Privacy Policy

Effective June 2026

ClipForge is operated by Bulsu Labs ("we", "us"). This policy explains exactly what we collect, why we collect it, who can see it, and what we never do. We wrote this in plain English on purpose. If anything is unclear, write to info@bulsulabs.com and we will explain.

What we collect

  • Account — your email address (used to sign in and to send transactional emails), an opaque user ID assigned by our auth provider, and an optional display name.
  • Source media — the YouTube or TikTok URLs you paste, or videos you upload directly. We store the source temporarily so the render pipeline can process it, and we store the rendered clips so you can re-download them from the app.
  • Usage data — your credit balance, plan tier, render job history, error logs, and crash diagnostics. We use this only to keep the service running and to troubleshoot when something goes wrong.
  • Device data — APNs push token (only if you grant notification permission), iOS version, and locale. This is used to deliver "your clips are ready" notifications.
  • Purchase history — which products you purchased via Apple In-App Purchase, tracked through Apple's subscription system and RevenueCat. We do not see your credit card.

What we never do

  • We never sell your data. There is no broker, no marketplace, no third-party data partner. ClipForge has zero advertising revenue.
  • We never use your uploaded videos to train AI models. Your content is yours.
  • We never read your camera roll, contacts, photo metadata, location, or messages. We do not request those permissions.
  • We never track you across other apps or websites. We do not use the IDFA.

How we use your data

  • To run the clip pipeline: download → transcribe → score → render → store.
  • To deliver subscription benefits and update your credit balance.
  • To send push notifications about jobs you started (only if you opted in).
  • To respond when you contact us at info@bulsulabs.com.
  • To detect abuse and fraud (e.g. someone trying to re-use a refunded purchase).

Face data

ClipForge includes one optional feature — Face Swap — that processes face data. This section explains exactly how it works, because face data is sensitive and we treat it that way.

  • What we collect. Face data is collected only when you tap "Face swap" and pick a portrait photo from your library. The photo is a still image you choose; we do not scan, capture, or access your camera or photo library in the background, and we never collect face data automatically.
  • How we use it. The photo is used for one purpose only: to render the face-swapped version of your own clip that you requested. We do not create a faceprint or biometric template, do not use it to identify or recognise any person, do not match it against any other image or database, do not use it for advertising or analytics, and do not use it to train any AI model.
  • Retention — we do not retain your face data. ClipForge does not retain your face data. The uploaded photo is deleted from our storage automatically as soon as the swap is generated — typically within a few minutes — and we do not keep it afterward. We never create or store a faceprint, biometric template, or any data derived from your face. If a swap never completes, the image is deleted when you delete your account (Settings → Account → Delete Account) or sooner on request to info@bulsulabs.com.
  • Where it is temporarily stored. During the few minutes it takes to render, the photo is held encrypted at rest in our Supabase object storage (EU region), protected by row-level security keyed to your account so no other user can access it. The resulting swapped video is treated like any other rendered clip.
  • Third parties we share face data with. We share your face photo with exactly one third party: FAL.ai (fal.ai), an AI model-hosting provider. We share face data with no one else, and we never sell it.
  • Why we share it. Solely so that FAL.ai can run the face-swap model and generate the video you requested. FAL.ai cannot perform the swap without the image; we share it for this single purpose and no other.
  • Does FAL.ai store face data? FAL.ai receives the image through a temporary signed link that expires after one hour (we do not upload it to FAL.ai's storage ourselves). To operate, debug and secure its service, FAL.ai may temporarily retain request inputs — including the image — for up to 30 days, after which they are deleted; FAL.ai uses the image only to process the requested job and for no other purpose. FAL.ai's data practices are described in its Privacy Policy and Terms of Service.
  • Your responsibility. The first time you use Face Swap you confirm that the face is your own or that you have explicit consent from the person pictured. Using Face Swap to impersonate, harass, defame, or deceive is prohibited and may result in account suspension.

Sub-processors

We rely on a small set of trusted vendors. Each only sees the data they need to do their job, and each is bound by a data-processing agreement compatible with GDPR.

  • Supabase (EU region) — Postgres database, object storage, authentication.
  • OpenAI — Whisper for speech-to-text and GPT-4o-mini for moment scoring. OpenAI's API policy excludes input/output from training by default.
  • FAL.ai — face-swap and lipsync models, used only when you start a face-swap or avatar job.
  • RevenueCat — subscription state, entitlement, and webhook handling.
  • Apple — App Store sign-in (if used), App Store In-App Purchase, and APNs.
  • Sentry — crash and error reporting (no PII, IPs are anonymized).
  • Coolify-managed VPS in Europe — application hosting and render workers.

Data retention

  • Source videos are deleted within 24 hours of the render finishing.
  • Uploaded face photos (Face Swap) are deleted automatically as soon as the swap is generated — see Face data above.
  • Rendered clips are kept while your account is active so you can re-download them.
  • Account data (email, profile, purchase history) is kept until you delete the account.
  • Crash/error logs are kept for 90 days then purged.

Your rights

You can export your account data or delete your account at any time from Settings → Account → Delete Account, or by emailing info@bulsulabs.com. Deletion is permanent and cascades across every service listed above; we will confirm by email within 7 days.

EU/UK residents have the additional rights described in GDPR Articles 15–22 (access, rectification, erasure, restriction, portability, objection). We honour these globally, regardless of where you live.

Children

ClipForge is rated 4+ on the App Store but is not designed for children under 13 and is not directed to them. We do not knowingly collect data from anyone under 13; if you believe a child has signed up, write to info@bulsulabs.com and we will remove the account.

Security

All traffic is TLS 1.2+. Database access requires service-role credentials kept in environment-variable secrets. Storage objects are protected by row-level security keyed to the user's UUID. OAuth tokens for social-publishing integrations are encrypted at rest with AES-256-GCM. We do not store credit-card numbers — payments are handled by Apple.

Changes to this policy

If we materially change what we collect or who has access to it, we will notify you in-app before the change takes effect. Minor wording fixes will not trigger a notice.

Contact

Bulsu Labs · ClipForge
info@bulsulabs.com
bulsulabs.com