NEXTCLIP PRIVACY POLICY

Last Updated: November 26, 2025
Effective Date: November 26, 2025

---

INTRODUCTION

NextClip LLC ("NextClip," "we," "us," "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

By using NextClip, you consent to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use our Services.

---

QUICK REFERENCE

<a id="data-deletion"></a>

Data Deletion Instructions

Need to disconnect social media or delete your account?

Option 1: Disconnect Social Media Accounts To remove Instagram, TikTok, YouTube, or other connected platforms:

1. Log in to your NextClip dashboard
2. Go to Profile Settings
3. Click "Disconnect" next to the platform you want to remove

This immediately removes all OAuth access tokens.

Option 2: Delete Your Entire Account To request complete deletion of your NextClip account and all associated data:

• Contact us: Contact Support or email legal@nextclip.net
• Subject: "Account Deletion Request"
• Processing time: Within 30 days (GDPR compliant)

What gets deleted:

• OAuth access tokens and social media connections
• Personal information (name, email, profile data)
• Analytics and demographics
• Messages and communications
• Payment information (anonymized transaction records retained for legal/tax compliance)

Facebook/Instagram Account Deletion: If you deleted your Facebook or Instagram account, we automatically remove your associated NextClip OAuth data within 30 days.

For full details, see Section 6.3: Deletion Rights below.

---

TABLE OF CONTENTS

Quick Links:

• Data Deletion Instructions
• Social Media API Integrations (YouTube, Instagram, Twitter/X, TikTok, Discord)

Full Policy:

1. Information We Collect
2. How We Use Your Information
3. How We Share Your Information
4. Data Retention
5. Data Security
6. Your Privacy Rights
7. International Data Transfers
8. Cookies and Tracking Technologies
9. Children's Privacy
10. Third-Party Services 10A. Social Media API Integrations
11. Communications
12. California Privacy Rights (CCPA)
13. European Privacy Rights (GDPR)
14. Changes to This Privacy Policy
15. Contact Us

---

1. INFORMATION WE COLLECT

1.1 Information You Provide

Account Information:

• Full name
• Email address
• Username
• Password (encrypted)
• Date of birth
• Phone number (optional)
• Profile photo (optional)

Payment Information (Collected by Stripe):

• Bank account details
• Tax identification (SSN, EIN, or international equivalent)
• Payment method information
• Billing address
• Transaction history

Profile Information:

• Bio and description
• Social media handles
• Portfolio links
• Professional credentials

Content You Post:

• Bounty descriptions and requirements
• Submissions (videos, images)
• Content assets provided to clippers
• Comments and messages
• Reviews and ratings

Guardian Account Information (for minors 13-17):

• Guardian's full name and contact information
• Guardian's identity verification documents
• Relationship to minor
• Guardian's payment and tax information

1.2 Information Collected Automatically

Usage Information:

• Pages visited and features used
• Time spent on the Platform
• Click patterns and navigation paths
• Search queries
• Bounty and submission interactions

Device Information:

• IP address
• Device type and model
• Operating system
• Browser type and version
• Screen resolution
• Device identifiers (e.g., advertising ID)

Location Information:

• General location (city, country) derived from IP address
• Precise location (if you grant permission)

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Web beacons
• Local storage
• Analytics and tracking pixels

1.3 Information from Third Parties

Social Media Platforms: If you link social media accounts or post content on third-party platforms:

• Public profile information
• View counts and engagement metrics
• Platform-specific analytics
• Discord profile information (user ID, username, avatar, server membership)

Stripe Connect:

• Payment processing information
• Identity verification results
• Compliance and risk information

Background Check Services (if applicable):

• Identity verification
• Fraud prevention checks

Analytics Services:

• Aggregated usage data
• Performance metrics

---

2. HOW WE USE YOUR INFORMATION

2.1 To Provide and Improve Services

Core Platform Functions:

• Create and manage your account
• Process and facilitate transactions
• Enable communication between users
• Display your profile and content
• Match clippers with bounties
• Track and verify submissions

Service Improvement:

• Analyze usage patterns and trends
• Test new features and functionality
• Improve user experience
• Optimize platform performance
• Develop new products and services

2.2 For Safety and Security

Fraud Prevention:

• Detect and prevent fraudulent activity
• Verify identity and prevent impersonation
• Monitor for view manipulation and fake engagement
• Investigate suspicious transactions
• Enforce our Terms of Service

Platform Security:

• Protect against unauthorized access
• Prevent spam and abuse
• Detect and respond to security incidents
• Monitor for violations of our policies

2.3 For Legal and Compliance

Legal Obligations:

• Comply with applicable laws and regulations
• Respond to legal requests (subpoenas, court orders)
• Issue tax forms (1099-NEC for U.S. users)
• Maintain records as required by law
• Report suspicious activities to authorities

Dispute Resolution:

• Investigate and resolve disputes
• Enforce our Terms of Service
• Defend legal claims
• Provide evidence in arbitration or litigation

2.4 For Communications

Transactional Communications (cannot opt out):

• Account notifications and updates
• Payment confirmations and receipts
• Security alerts
• Service announcements
• Changes to Terms or policies

Marketing Communications (can opt out):

• Product updates and new features
• Promotional offers and discounts
• Tips and best practices
• Newsletters and blog posts
• Surveys and feedback requests

2.5 For Marketing and Analytics

Platform Marketing:

