shadow accounts that are ineligible for Partnership Ads
• instagram_branded_content_ads_brand — Enable your brand to run Partnership Ads using a creator's Instagram post as the ad creative, via Meta's source_instagram_media_id field in the ad creative spec
• instagram_branded_content_brand — Send and query brand-to-creator content partnership permission requests, which allow your brand to boost a creator's Instagram posts as Partnership Ads

Specific Data Collected:

• Ad Account Information: Ad account ID, name, currency (must be USD), account status, linked Business Manager name and ID
• Funding Source Presence: Whether a valid funding source is attached to the ad account (used for eligibility verification only; NextClip never accesses card details)
• Facebook Page Information: Page ID, Page name, and the linked Instagram Business Account ID and username
• Instagram Business Account Info: IG username and account type, used to confirm a real Business or Creator account is linked (PBIA shadow account detection)
• Business Manager ID: Used when sending partnership permission requests to Meta's API
• Partnership Permission Status: Current grant status of brand-to-creator permission pairs (NONE, PENDING, GRANTED, REVOKED)
• Ad Entity IDs: Campaign, ad set, creative, and ad IDs created in your Meta ad account by the Run Ad feature, stored to track lifecycle and display results

How We Use This Data:

1. Brand Onboarding Validation: Verify that your ad account is active, USD-denominated, has a funding source, and is linked to a Business Manager before enabling Partnership Ads
2. Ad Identity: Associate your Facebook Page and linked Instagram Business Account as the ad identity shown in Partnership Ads ("Sponsored by [Brand Page]")
3. Partnership Permission Management: Request creator-to-brand content partnership permissions and query their current status via instagram_branded_content_brand
4. Ad Campaign Creation: Create campaign, ad set, creative, and ad entities in your Meta ad account when you use the Run Ad feature
5. Ad Performance Tracking: Retrieve ad metrics via ads_read to populate your NextClip campaign dashboard (spend, impressions, reach, clicks, CPM, CTR, frequency, average video watch time)
6. PBIA Detection: Prevent connections from shadow Instagram accounts that cannot run Partnership Ads

---

C. Partnership Ads — Campaign Data

When a brand uses the Run Ad feature to launch a Meta Partnership Ad using a creator's Instagram post:

What NextClip Does:

• Creates a campaign, ad set, ad creative, and ad in the brand's own Meta ad account using ads_management permission granted during connection
• References the creator's Instagram post by its numeric media ID (source_instagram_media_id) as the ad creative
• Retrieves ad performance snapshots periodically via ads_read for display in the brand dashboard

Important — Who Pays and Who Is Responsible:

• All ad spend is charged directly to the brand's Meta ad account. NextClip does not pay for, guarantee, or control ad delivery
• NextClip is NOT the advertiser of record; the brand's Meta Business Manager is
• Brands are solely responsible for compliance with Meta's Advertising Policies and Community Standards

Creator Content Usage:

• A creator's Instagram post is only used as an ad creative after the creator has explicitly granted partnership permission to the brand via Meta's Partnership Ads Hub (a Meta-controlled interface)
• The ad displays a "Paid partnership with @[brand]" label automatically applied by Instagram
• NextClip stores the numeric media ID (source_instagram_media_id) as a reference to the creator's existing Instagram post; we do not store a copy of the creator's video

Ad Performance Data We Store:

• Spend (in USD cents), impressions, reach, unique clicks, CPM, CTR, frequency, average video watch time per ad — stored as periodic snapshots for dashboard display
• Meta entity IDs (campaign, ad set, creative, ad) for lifecycle tracking

---

Data Storage and Security (All Meta Integrations)

Encryption:

• All OAuth access tokens (creator Instagram Login and brand FB Login for Business) are encrypted using AES-256-GCM encryption
• Tokens are never stored in plaintext; encryption keys are securely managed and rotated

Access Controls:

• Only authorized NextClip systems can access encrypted tokens
• Human access to Meta API data is prohibited except for security investigations or with your explicit consent
• All API requests are logged for audit purposes

Data Retention (All Meta Integrations)

While Connected:

• Access tokens refreshed per token expiry schedules (creator IG tokens: ~60-day long-lived; brand FB tokens: per system token configuration)
• Cached profile and performance data refreshed every 24–48 hours
• Ad performance snapshots retained for dashboard analytics for the life of the ad; archived after campaign conclusion

After Disconnection:

• OAuth tokens deleted within 24 hours
• Cached profile and content data purged within 30 days
• Aggregate analytics data anonymized after 90 days

How to Revoke Access

Content Creators:

1. Log in to NextClip → Profile Settings → Social Accounts → Disconnect next to Instagram

Or directly via Meta: Instagram Settings → Apps and Websites → remove NextClip

Brands:

1. Log in to NextClip → Settings → Connected Accounts → Disconnect next to your Meta Business connection

Or directly via Meta: Facebook Settings → Apps and Websites → remove NextClip

In both cases, tokens are deleted within 24 hours and all cached data is purged within 30 days.

