Privacy Policy

Last Updated: January 9, 2026

1. Introduction

Firma Flow (CVR: 42705063) ("we", "us", or "our") operates SimClipper ("the Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Email address and password when you create an account
  • Profile Information: Display name and other optional profile details
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • Communication Data: Information you provide when contacting our support team

2.2 Information Automatically Collected

When you use the Service, we automatically collect:

  • Usage Data: Information about your interactions with the Service, including videos generated, templates used, and feature usage
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed

2.3 Content You Generate

We store the videos you create using the Service. You retain full ownership of this content.

2.4 Google Account Data

If you choose to connect your Google account to enable YouTube integration, we request access to specific Google user data through OAuth 2.0 authentication. This connection is entirely optional and only occurs when you explicitly click "Connect Google Account" in your settings.

Data We Access from Google:

  • YouTube Channel Information: We access your YouTube channel ID and channel name to identify which channel you want to upload videos to. This uses the youtube.readonly scope.
  • YouTube Upload Permissions: We access the ability to upload videos on your behalf to your YouTube channel. This uses the youtube.upload scope.
  • OAuth Tokens: We store an access token and refresh token that allow us to perform these actions on your behalf without requiring you to re-authenticate each time.

Purpose of Google Data Access:

  • To enable you to upload videos directly from SimClipper to your YouTube channel
  • To schedule video uploads to YouTube at times you specify
  • To display your connected YouTube channel name in your account settings

Data We Do NOT Access:

  • We do NOT access your YouTube video analytics or view counts
  • We do NOT access your YouTube comments or community posts
  • We do NOT access your YouTube watch history or liked videos
  • We do NOT access other Google services (Gmail, Drive, Calendar, etc.)
  • We only request the minimum scopes necessary for video upload functionality

How We Use Google Data:

  • Google data is used ONLY to provide YouTube upload functionality
  • We do NOT sell your Google data to third parties
  • We do NOT use your Google data for advertising or profiling
  • We do NOT share your Google data with other users or external parties

Data Storage and Security:

  • OAuth access tokens and refresh tokens are encrypted and stored securely in our database
  • Only your account has access to your Google connection data
  • We use Row Level Security (RLS) policies to ensure tokens cannot be accessed by other users
  • Tokens are stored only as long as you keep your Google account connected

Disconnecting Your Google Account:

You can disconnect your Google account at any time by going to Settings → Integrations → Disconnect. When you disconnect:

  • We immediately delete all OAuth tokens (access token and refresh token) from our database
  • We delete your YouTube channel ID and channel name
  • We stop all scheduled uploads
  • You will need to reconnect if you want to use YouTube integration again

Google OAuth Verification:

SimClipper's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Authenticate your account and prevent fraud
  • Store and manage your generated videos
  • Enable third-party integrations you choose to use
  • Respond to your comments, questions, and support requests
  • Send you technical notices, security alerts, and administrative messages
  • Monitor and analyze trends, usage, and activities in connection with the Service
  • Detect, prevent, and address technical issues and security vulnerabilities
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the specific information and context:

  • Contract: Processing is necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: We have a legitimate interest in operating and improving the Service, preventing fraud, and ensuring security
  • Consent: Where required, we obtain your consent before processing your information
  • Legal Obligation: We may process your information to comply with legal requirements

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Supabase: Database and authentication services for storing your account information, videos, and OAuth tokens
  • Stripe: Payment processing for subscription management (Stripe does not receive access to your Google data)
  • Google/YouTube: Video upload integration only when you explicitly connect your Google account. We use Google's OAuth 2.0 to authenticate and upload videos to your YouTube channel on your behalf

These service providers are contractually required to protect your information and use it only for the purposes we specify.

Important: Your Google data is not shared with any service provider other than Google itself. OAuth tokens remain securely stored in our database and are only transmitted directly to Google's APIs when performing actions you request (such as uploading a video).

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

We use only essential cookies necessary for authentication and the basic operation of the Service. We do not use cookies for tracking, analytics, or advertising purposes.

Essential cookies include session tokens that allow you to stay logged in and access your account securely.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service.

Account Data: When you delete your account, we immediately delete all of your personal information and content from our systems. We do not retain any data after account deletion, except as required by law or to comply with legal obligations.

Google OAuth Data: When you disconnect your Google account or delete your SimClipper account:

  • All OAuth tokens (access tokens and refresh tokens) are immediately and permanently deleted
  • Your YouTube channel information (channel ID and name) is immediately deleted
  • All scheduled upload information is removed
  • No Google-related data is retained after disconnection

Video Content: Videos you generate through SimClipper are retained until you manually delete them or delete your account.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication mechanisms
  • Row Level Security (RLS) policies in our database

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Your Rights and Data Deletion

If you are located in the EEA, you have the following rights regarding your personal information:

  • Right of Access: You can request a copy of the personal information we hold about you
  • Right to Rectification: You can request that we correct inaccurate or incomplete information
  • Right to Erasure: You can request that we delete your personal information (you can do this by deleting your account)
  • Right to Restrict Processing: You can request that we limit how we use your information
  • Right to Data Portability: You can request a copy of your information in a machine-readable format
  • Right to Object: You can object to our processing of your information
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time

How to Delete Your Data

You have full control over your data and can delete it at any time:

  • Disconnect Google Account: Go to Settings → Integrations → Disconnect. This immediately deletes all Google OAuth tokens and channel information.
  • Delete Generated Videos: You can delete individual videos from your account at any time.
  • Delete Your Account: Contact us at mikkelschrroederr@gmail.com to request full account deletion. We will delete all your personal data, including account information, videos, and any connected integrations within 7 days.

Exercising Your Rights

To exercise any of these rights, please contact us at mikkelschrroederr@gmail.com with:

  • Your account email address
  • A description of the data you want to access, correct, or delete
  • Any additional information that will help us process your request

We will respond to your request within 30 days. For Google data deletion, disconnecting your account in Settings provides immediate deletion.

You also have the right to lodge a complaint with a data protection authority in your country.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information from the EEA to other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will delete that information immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with a new "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of every website you visit.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Data Controller: Firma Flow (CVR: 42705063)

Email: mikkelschrroederr@gmail.com

Location: Denmark

15. Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you can contact our Data Protection Officer at: mikkelschrroederr@gmail.com

← Back to Home