• Display your submissions in marketing materials (with consent)
• Create case studies and success stories
• Showcase creator/clipper achievements
• List brand names and logos of users

Analytics:

• Understand how users interact with the Platform
• Measure effectiveness of features
• Track conversion and retention
• Generate reports and insights

Community Features:

• Display achievements and milestones in Discord community
• Post leaderboard rankings with earnings (with your consent)
• Feature high-performing clips in Discord spotlight (opt-in only)
• Facilitate community engagement and recognition

---

3. HOW WE SHARE YOUR INFORMATION

3.1 With Other Users

Public Profile Information: Visible to all users:

• Username and profile photo
• Bio and description
• Portfolio and past work
• Reviews and ratings
• Public submissions and bounties

Limited Information Shared: When you interact with other users:

• Creators see clipper applications and submissions
• Clippers see bounty details and creator requirements
• Both parties see relevant transaction information

Not Shared:

• Email address (unless you choose to share)
• Payment information
• Personal identification documents
• Private messages (except with intended recipients)

3.2 With Service Providers

We share information with trusted third-party service providers who help us operate the Platform:

Stripe (Payment Processing):

• Payment and bank account information
• Identity verification data
• Transaction details
• Tax information

AWS (Cloud Hosting):

• All data stored on our servers
• Backups and redundancy

Supabase (Database and Authentication):

• Account information
• User-generated content
• Platform data

Analytics Providers:

• Google Analytics
• Mixpanel
• Usage data and metrics

Communication Services:

• Email service providers (e.g., SendGrid)
• SMS providers (if applicable)
• Push notification services

Customer Support:

• Support ticket systems
• Chat tools
• User inquiry information

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.3 For Legal Reasons

We may disclose information if required by law or if we believe in good faith that disclosure is necessary to:

• Comply with legal obligations (subpoenas, court orders)
• Protect our rights, property, or safety
• Protect users' rights, property, or safety
• Prevent fraud or illegal activity
• Investigate violations of our Terms of Service
• Respond to government requests

3.4 Business Transfers

If NextClip is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. You will be notified of any such change.

3.5 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

3.6 Aggregate and De-Identified Data

We may share aggregate, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Industry statistics
• Platform performance metrics
• Research and analysis
• Marketing materials

3.7 Discord Community Integration

If you connect your Discord account, we share performance data with Discord servers as detailed in Section 10A.4, including:

• Public announcements of achievements and milestones (with your consent)
• Leaderboard rankings with earnings amounts (with your consent)
• Real-time stats in response to bot commands (private to you)
• Rank/tier status for role assignment

This sharing is necessary to provide the Discord integration features you opted into by linking your account. You can control what data is publicly visible in your Privacy Settings.

---

4. DATA RETENTION

4.1 General Retention Policy

We retain your information for as long as necessary to:

• Provide the Services
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

4.2 Specific Retention Periods

Account Information:

• Active accounts: Retained while account is active
• Closed accounts: Deleted within 90 days (unless legal requirement)

Transaction Records:

• Retained for 7 years for tax and legal compliance

Content:

• Public content: May be retained for platform operation
• Deleted content: Removed within 30 days (may persist in backups for 90 days)

Communications:

• Support tickets: Retained for 3 years
• Messages: Retained while account is active, deleted within 90 days of account closure

Logs and Analytics:

• Usage logs: Retained for 2 years
• Security logs: Retained for 7 years

4.3 Legal Holds

If information is subject to legal hold (litigation, investigation), retention periods may be extended.

4.4 Backup Data

Deleted data may persist in backups for up to 90 days before permanent deletion.

---

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security measures including:

Technical Safeguards:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Regular security audits
• Intrusion detection systems
• Firewalls and access controls

Organizational Safeguards:

• Employee training on data protection
• Access limited to authorized personnel only
• Background checks for employees with data access
• Incident response procedures
• Regular security reviews

Third-Party Security:

• Stripe for payment security (PCI-DSS compliant)
• AWS for infrastructure security
• Regular vendor security assessments

5.2 No Guarantee

Despite our efforts, no security system is impenetrable. We cannot guarantee absolute security. You provide information at your own risk.

5.3 Your Responsibilities

You are responsible for:

• Keeping your password secure and confidential
• Using strong, unique passwords
• Enabling two-factor authentication (if available)
• Logging out of shared devices
• Reporting suspicious activity immediately

5.4 Breach Notification

In the event of a data breach affecting your information:

• We will notify affected users without unreasonable delay
• Notification will be sent via email
• We will report to relevant authorities as required by law

---

6. YOUR PRIVACY RIGHTS

6.1 Access and Correction

You have the right to:

• Access your personal information
• Correct inaccurate information
• Update your account information

How to Exercise:

• Update most information directly in account settings
• Email legal@nextclip.net for access to all information

6.2 Data Portability

You have the right to receive your personal data in a portable format.

How to Exercise: Email legal@nextclip.net with subject "Data Portability Request"

Response Time: 30 days

6.3 Deletion

You have the right to request deletion of your personal information, subject to legal exceptions.

How to Exercise: Email legal@nextclip.net with subject "Deletion Request"

Exceptions: We may retain information if required for:

• Legal compliance (tax records, transaction history)
• Fraud prevention
• Exercising legal rights
• Completing transactions

Response Time: 30 days

6.4 Opt-Out of Marketing

You may opt out of marketing communications at any time:

• Click "unsubscribe" in email footer
• Update preferences in account settings
• Email support@nextclip.net

Note: You cannot opt out of transactional communications (account notices, payment confirmations, etc.).