Data Deletion Callback

NextClip implements Meta's required data deletion callback URL. When you delete your Facebook or Instagram account or revoke app access, we receive an automated notification from Meta and delete all associated OAuth tokens and cached data within 30 days.

To request data deletion or check deletion status: Email legal@nextclip.net with subject "Meta Data Deletion Request"

Meta Contact & Support

• Email: legal@nextclip.net with subject "Meta/Instagram API Data Inquiry"
• Meta Privacy Policy: https://www.facebook.com/privacy/policy/
• Meta Platform Terms: https://developers.facebook.com/terms

---

10A.4 Discord Integration

IMPORTANT NOTICE: NextClip's Discord integration involves bidirectional data sharing between your NextClip account and Discord servers. This includes both receiving data from Discord AND sending your NextClip performance data to Discord servers and community channels.

By connecting your Discord account, you agree to:

• Discord's Terms of Service
• Discord's Privacy Policy
• NextClip's sharing of your performance data with Discord (as described below)

What Discord Data We Collect FROM Discord

When you connect your Discord account through OAuth or use the /link command in our Discord server:

Profile Information:

• Discord user ID (unique identifier)
• Discord username and discriminator
• Avatar URL
• Discord server membership status
• Server roles (for access control)

Referral Tracking:

• Discord invite codes used when joining
• Referrer Discord ID (if you joined via a referral link)
• Referral conversion status

What NextClip Data We Send TO Discord

IMPORTANT: When you link your Discord account, NextClip shares your performance data with Discord servers and may display it in community channels. This includes:

Automatically Shared Data:

• Rank/tier status (Bronze, Silver, Gold, Diamond, Elite Creator)
• Lifetime earnings (total amounts in USD)
• Achievement unlocks (First Blood, Viral Hit, Thousandaire, Streak Master, etc.)
• Rank changes and promotions
• Referral statistics (referrals made, referral earnings)
• Campaign completion milestones

Data Shared on User Command: When you use Discord bot commands like /mystats, the following is shared (visible only to you via "ephemeral" messages):

• Lifetime earnings
• Active campaigns count
• Completed campaigns count
• Average creator rating
• Total views generated across all clips
• Referral count and referral earnings

Publicly Visible Data in Discord Channels: The following may be posted in public Discord channels visible to all server members:

• Rank-up announcements: "Username just hit 🥇 Gold Creator! Total Earnings: $500+"
• Achievement announcements: "Username earned 🔥 Viral Hit - Their clip crossed 100,000 views!"
• Leaderboard rankings: Weekly/monthly top earners by genre with specific earnings amounts
• Clip spotlights: Featured clips with view counts, earnings, and performance insights
• Campaign completion milestones: Notable achievements on specific campaigns

Data Sent to Private/Tier-Gated Channels: Higher-tier creators (Gold+, Diamond+) may have performance data visible in exclusive channels:

• Early access campaign notifications
• VIP opportunity alerts
• Tier-specific leaderboards

How Discord Integration Works

Account Linking Process:

1. You run /link command in Discord or connect via NextClip Profile Settings → Social Accounts
2. OAuth authentication flow links your Discord ID to your NextClip user account
3. Linkage enables automatic role sync, stat tracking, and achievement announcements
4. Initial roles assigned based on current performance metrics

Automatic Role Sync System: NextClip automatically assigns Discord server roles based on your real-time performance:

Rank Roles (updated automatically):

• 🥉 Bronze Creator: Verified account
• 🥈 Silver Creator: $100+ lifetime earnings
• 🥇 Gold Creator: $500+ lifetime earnings
• 💎 Diamond Creator: $2,000+ lifetime earnings
• 👑 Elite Creator: $10,000+ lifetime earnings

Achievement Roles (permanent once earned):

