Privacy Policy

Last Updated: December 31, 2025

1. Introduction

Firma Flow (CVR: 42705063) ("we", "us", or "our") operates SimClipper ("the Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Email address and password when you create an account
  • Profile Information: Display name and other optional profile details
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • Communication Data: Information you provide when contacting our support team

2.2 Information Automatically Collected

When you use the Service, we automatically collect:

  • Usage Data: Information about your interactions with the Service, including videos generated, templates used, and feature usage
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed

2.3 Content You Generate

We store the videos you create using the Service. You retain full ownership of this content.

2.4 Third-Party Integration Data

If you connect third-party services (such as YouTube) to your account, we collect authentication tokens and information necessary to provide the integration functionality. We do not access more data than necessary for the specific features you enable.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Authenticate your account and prevent fraud
  • Store and manage your generated videos
  • Enable third-party integrations you choose to use
  • Respond to your comments, questions, and support requests
  • Send you technical notices, security alerts, and administrative messages
  • Monitor and analyze trends, usage, and activities in connection with the Service
  • Detect, prevent, and address technical issues and security vulnerabilities
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the specific information and context:

  • Contract: Processing is necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: We have a legitimate interest in operating and improving the Service, preventing fraud, and ensuring security
  • Consent: Where required, we obtain your consent before processing your information
  • Legal Obligation: We may process your information to comply with legal requirements

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Supabase: Database and authentication services
  • Stripe: Payment processing
  • YouTube: Video upload integration (only when you enable this feature)

These service providers are contractually required to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

We use only essential cookies necessary for authentication and the basic operation of the Service. We do not use cookies for tracking, analytics, or advertising purposes.

Essential cookies include session tokens that allow you to stay logged in and access your account securely.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service.

When you delete your account, we immediately delete all of your personal information and content from our systems. We do not retain any data after account deletion, except as required by law or to comply with legal obligations.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication mechanisms
  • Row Level Security (RLS) policies in our database

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Your Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your personal information:

  • Right of Access: You can request a copy of the personal information we hold about you
  • Right to Rectification: You can request that we correct inaccurate or incomplete information
  • Right to Erasure: You can request that we delete your personal information (you can do this by deleting your account)
  • Right to Restrict Processing: You can request that we limit how we use your information
  • Right to Data Portability: You can request a copy of your information in a machine-readable format
  • Right to Object: You can object to our processing of your information
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time

To exercise these rights, please contact us at mikkelschrroederr@gmail.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a data protection authority in your country.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information from the EEA to other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will delete that information immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with a new "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of every website you visit.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Data Controller: Firma Flow (CVR: 42705063)

Email: mikkelschrroederr@gmail.com

Location: Denmark

15. Data Protection Officer

For questions specifically related to data protection and GDPR compliance, you can contact our Data Protection Officer at: mikkelschrroederr@gmail.com

← Back to Home