6.5 Do Not Track

Some browsers have "Do Not Track" features. We do not currently respond to Do Not Track signals.

---

7. INTERNATIONAL DATA TRANSFERS

7.1 Data Location

NextClip is based in the United States. Your data is stored on servers in the United States.

7.2 Transfer Mechanisms

For international users, we transfer your data to the United States using:

For EU/UK Users:

• Standard Contractual Clauses (SCCs) approved by European Commission
• Additional technical and organizational safeguards
• Compliance with EU-U.S. Data Privacy Framework (if applicable)

For Other International Users:

• Your consent to transfer (by using the Services)
• Contractual protections with service providers
• Industry-standard security measures

7.3 Your Rights Regarding Transfers

EU/UK Users:

• You may request information about transfer mechanisms
• You may object to transfers in certain circumstances
• You may lodge complaints with supervisory authorities

To request SCC details: Email legal@nextclip.net

---

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Types of Cookies We Use

Essential Cookies (Cannot Opt Out):

• Authentication and session management
• Security features
• Load balancing
• Core platform functionality

Analytics Cookies (Can Opt Out):

• Google Analytics
• Mixpanel
• Usage tracking and optimization

Functional Cookies (Can Opt Out):

• User preferences
• Language settings
• Display customization

Advertising Cookies (Can Opt Out):

• Retargeting ads
• Campaign tracking
• Conversion measurement

8.2 How to Control Cookies

Browser Settings: Most browsers allow you to:

• Block all cookies
• Block third-party cookies
• Delete cookies after each session
• Receive alerts when cookies are set

Cookie Preference Center: Manage non-essential cookies in your account settings.

Third-Party Opt-Outs:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• NAI Opt-Out: https://optout.networkadvertising.org

8.3 Other Tracking Technologies

Web Beacons (Pixels): Small graphics used to track email opens and user behavior.

Local Storage: Stores data locally in your browser for performance.

Device Fingerprinting: May be used for fraud prevention and security.

---

9. CHILDREN'S PRIVACY

9.1 Minimum Age

The Services are not intended for children under 13. We do not knowingly collect information from children under 13.

9.2 Guardian-Sponsored Accounts

Minors aged 13-17 may use the Services only through Guardian-Sponsored Accounts:

• Guardian provides all personal information
• Guardian has full control of the account
• All data is associated with the Guardian, not the minor
• Guardian receives all communications

9.3 Parental Rights

Guardians of minors with Guardian-Sponsored Accounts may:

• Access all account information
• Request deletion of information
• Revoke consent at any time
• Close the account

9.4 Discovery of Child Users

If we discover a user under 13 without proper Guardian sponsorship:

• The account will be immediately terminated
• All data will be deleted
• No refunds will be issued

To report underage users: Email legal@nextclip.net

---

10. THIRD-PARTY SERVICES

10.1 Third-Party Platforms

When you post content to third-party platforms (TikTok, Instagram, Twitter/X, YouTube):

• Those platforms' privacy policies apply
• We are not responsible for their data practices
• Review their privacy policies before using

Platform Privacy Policies:

• TikTok: https://www.tiktok.com/legal/privacy-policy
• Instagram: https://help.instagram.com/privacy
• Twitter/X: https://twitter.com/privacy
• YouTube: https://policies.google.com/privacy

10.2 Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for their privacy practices.

10.3 Social Media Features

Social media features (share buttons, widgets) may collect information about your activity. These are governed by the privacy policies of the respective social media companies.

---

10A. SOCIAL MEDIA API INTEGRATIONS

10A.1 Overview

NextClip uses OAuth 2.0 authentication to connect with social media platforms (YouTube, Instagram, Twitter/X, TikTok, Facebook, Discord) to verify content submissions, track performance metrics, facilitate payouts, and enable community features. This section explains how we access, use, store, and protect data from these platforms.

When you connect a social media account:

• You grant us limited, revocable access to specific data via OAuth
• We securely store encrypted access tokens to maintain the connection
• You can disconnect at any time through your Profile Settings
• We comply with each platform's data protection policies

Important Note for Discord: Unlike other platform integrations, Discord integration involves bidirectional data sharing. We not only receive data from Discord, but also send your NextClip performance data (earnings, achievements, rankings) to Discord servers for community features. See Section 10A.4 for complete details.

---

10A.2 YouTube API Services

IMPORTANT NOTICE: NextClip uses YouTube API Services. By connecting your YouTube account, you agree to be bound by the YouTube Terms of Service and the Google Privacy Policy.

What YouTube Data We Access

When you connect your YouTube channel through OAuth, we request access to:

YouTube Data API v3 Scopes:

• youtube.readonly - View your YouTube account
• yt-analytics.readonly - View YouTube Analytics reports for your content
• userinfo.profile - See your personal info, including any personal info you've made publicly available

Specific Data Collected:

• Channel Information: Channel ID, channel name, subscriber count, total views, video count
• Analytics Data: Video view counts, watch time, average view duration, traffic sources, engagement metrics (likes, shares, comments)
• Audience Demographics: Viewer age groups, gender distribution, geographic locations (countries/regions)
• Video Metadata: Video IDs, titles, descriptions, thumbnails, upload dates, view counts
• Performance Metrics: Click-through rate (CTR), audience retention, average view percentage

How We Use YouTube Data

We use YouTube data for the following purposes:

1. Identity Verification: Confirm channel ownership and authenticity
2. Submission Tracking: Verify that submitted content was posted to your connected channel
3. View Count Verification: Track real-time views to calculate bounty payouts based on performance
4. Analytics & Reporting: Display your content performance metrics in your dashboard
5. Payout Calculation: Determine earnings based on verified views against bounty target goals
6. Profile Display: Show your channel statistics to brands when you apply to bounties
7. Fraud Prevention: Detect view manipulation, fake engagement, or policy violations
8. Audience Matching: Help brands understand if your audience aligns with their target demographics

Limited Use Disclosure

NextClip's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use YouTube data only to provide and improve user-facing features described above
• We DO NOT sell YouTube user data to third parties
• We DO NOT use YouTube data for serving advertisements
• We DO NOT transfer YouTube data to data brokers or for credit assessment
• We DO NOT allow humans to read YouTube data except for security purposes, compliance with applicable law, or with your explicit consent
• We DO NOT use YouTube data for surveillance or tracking purposes unrelated to the Services

Data Storage and Security

Encryption:

• OAuth access tokens and refresh tokens are encrypted using AES-256-GCM encryption
• Tokens are never stored in plaintext
• Encryption keys are securely managed and rotated regularly

Access Controls:

• Only authorized NextClip systems can access encrypted tokens
• Human access to YouTube data is prohibited except for security investigations or with explicit user consent
• All API requests are logged for audit purposes

Data Retention

Analytics and Reporting Data:

• Stored indefinitely while your account remains active and connected
• Used consistently with the purposes disclosed above
• Authorization verified every 30 days

Other Authorized Data (Channel Stats, Video Metadata):

• Refreshed every 30 days maximum
• Cached data older than 30 days is automatically purged

After Disconnection:

• OAuth access tokens deleted immediately (within 24 hours)
• Cached channel and video data deleted within 7 days
• Historical analytics data (used in aggregate reporting) retained for up to 90 days, then anonymized

How to Revoke Access

You can revoke NextClip's access to your YouTube data at any time:

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to your YouTube channel
4. Confirm disconnection

Upon disconnection, we will delete your YouTube OAuth tokens within 24 hours and all cached data within 7 days.

Option 2: Revoke via Google Account

1. Visit the Google Security Settings page
2. Find "NextClip" in the list of connected apps
3. Click "Remove Access"

Upon revocation via Google, we will automatically detect the revocation and delete all YouTube data within 30 days.

YouTube Contact & Support

For questions specifically about YouTube data usage:

• Email: legal@nextclip.net with subject "YouTube API Data Inquiry"
• Google Privacy Policy: http://www.google.com/policies/privacy
• YouTube Terms of Service: https://www.youtube.com/t/terms

---

10A.3 Meta Platforms: Instagram & Facebook API

IMPORTANT NOTICE: NextClip uses Instagram Graph API and Facebook Graph API. By connecting your Instagram or Facebook account, you agree to be bound by Meta's Platform Terms and Meta's Privacy Policy.

What Instagram/Facebook Data We Access

When you connect your Instagram or Facebook account through OAuth, we request access to:

Instagram Graph API Scopes:

• instagram_basic - Read public profile info
• instagram_content_publish - (If applicable) Verify content publishing permissions
• instagram_insights - Read insights and engagement metrics

Facebook Graph API Scopes:

• public_profile - Access basic profile information
• pages_read_engagement - Read engagement data for Pages you manage

Specific Data Collected:

• Profile Information: Username, display name, profile picture URL, account ID
• Content Metrics: Post view counts, impressions, reach, engagement (likes, comments, shares)
• Follower Statistics: Follower count, follower growth rate
• Audience Demographics: Age range, gender distribution, geographic location (if available via Insights)
• Content Details: Post URLs, captions, media type (photo/video), timestamp

How We Use Instagram/Facebook Data

We use Instagram and Facebook data for the following purposes:

1. Account Verification: Confirm account ownership and authenticity
2. Content Verification: Verify that submitted content was posted to your connected account
3. Performance Tracking: Track views, engagement, and reach to calculate bounty payouts
4. Analytics Display: Show your content performance in your NextClip dashboard
5. Payout Calculation: Determine earnings based on verified views/engagement
6. Profile Showcase: Display your account statistics to brands when applying to bounties
7. Fraud Detection: Monitor for fake engagement, bot activity, or policy violations

Data Storage and Security

Encryption:

• OAuth access tokens encrypted using AES-256-GCM encryption
• Tokens stored securely and never exposed in plaintext

Access Controls:

• Limited system access to encrypted tokens
• Human access restricted to security investigations or with explicit consent

Data Retention

While Connected:

• Access tokens refreshed as needed (typically every 60 days)
• Cached profile and content metrics refreshed every 24-48 hours
• Historical analytics retained for dashboard reporting

After Disconnection:

• OAuth tokens deleted immediately (within 24 hours)
• Cached profile and content data deleted within 30 days
• Historical aggregate analytics anonymized after 90 days

How to Revoke Access

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to Instagram or Facebook
4. Confirm disconnection

Option 2: Revoke via Facebook/Instagram Settings

1. Go to Facebook Settings → Apps and Websites
2. Find "NextClip" and click "Remove"

Option 3: Request Data Deletion

• Visit our Data Deletion Request Page
• Or email: legal@nextclip.net with subject "Meta Data Deletion Request"
• We will process your request within 30 days (as required by Meta Platform Policy)

Data Deletion Callback

NextClip implements Meta's required data deletion callback URL. When you delete your Facebook or Instagram account or revoke access:

• We receive an automated notification from Meta
• Your OAuth tokens are immediately deleted
• All cached data is purged within 30 days
• You will receive a confirmation code to track the deletion status

To check deletion status: Email legal@nextclip.net with your confirmation code.