• 🚀 First Blood: Completed first campaign
• 💰 Thousandaire: Single clip earned $1,000+
• 🔥 Viral Hit: Single clip hit 100k+ views
• 📈 Streak Master: 5 campaigns completed in one week
• 🎯 Sharpshooter: 10 campaigns with 4+ star ratings
• 🤝 Recruiter: Referred 5+ active creators

Webhook System: NextClip sends automated webhooks to Discord when:

• You rank up (e.g., Silver → Gold)
• You unlock new achievements
• Your clips hit view milestones (10k, 100k, 1M views)
• Referrals you made complete their first campaign
• You appear on weekly/monthly leaderboards

Bot Commands and API Calls: When you or others use bot commands, NextClip's API provides real-time data:

• /mystats - Fetches your current stats (ephemeral - only you see)
• /leaderboard - Fetches top earners (public display)
• /campaigns - Lists active campaigns matching your genres
• /myreferral - Generates your unique referral link

Purpose of Discord Integration

We use Discord integration for:

1. Community Building: Connect creators in a shared community space for networking and collaboration
2. Engagement & Motivation: Public recognition of achievements and milestones to drive platform engagement
3. Real-Time Notifications: Alert you to new campaigns matching your selected content genres
4. Referral Tracking: Attribute new Discord members to referrers for bonus payout calculations
5. Gamification: Leaderboards, rankings, and tier progression to encourage quality content creation
6. Peer Support: Facilitate community support, resource sharing, and feedback
7. Access Control: Tier-gated channels for high-performing creators (Gold+, Diamond+)

Data Visibility and Privacy Controls

What's Public vs Private:

Privacy Controls: You can control what's shared in Profile Settings → Privacy → Discord Integration:

• ☐ Allow public achievement announcements (Default: ON)
• ☐ Allow leaderboard inclusion (Default: ON)
• ☐ Allow clip spotlight features (Default: OFF - must opt-in)
• ☐ Show lifetime earnings in public announcements (Default: ON)

Note: Disabling these settings prevents your data from appearing in public announcements but does NOT:

• Prevent automatic role assignment (roles are visible to all server members)
• Prevent private stat commands like /mystats (only you see the response)
• Remove you from the Discord server or unlink your account

Data Storage and Security

Discord Linking Data:

• Discord ID and username stored in discord_links database table
• One-to-one relationship: One Discord account per NextClip account
• OAuth access tokens encrypted using AES-256-GCM encryption
• Encryption keys securely managed and rotated regularly

Data Transmission Security:

• All data sent via secure HTTPS webhooks and Discord API calls
• Bot authentication token secured in environment variables
• API calls authenticated with internal API keys
• Webhook signatures validated to prevent spoofing

Third-Party Risk - IMPORTANT: Once data is sent to Discord servers:

• It is governed by Discord's privacy policy and data retention practices
• Discord may store message history indefinitely
• Other Discord server members can see public announcements
• We cannot delete data from Discord's servers once posted
• Discord may use data according to their own privacy policy

Data Retention

While Linked:

• Discord connection remains active until you disconnect
• Performance data refreshed in real-time for bot commands
• Public announcements remain in Discord message history
• Roles updated automatically when performance metrics change

After Disconnection:

• OAuth access tokens deleted immediately (within 24 hours)
• Stored Discord ID and username deleted from our database within 7 days
• Discord server roles remain until manually removed by server administrators
• Historical announcements remain in Discord channels permanently (we cannot retroactively delete Discord messages)
• Cached performance data deleted from NextClip servers within 7 days

Data Retention on Discord's Servers: We cannot control Discord's data retention policies. Messages posted to Discord channels may be retained indefinitely by Discord. For information on Discord's data retention, see Discord's Privacy Policy.

How to Disconnect

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to Discord
4. Confirm disconnection

Upon disconnection:

• OAuth tokens deleted within 24 hours
• No new data will be sent to Discord
• Existing Discord messages remain (cannot be deleted)

Option 2: Leave Discord Server Leaving the NextClip Discord server does NOT automatically unlink your account. You must disconnect via NextClip settings to stop data sharing.

Option 3: Revoke via Discord Settings

1. Open Discord → User Settings → Authorized Apps
2. Find "NextClip" in the list
3. Click "Deauthorize"

Upon revocation, we will detect the change and delete Discord linking data within 30 days.

Important: Disconnecting stops future data sharing but does NOT:

• Delete historical announcements already posted in Discord channels
• Remove Discord server roles (must be done by server admins)
• Delete messages visible to other server members

Your Rights Regarding Discord Data

You have the following rights:

1. Right to Disconnect: Revoke Discord integration at any time through Profile Settings
2. Right to Access: Request a copy of all Discord data we've collected about you
3. Right to Deletion: Request deletion of Discord linking data (processed within 7-30 days)
4. Right to Opt-Out: Opt out of public announcements while maintaining account linkage
5. Right to Correction: Update cached Discord profile data (refreshes automatically)
6. Right to Know: Request details about what data we access and how we use it
7. Right to Data Portability: Request Discord integration data in machine-readable format

To exercise these rights: Email legal@nextclip.net with subject "Discord Integration Privacy Request"

Include:

• Your NextClip account email
• Your Discord username and ID (if known)
• Specific request (access, deletion, opt-out, etc.)

Response Time: 30 days

Discord Support & Contact

For questions specifically about Discord integration:

• Email: legal@nextclip.net with subject "Discord Integration Inquiry"
• Discord Privacy Policy: https://discord.com/privacy
• Discord Terms of Service: https://discord.com/terms

---

10A.5 Twitter/X API

IMPORTANT NOTICE: NextClip uses Twitter API v2 with OAuth 2.0 authentication. By connecting your Twitter/X account, you agree to be bound by Twitter's Terms of Service and Twitter's Privacy Policy.

What Twitter/X Data We Access

When you connect your Twitter/X account through OAuth, we request access to:

Twitter API v2 OAuth Scopes:

• tweet.read - Read tweets and tweet metrics
• users.read - Read your user profile information
• offline.access - Maintain access via refresh token

Specific Data Collected:

Profile Information:

• Twitter User ID (unique identifier)
• Username (handle - e.g., @username)
• Display name
• Profile image URL
• Bio/description
• Verification status (blue checkmark)
• Account creation date

Account Metrics:

• Follower count
• Following count
• Total tweet count
• Account age (calculated from creation date)

Tweet Metrics (for submitted content):

• Tweet ID
• Impressions (total views)
• Engagement metrics (likes, retweets, replies, quotes, bookmarks)
• Public metrics vs non-public metrics
• Organic metrics

OAuth Tokens:

• Access token (expires every 2 hours)
• Refresh token (expires after 6 months)

How We Use Twitter/X Data

We use Twitter/X data for the following purposes:

1. Identity Verification: Confirm Twitter account ownership and authenticity
2. Submission Tracking: Verify that submitted content was posted to your connected Twitter account
3. View Count Verification: Track real-time impressions (views) to calculate campaign payouts based on performance
4. Analytics & Reporting: Display your tweet performance metrics in your dashboard
5. Payout Calculation: Determine earnings based on verified impressions against campaign target goals
6. Profile Display: Show your account statistics to brands when you apply to campaigns
7. Fraud Prevention: Detect engagement manipulation, bot activity, or policy violations
8. Audience Matching: Help brands understand if your audience aligns with their target demographics (follower count, account age)
9. Requirements Verification: Check if your account meets campaign requirements (minimum followers, verified status, account age)

Data Storage and Security

Encryption:

• OAuth access tokens and refresh tokens are encrypted using AES-256-GCM encryption
• Tokens are never stored in plaintext
• Encryption keys are securely managed and rotated regularly

Access Controls:

• Only authorized NextClip systems can access encrypted tokens
• All API requests are logged for audit purposes
• Token revocation immediately upon disconnection

Token Refresh:

• Access tokens expire every 2 hours and are automatically refreshed
• Refresh tokens expire after 6 months
• Expired tokens are automatically purged

Data Retention

Profile and Metrics Data:

• Cached profile data refreshed every 24-48 hours
• Tweet metrics updated in real-time when checking submission performance
• Historical performance data retained for dashboard analytics while account is connected

After Disconnection:

• OAuth access tokens revoked on Twitter's servers immediately
• Encrypted tokens deleted from our database within 24 hours
• Cached profile data deleted within 7 days
• Historical tweet metrics retained for up to 90 days for payout verification, then anonymized
• Connection record marked inactive (not fully deleted for audit trail)

How to Revoke Access

You can revoke NextClip's access to your Twitter/X data at any time:

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to your Twitter/X account
4. Confirm disconnection

Upon disconnection:

• Access token revoked on Twitter's servers
• Tokens deleted from NextClip database within 24 hours
• Cached data deleted within 7 days

Option 2: Revoke via Twitter/X Settings

1. Go to Twitter Apps Settings
2. Find "NextClip" in the list of connected apps
3. Click "Revoke access"

Upon revocation via Twitter, we will automatically detect the change and delete all Twitter data within 30 days.