Meta Contact & Support

For questions about Instagram/Facebook data usage:

• Email: legal@nextclip.net with subject "Instagram/Facebook API Data Inquiry"
• Meta Privacy Policy: https://www.facebook.com/privacy/policy/
• Meta Platform Terms: https://developers.facebook.com/terms

---

10A.4 Discord Integration

IMPORTANT NOTICE: NextClip's Discord integration involves bidirectional data sharing between your NextClip account and Discord servers. This includes both receiving data from Discord AND sending your NextClip performance data to Discord servers and community channels.

By connecting your Discord account, you agree to:

• Discord's Terms of Service
• Discord's Privacy Policy
• NextClip's sharing of your performance data with Discord (as described below)

What Discord Data We Collect FROM Discord

When you connect your Discord account through OAuth or use the /link command in our Discord server:

Profile Information:

• Discord user ID (unique identifier)
• Discord username and discriminator
• Avatar URL
• Discord server membership status
• Server roles (for access control)

Referral Tracking:

• Discord invite codes used when joining
• Referrer Discord ID (if you joined via a referral link)
• Referral conversion status

What NextClip Data We Send TO Discord

IMPORTANT: When you link your Discord account, NextClip shares your performance data with Discord servers and may display it in community channels. This includes:

Automatically Shared Data:

• Rank/tier status (Bronze, Silver, Gold, Diamond, Elite Clipper)
• Lifetime earnings (total amounts in USD)
• Achievement unlocks (First Blood, Viral Hit, Thousandaire, Streak Master, etc.)
• Rank changes and promotions
• Referral statistics (referrals made, referral earnings)
• Bounty completion milestones

Data Shared on User Command: When you use Discord bot commands like /mystats, the following is shared (visible only to you via "ephemeral" messages):

• Lifetime earnings
• Active bounties count
• Completed bounties count
• Average creator rating
• Total views generated across all clips
• Referral count and referral earnings

Publicly Visible Data in Discord Channels: The following may be posted in public Discord channels visible to all server members:

• Rank-up announcements: "Username just hit 🥇 Gold Clipper! Total Earnings: $500+"
• Achievement announcements: "Username earned 🔥 Viral Hit - Their clip crossed 100,000 views!"
• Leaderboard rankings: Weekly/monthly top earners by genre with specific earnings amounts
• Clip spotlights: Featured clips with view counts, earnings, and performance insights
• Bounty completion milestones: Notable achievements on specific bounties

Data Sent to Private/Tier-Gated Channels: Higher-tier clippers (Gold+, Diamond+) may have performance data visible in exclusive channels:

• Early access bounty notifications
• VIP opportunity alerts
• Tier-specific leaderboards

How Discord Integration Works

Account Linking Process:

1. You run /link command in Discord or connect via NextClip Profile Settings → Social Accounts
2. OAuth authentication flow links your Discord ID to your NextClip user account
3. Linkage enables automatic role sync, stat tracking, and achievement announcements
4. Initial roles assigned based on current performance metrics

Automatic Role Sync System: NextClip automatically assigns Discord server roles based on your real-time performance:

Rank Roles (updated automatically):

• 🥉 Bronze Clipper: Verified account
• 🥈 Silver Clipper: $100+ lifetime earnings
• 🥇 Gold Clipper: $500+ lifetime earnings
• 💎 Diamond Clipper: $2,000+ lifetime earnings
• 👑 Elite Clipper: $10,000+ lifetime earnings

Achievement Roles (permanent once earned):

• 🚀 First Blood: Completed first bounty
• 💰 Thousandaire: Single clip earned $1,000+
• 🔥 Viral Hit: Single clip hit 100k+ views
• 📈 Streak Master: 5 bounties completed in one week
• 🎯 Sharpshooter: 10 bounties with 4+ star ratings
• 🤝 Recruiter: Referred 5+ active clippers

Webhook System: NextClip sends automated webhooks to Discord when:

• You rank up (e.g., Silver → Gold)
• You unlock new achievements
• Your clips hit view milestones (10k, 100k, 1M views)
• Referrals you made complete their first bounty
• You appear on weekly/monthly leaderboards

Bot Commands and API Calls: When you or others use bot commands, NextClip's API provides real-time data:

• /mystats - Fetches your current stats (ephemeral - only you see)
• /leaderboard - Fetches top earners (public display)
• /bounties - Lists active bounties matching your genres
• /myreferral - Generates your unique referral link

Purpose of Discord Integration

We use Discord integration for:

1. Community Building: Connect clippers in a shared community space for networking and collaboration
2. Engagement & Motivation: Public recognition of achievements and milestones to drive platform engagement
3. Real-Time Notifications: Alert you to new bounties matching your selected content genres
4. Referral Tracking: Attribute new Discord members to referrers for bonus payout calculations
5. Gamification: Leaderboards, rankings, and tier progression to encourage quality content creation
6. Peer Support: Facilitate community support, resource sharing, and feedback
7. Access Control: Tier-gated channels for high-performing clippers (Gold+, Diamond+)

Data Visibility and Privacy Controls

What's Public vs Private:

Privacy Controls: You can control what's shared in Profile Settings → Privacy → Discord Integration:

• ☐ Allow public achievement announcements (Default: ON)
• ☐ Allow leaderboard inclusion (Default: ON)
• ☐ Allow clip spotlight features (Default: OFF - must opt-in)
• ☐ Show lifetime earnings in public announcements (Default: ON)

Note: Disabling these settings prevents your data from appearing in public announcements but does NOT:

• Prevent automatic role assignment (roles are visible to all server members)
• Prevent private stat commands like /mystats (only you see the response)
• Remove you from the Discord server or unlink your account

Data Storage and Security

Discord Linking Data:

• Discord ID and username stored in discord_links database table
• One-to-one relationship: One Discord account per NextClip account
• OAuth access tokens encrypted using AES-256-GCM encryption
• Encryption keys securely managed and rotated regularly

Data Transmission Security:

• All data sent via secure HTTPS webhooks and Discord API calls
• Bot authentication token secured in environment variables
• API calls authenticated with internal API keys
• Webhook signatures validated to prevent spoofing

Third-Party Risk - IMPORTANT: Once data is sent to Discord servers:

• It is governed by Discord's privacy policy and data retention practices
• Discord may store message history indefinitely
• Other Discord server members can see public announcements
• We cannot delete data from Discord's servers once posted
• Discord may use data according to their own privacy policy

Data Retention

While Linked:

• Discord connection remains active until you disconnect
• Performance data refreshed in real-time for bot commands
• Public announcements remain in Discord message history
• Roles updated automatically when performance metrics change

After Disconnection:

• OAuth access tokens deleted immediately (within 24 hours)
• Stored Discord ID and username deleted from our database within 7 days
• Discord server roles remain until manually removed by server administrators
• Historical announcements remain in Discord channels permanently (we cannot retroactively delete Discord messages)
• Cached performance data deleted from NextClip servers within 7 days

Data Retention on Discord's Servers: We cannot control Discord's data retention policies. Messages posted to Discord channels may be retained indefinitely by Discord. For information on Discord's data retention, see Discord's Privacy Policy.

How to Disconnect

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to Discord
4. Confirm disconnection

Upon disconnection:

• OAuth tokens deleted within 24 hours
• No new data will be sent to Discord
• Existing Discord messages remain (cannot be deleted)

Option 2: Leave Discord Server Leaving the NextClip Discord server does NOT automatically unlink your account. You must disconnect via NextClip settings to stop data sharing.

Option 3: Revoke via Discord Settings

1. Open Discord → User Settings → Authorized Apps
2. Find "NextClip" in the list
3. Click "Deauthorize"

Upon revocation, we will detect the change and delete Discord linking data within 30 days.

Important: Disconnecting stops future data sharing but does NOT:

• Delete historical announcements already posted in Discord channels
• Remove Discord server roles (must be done by server admins)
• Delete messages visible to other server members

Your Rights Regarding Discord Data

You have the following rights:

1. Right to Disconnect: Revoke Discord integration at any time through Profile Settings
2. Right to Access: Request a copy of all Discord data we've collected about you
3. Right to Deletion: Request deletion of Discord linking data (processed within 7-30 days)
4. Right to Opt-Out: Opt out of public announcements while maintaining account linkage
5. Right to Correction: Update cached Discord profile data (refreshes automatically)
6. Right to Know: Request details about what data we access and how we use it
7. Right to Data Portability: Request Discord integration data in machine-readable format

To exercise these rights: Email legal@nextclip.net with subject "Discord Integration Privacy Request"

Include:

• Your NextClip account email
• Your Discord username and ID (if known)
• Specific request (access, deletion, opt-out, etc.)

Response Time: 30 days

Discord Support & Contact

For questions specifically about Discord integration:

• Email: legal@nextclip.net with subject "Discord Integration Inquiry"
• Discord Privacy Policy: https://discord.com/privacy
• Discord Terms of Service: https://discord.com/terms

---

10A.5 Twitter/X API

IMPORTANT NOTICE: NextClip uses Twitter API v2 with OAuth 2.0 authentication. By connecting your Twitter/X account, you agree to be bound by Twitter's Terms of Service and Twitter's Privacy Policy.

What Twitter/X Data We Access

When you connect your Twitter/X account through OAuth, we request access to:

Twitter API v2 OAuth Scopes:

• tweet.read - Read tweets and tweet metrics
• users.read - Read your user profile information
• offline.access - Maintain access via refresh token

Specific Data Collected:

Profile Information:

• Twitter User ID (unique identifier)
• Username (handle - e.g., @username)
• Display name
• Profile image URL
• Bio/description
• Verification status (blue checkmark)
• Account creation date

Account Metrics:

• Follower count
• Following count
• Total tweet count
• Account age (calculated from creation date)

Tweet Metrics (for submitted content):

• Tweet ID
• Impressions (total views)
• Engagement metrics (likes, retweets, replies, quotes, bookmarks)
• Public metrics vs non-public metrics
• Organic metrics

OAuth Tokens:

• Access token (expires every 2 hours)
• Refresh token (expires after 6 months)

How We Use Twitter/X Data

We use Twitter/X data for the following purposes:

1. Identity Verification: Confirm Twitter account ownership and authenticity
2. Submission Tracking: Verify that submitted content was posted to your connected Twitter account
3. View Count Verification: Track real-time impressions (views) to calculate bounty payouts based on performance
4. Analytics & Reporting: Display your tweet performance metrics in your dashboard
5. Payout Calculation: Determine earnings based on verified impressions against bounty target goals
6. Profile Display: Show your account statistics to brands when you apply to bounties
7. Fraud Prevention: Detect engagement manipulation, bot activity, or policy violations
8. Audience Matching: Help brands understand if your audience aligns with their target demographics (follower count, account age)
9. Requirements Verification: Check if your account meets bounty requirements (minimum followers, verified status, account age)

Data Storage and Security

Encryption:

• OAuth access tokens and refresh tokens are encrypted using AES-256-GCM encryption
• Tokens are never stored in plaintext
• Encryption keys are securely managed and rotated regularly

Access Controls:

• Only authorized NextClip systems can access encrypted tokens
• All API requests are logged for audit purposes
• Token revocation immediately upon disconnection

Token Refresh:

• Access tokens expire every 2 hours and are automatically refreshed
• Refresh tokens expire after 6 months
• Expired tokens are automatically purged

Data Retention

Profile and Metrics Data:

• Cached profile data refreshed every 24-48 hours
• Tweet metrics updated in real-time when checking submission performance
• Historical performance data retained for dashboard analytics while account is connected

After Disconnection:

• OAuth access tokens revoked on Twitter's servers immediately
• Encrypted tokens deleted from our database within 24 hours
• Cached profile data deleted within 7 days
• Historical tweet metrics retained for up to 90 days for payout verification, then anonymized
• Connection record marked inactive (not fully deleted for audit trail)

How to Revoke Access

You can revoke NextClip's access to your Twitter/X data at any time:

Option 1: Disconnect in NextClip (Recommended)

1. Log in to your NextClip account
2. Go to Profile Settings → Social Accounts
3. Click "Disconnect" next to your Twitter/X account
4. Confirm disconnection

Upon disconnection:

• Access token revoked on Twitter's servers
• Tokens deleted from NextClip database within 24 hours
• Cached data deleted within 7 days

Option 2: Revoke via Twitter/X Settings

1. Go to Twitter Apps Settings
2. Find "NextClip" in the list of connected apps
3. Click "Revoke access"

Upon revocation via Twitter, we will automatically detect the change and delete all Twitter data within 30 days.

Twitter/X Contact & Support

For questions specifically about Twitter/X data usage:

• Email: legal@nextclip.net with subject "Twitter API Data Inquiry"
• Twitter Privacy Policy: https://twitter.com/privacy
• Twitter Terms of Service: https://twitter.com/en/tos
• Twitter Developer Agreement: https://developer.twitter.com/en/developer-terms/agreement

---

10A.6 Other Social Media Platforms

TikTok: If you connect TikTok, we access the following data using TikTok's official API:

• Profile Information: Username, display name, TikTok ID (open_id), follower count, following count, total likes, video count, verification status
• Content Metrics: Video view counts, engagement metrics (likes, shares, comments)
• Account Statistics: Total videos posted, follower/following counts

Data usage, storage, and retention policies are consistent with YouTube, Instagram, and Twitter/X as described above. TikTok's Privacy Policy: https://www.tiktok.com/legal/privacy-policy

Note: Unlike Discord integration (Section 10A.4), these platforms are used solely for content verification and view tracking. We do NOT send your NextClip data to these platforms.

---

10A.7 Your Rights Regarding Social Media Data

You have the following rights:

1. Right to Disconnect: Revoke access at any time through Profile Settings
2. Right to Access: Request a copy of all social media data we've collected about you
3. Right to Deletion: Request deletion of all social media data (processed within 7-30 days)
4. Right to Correction: Correct inaccuracies in cached social media data (data refreshes automatically)
5. Right to Know: Request details about what data we access and how we use it

To exercise these rights: Email legal@nextclip.net with subject "Social Media Data Rights Request"

---

11. COMMUNICATIONS

11.1 Types of Communications

Transactional (Cannot Opt Out):

• Account creation confirmation
• Password reset emails
• Payment receipts
• Strike notifications
• Terms/policy updates
• Security alerts

Marketing (Can Opt Out):

• Product updates
• Promotional offers
• Newsletters
• Tips and best practices
• User surveys

11.2 Communication Preferences

Manage preferences in account settings or:

• Click "unsubscribe" in email footer
• Email support@nextclip.net with "Communication Preferences" in subject

11.3 SMS/Text Messages

If you provide a phone number and opt in to SMS:

• We may send transactional SMS
• Standard message and data rates apply
• Reply STOP to opt out

---

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

12.1 Applicability

This section applies to California residents under the California Consumer Privacy Act (CCPA).

12.2 Categories of Personal Information Collected

12.3 Sources of Personal Information

We collect information from:

• Directly from you (account creation, profile)
• Automatically (cookies, usage data)
• Third parties (Stripe, social media, analytics providers)

12.4 Purposes for Collection and Use

We use personal information for purposes described in Section 2 of this Privacy Policy.

12.5 Categories of Third Parties We Share With

We share personal information with:

• Service providers (Stripe, AWS, Supabase, analytics)
• Other users (limited public profile information)
• Legal authorities (when required by law)

12.6 Sale of Personal Information

We DO NOT sell your personal information.

We have not sold personal information in the past 12 months and do not plan to sell it in the future.

12.7 Your CCPA Rights

Right to Know: Request disclosure of:

• Categories of personal information collected
• Categories of sources
• Purposes for collection
• Categories of third parties we share with
• Specific pieces of personal information we hold about you

Right to Delete: Request deletion of your personal information (subject to exceptions).