Twitter/X Contact & Support

For questions specifically about Twitter/X data usage:

• Email: legal@nextclip.net with subject "Twitter API Data Inquiry"
• Twitter Privacy Policy: https://twitter.com/privacy
• Twitter Terms of Service: https://twitter.com/en/tos
• Twitter Developer Agreement: https://developer.twitter.com/en/developer-terms/agreement

---

10A.6 Other Social Media Platforms

TikTok: If you connect TikTok, we access the following data using TikTok's official API:

• Profile Information: Username, display name, TikTok ID (open_id), follower count, following count, total likes, video count, verification status
• Content Metrics: Video view counts, engagement metrics (likes, shares, comments)
• Account Statistics: Total videos posted, follower/following counts

Data usage, storage, and retention policies are consistent with YouTube, Instagram, and Twitter/X as described above. TikTok's Privacy Policy: https://www.tiktok.com/legal/privacy-policy

Note: Unlike Discord integration (Section 10A.4), these platforms are used solely for content verification and view tracking. We do NOT send your NextClip data to these platforms.

---

10A.7 Your Rights Regarding Social Media Data

You have the following rights:

1. Right to Disconnect: Revoke access at any time through Profile Settings
2. Right to Access: Request a copy of all social media data we've collected about you
3. Right to Deletion: Request deletion of all social media data (processed within 7-30 days)
4. Right to Correction: Correct inaccuracies in cached social media data (data refreshes automatically)
5. Right to Know: Request details about what data we access and how we use it

To exercise these rights: Email legal@nextclip.net with subject "Social Media Data Rights Request"

---

11. COMMUNICATIONS

11.1 Types of Communications

Transactional (Cannot Opt Out):

• Account creation confirmation
• Password reset emails
• Payment receipts
• Strike notifications
• Terms/policy updates
• Security alerts

Marketing (Can Opt Out):

• Product updates
• Promotional offers
• Newsletters
• Tips and best practices
• User surveys

11.2 Communication Preferences

Manage preferences in account settings or:

• Click "unsubscribe" in email footer
• Email support@nextclip.net with "Communication Preferences" in subject

11.3 SMS/Text Messages

If you provide a phone number and opt in to SMS:

• We may send transactional SMS
• Standard message and data rates apply
• Reply STOP to opt out

---

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

12.1 Applicability

This section applies to California residents under the California Consumer Privacy Act (CCPA).

12.2 Categories of Personal Information Collected

12.3 Sources of Personal Information

We collect information from:

• Directly from you (account creation, profile)
• Automatically (cookies, usage data)
• Third parties (Stripe, social media, analytics providers)

12.4 Purposes for Collection and Use

We use personal information for purposes described in Section 2 of this Privacy Policy.

12.5 Categories of Third Parties We Share With

We share personal information with:

• Service providers (Stripe, AWS, Supabase, analytics)
• Other users (limited public profile information)
• Legal authorities (when required by law)

12.6 Sale of Personal Information

We DO NOT sell your personal information.

We have not sold personal information in the past 12 months and do not plan to sell it in the future.

12.7 Your CCPA Rights

Right to Know: Request disclosure of:

• Categories of personal information collected
• Categories of sources
• Purposes for collection
• Categories of third parties we share with
• Specific pieces of personal information we hold about you

Right to Delete: Request deletion of your personal information (subject to exceptions).

Right to Opt-Out of Sale: Not applicable (we don't sell data).

Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

12.8 How to Exercise CCPA Rights

Email: legal@nextclip.net
Subject: "CCPA Request - [Type of Request]"

Include:

• Your full name
• Account email
• California residency confirmation
• Specific request

Response Time: 45 days (may extend 45 days with notice)

Verification: We will verify your identity before fulfilling requests.

12.9 Authorized Agents

You may designate an authorized agent to make CCPA requests on your behalf. The agent must provide:

• Written authorization from you
• Proof of their identity
• Proof of your California residency

---

13. EUROPEAN PRIVACY RIGHTS (GDPR)

13.1 Applicability

This section applies to individuals in the European Economic Area (EEA) and United Kingdom under the General Data Protection Regulation (GDPR) and UK GDPR.

13.2 Data Controller

NextClip LLC is the data controller for your personal data.

Contact: Email: legal@nextclip.net
Address: 7901 4th St N STE 300, St. Petersburg, FL 33702

13.3 Legal Bases for Processing

We process your personal data based on:

Contract Performance (Art. 6(1)(b) GDPR):

• Providing the Services you requested
• Processing payments
• Facilitating transactions

Legitimate Interests (Art. 6(1)(f) GDPR):

• Fraud prevention and platform security
• Improving the Services
• Marketing to existing users

Consent (Art. 6(1)(a) GDPR):

• Marketing communications (opt-in)
• Optional cookies and tracking
• Specific features requiring consent

Legal Obligations (Art. 6(1)(c) GDPR):

• Compliance with laws and regulations
• Tax reporting requirements
• Responding to legal requests

13.4 Your GDPR Rights

Right to Access (Art. 15): Request confirmation of what personal data we process and obtain a copy.

Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17) - "Right to be Forgotten": Request deletion of your data in certain circumstances.

Right to Restrict Processing (Art. 18): Request limitation of processing in certain circumstances.

Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.

Right to Object (Art. 21):

• Object to processing based on legitimate interests
• Object to direct marketing (always honored)

Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time (where processing is based on consent).

Right to Lodge a Complaint (Art. 77): File a complaint with your supervisory authority.

13.5 How to Exercise GDPR Rights

Email: legal@nextclip.net
Subject: "GDPR Request - [Type of Request]"

Include:

• Your full name
• Account email
• EU/UK residency confirmation
• Specific request

Response Time: 30 days (may extend 60 days for complex requests with notice)

13.6 Data Protection Authority Contact

EU Users: Find your country's supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

UK Users: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

13.7 Automated Decision-Making

We use automated processing for:

• Fraud detection and view manipulation detection
• Content quality verification
• Risk assessment

Your Rights:

• Request human review of automated decisions
• Receive explanation of logic involved
• Contest decisions affecting you significantly

13.8 International Data Transfers

As described in Section 7, your data is transferred to the United States. We implement Standard Contractual Clauses (SCCs) and additional safeguards.

SCCs Available: Full text of SCCs available upon request at: legal@nextclip.net

13.9 Data Retention

See Section 4 for retention periods. We retain data only as long as necessary for the purposes outlined in this Privacy Policy.

---

14. CHANGES TO THIS PRIVACY POLICY

14.1 Right to Modify

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Changes in applicable laws
• New features or services
• User feedback

14.2 Notification of Changes

Material Changes:

• Email notification to registered users
• Prominent notice on the Platform
• At least 30 days notice before taking effect

Non-Material Changes:

• Updated "Last Updated" date
• No specific notification required

14.3 Review Regularly

We encourage you to review this Privacy Policy periodically.

Current Version:

• Version: 2.0
• Last Updated: May 4, 2026
• Effective Date: November 26, 2025

---

15. CONTACT US

15.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

Email: legal@nextclip.net
Subject: "Privacy Inquiry"

15.2 Data Protection Officer (DPO)

If required under GDPR, our DPO contact information will be provided here. Currently, for all privacy matters, contact: legal@nextclip.net

15.3 Mailing Address

NextClip LLC
7901 4th St N STE 300
St. Petersburg, FL 33702
United States

15.4 General Support

For non-privacy related support:
Email: support@nextclip.net

---

Last Updated: May 28, 2026
Effective Date: November 26, 2025
Version: 2.0

---

APPENDIX: JURISDICTION-SPECIFIC INFORMATION

Canada (PIPEDA)

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Right to access personal information
• Right to correct inaccurate information
• Right to withdraw consent (subject to legal restrictions)

Canadian Users Contact: Same as above - legal@nextclip.net with subject "PIPEDA Request"

Australia (Privacy Act)

Australian users have rights under the Privacy Act 1988 and Australian Privacy Principles (APPs):

• Right to access personal information
• Right to correct personal information
• Right to complain to the Office of the Australian Information Commissioner (OAIC)

Australian Users Contact: Same as above - legal@nextclip.net with subject "Privacy Act Request"

OAIC Contact:
Website: https://www.oaic.gov.au
Phone: 1300 363 992

Other Jurisdictions

Users in other jurisdictions may have additional privacy rights under local laws. Nothing in this Privacy Policy limits rights that cannot be waived under applicable mandatory consumer protection or data protection laws.

To exercise rights under local laws, contact: legal@nextclip.net with subject "Privacy Request - [Your Country]"