Right to Opt-Out of Sale: Not applicable (we don't sell data).

Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

12.8 How to Exercise CCPA Rights

Email: legal@nextclip.net
Subject: "CCPA Request - [Type of Request]"

Include:

• Your full name
• Account email
• California residency confirmation
• Specific request

Response Time: 45 days (may extend 45 days with notice)

Verification: We will verify your identity before fulfilling requests.

12.9 Authorized Agents

You may designate an authorized agent to make CCPA requests on your behalf. The agent must provide:

• Written authorization from you
• Proof of their identity
• Proof of your California residency

---

13. EUROPEAN PRIVACY RIGHTS (GDPR)

13.1 Applicability

This section applies to individuals in the European Economic Area (EEA) and United Kingdom under the General Data Protection Regulation (GDPR) and UK GDPR.

13.2 Data Controller

NextClip LLC is the data controller for your personal data.

Contact: Email: legal@nextclip.net
Address: 7901 4th St N STE 300, St. Petersburg, FL 33702

13.3 Legal Bases for Processing

We process your personal data based on:

Contract Performance (Art. 6(1)(b) GDPR):

• Providing the Services you requested
• Processing payments
• Facilitating transactions

Legitimate Interests (Art. 6(1)(f) GDPR):

• Fraud prevention and platform security
• Improving the Services
• Marketing to existing users

Consent (Art. 6(1)(a) GDPR):

• Marketing communications (opt-in)
• Optional cookies and tracking
• Specific features requiring consent

Legal Obligations (Art. 6(1)(c) GDPR):

• Compliance with laws and regulations
• Tax reporting requirements
• Responding to legal requests

13.4 Your GDPR Rights

Right to Access (Art. 15): Request confirmation of what personal data we process and obtain a copy.

Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17) - "Right to be Forgotten": Request deletion of your data in certain circumstances.

Right to Restrict Processing (Art. 18): Request limitation of processing in certain circumstances.

Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.

Right to Object (Art. 21):

• Object to processing based on legitimate interests
• Object to direct marketing (always honored)

Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time (where processing is based on consent).

Right to Lodge a Complaint (Art. 77): File a complaint with your supervisory authority.

13.5 How to Exercise GDPR Rights

Email: legal@nextclip.net
Subject: "GDPR Request - [Type of Request]"

Include:

• Your full name
• Account email
• EU/UK residency confirmation
• Specific request

Response Time: 30 days (may extend 60 days for complex requests with notice)

13.6 Data Protection Authority Contact

EU Users: Find your country's supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

UK Users: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

13.7 Automated Decision-Making

We use automated processing for:

• Fraud detection and view manipulation detection
• Content quality verification
• Risk assessment

Your Rights:

• Request human review of automated decisions
• Receive explanation of logic involved
• Contest decisions affecting you significantly

13.8 International Data Transfers

As described in Section 7, your data is transferred to the United States. We implement Standard Contractual Clauses (SCCs) and additional safeguards.

SCCs Available: Full text of SCCs available upon request at: legal@nextclip.net

13.9 Data Retention

See Section 4 for retention periods. We retain data only as long as necessary for the purposes outlined in this Privacy Policy.

---

14. CHANGES TO THIS PRIVACY POLICY

14.1 Right to Modify

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Changes in applicable laws
• New features or services
• User feedback

14.2 Notification of Changes

Material Changes:

• Email notification to registered users
• Prominent notice on the Platform
• At least 30 days notice before taking effect

Non-Material Changes:

• Updated "Last Updated" date
• No specific notification required

14.3 Review Regularly

We encourage you to review this Privacy Policy periodically.

Current Version:

• Version: 1.0
• Last Updated: November 26, 2025
• Effective Date: November 26, 2025

---

15. CONTACT US

15.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

Email: legal@nextclip.net
Subject: "Privacy Inquiry"

15.2 Data Protection Officer (DPO)

If required under GDPR, our DPO contact information will be provided here. Currently, for all privacy matters, contact: legal@nextclip.net

15.3 Mailing Address

NextClip LLC
7901 4th St N STE 300
St. Petersburg, FL 33702
United States

15.4 General Support

For non-privacy related support:
Email: support@nextclip.net

---

Last Updated: November 26, 2025
Effective Date: November 26, 2025
Version: 1.0

---

APPENDIX: JURISDICTION-SPECIFIC INFORMATION

Canada (PIPEDA)

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Right to access personal information
• Right to correct inaccurate information
• Right to withdraw consent (subject to legal restrictions)

Canadian Users Contact: Same as above - legal@nextclip.net with subject "PIPEDA Request"

Australia (Privacy Act)

Australian users have rights under the Privacy Act 1988 and Australian Privacy Principles (APPs):

• Right to access personal information
• Right to correct personal information
• Right to complain to the Office of the Australian Information Commissioner (OAIC)

Australian Users Contact: Same as above - legal@nextclip.net with subject "Privacy Act Request"

OAIC Contact:
Website: https://www.oaic.gov.au
Phone: 1300 363 992

Other Jurisdictions

Users in other jurisdictions may have additional privacy rights under local laws. Nothing in this Privacy Policy limits rights that cannot be waived under applicable mandatory consumer protection or data protection laws.

To exercise rights under local laws, contact: legal@nextclip.net with subject "Privacy Request - [Your Country]"