Clipster

Privacy Policy

Last updated: May 7, 2026

1. Who we are

This privacy policy explains how Clipster (“we”, “us”, “our”) handles personal data. The service is operated by Hugo S., a micro-entrepreneur (sole proprietor) registered in France.

For any privacy-related question or request, you can reach us at contact@clipster-app.com.

We are the data controller for the personal data described below.

2. The data we collect

We deliberately collect as little as possible. Concretely:

Account data

  • Email address (when you sign in with a magic-link one-time code)
  • Apple user identifier (when you sign in with Apple — including the relay email Apple may provide)
  • The dates of your account creation and your last sign-in

Sync data (only if you enable sync)

  • A device identifier we generate for each of your devices
  • Encrypted clipboard items: every item is encrypted on your device using AES-256-GCM with a key derived from your encryption password (PBKDF2 / Argon2id). Our servers store only the encrypted bytes, plus minimal metadata such as item type, size and timestamps that we need to deliver your data back to your other devices.
  • The encrypted images, files and large text payloads associated with those items, stored as opaque blobs.

Subscription and payment data (when paid plans are available)

  • Subscription tier and status
  • For web purchases, payment is handled by Stripe. Stripe collects your payment details directly — we never see your card number. We receive a customer identifier and the metadata required for invoicing (country, billing email, last four digits of the card).
  • For purchases made inside the iOS app, billing is handled entirely by Apple under your App Store account. We receive only the receipt confirmation.

Technical data

  • Server logs: IP address, request timestamps, user agent, and HTTP-level information necessary to operate, secure and debug the service. These are kept short-term (see retention).
  • A language preference cookie (i18n_redirected) on this website.

What we do not collect

  • The plaintext content of your clipboard. Your clipboard is encrypted on your device before it ever reaches our servers, and we do not have your encryption password.
  • Your encryption password or any key derived from it.
  • Browsing history, screenshots, keystrokes, or any clipboard content that you have not chosen to sync.
  • We do not run third-party analytics or advertising trackers on this website or in the apps.

3. How we use your data and on what legal basis

We process your personal data only for the purposes listed below, each with a clearly identified legal basis under the GDPR.

Creating and authenticating your account
Performance of a contract — Art. 6(1)(b) GDPR
Synchronising your encrypted clipboard between your devices
Performance of a contract
Processing payments and managing subscriptions
Performance of a contract
Sending essential transactional emails (sign-in codes, account, billing)
Performance of a contract
Keeping the service secure, detecting abuse, debugging
Legitimate interest — Art. 6(1)(f) GDPR — keeping the service safe and reliable
Complying with our legal and tax obligations
Legal obligation — Art. 6(1)(c) GDPR

We do not sell your data, we do not use it for advertising, and we do not profile you.

4. End-to-end encryption

Clipster is designed as a zero-knowledge service. The contents of your clipboard items are encrypted on your device with a key derived from your encryption password. Our servers receive only ciphertext.

Important. If you forget your encryption password, we cannot recover your encrypted data. No backup, no support request, and no court order can restore access — because we never had it. Please keep your password somewhere safe.

5. Sub-processors and international transfers

We rely on a small number of carefully chosen service providers (“sub-processors”) to operate the service:

ProviderPurposeLocation
Supabase Authentication and account database EU / US
Cloudflare Application hosting (Workers), metadata database (D1), encrypted blob storage (R2) Global edge network
Apple “Sign in with Apple” and App Store billing US
Stripe Payment processing for web purchases US

Some of these providers are based in the United States or operate global networks. When personal data is transferred outside the European Economic Area, we rely on the appropriate safeguards under Chapter V of the GDPR — typically the European Commission's Standard Contractual Clauses, complemented by the technical safeguards described above (in particular, end-to-end encryption of clipboard content).

6. Retention

  • Account data: kept for as long as your account exists. When you delete your account, we delete it within 30 days, except for records we are legally required to retain (for example, invoices — typically 10 years under French commercial law).
  • Encrypted clipboard items: kept for as long as your account is active. Items you delete from the app are removed from our servers within a short delay. When you delete your account, all your encrypted blobs and metadata are deleted within 30 days.
  • Server logs: kept for up to 90 days for security and debugging, then deleted or aggregated.
  • Backups: encrypted backups may persist for up to 35 days after deletion before being overwritten.

7. Your rights

Under the GDPR and the French Data Protection Act (Loi Informatique et Libertés), you have the right to:

  • access your personal data;
  • rectify inaccurate data;
  • erase your data (“right to be forgotten”);
  • restrict or object to certain processing;
  • portability — receive your data in a machine-readable format;
  • withdraw consent at any time, where processing is based on consent;
  • define directives about what happens to your data after your death.

To exercise any of these rights, write to contact@clipster-app.com. We will reply within one month.

If you believe we are not handling your data lawfully, you can also lodge a complaint with the CNIL (Commission nationale de l'informatique et des libertés), the French data protection authority — www.cnil.fr.

8. Cookies and similar technologies

The Clipster website uses the strict minimum:

  • A language preference cookie (i18n_redirected) so your chosen language sticks across visits.
  • Authentication cookies inside the admin area (not used for regular users).

We do not use third-party analytics, advertising, or tracking cookies. No consent banner is required for the strictly necessary cookies above, in line with CNIL guidance.

9. Children's privacy

Clipster is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you believe your child has created an account, please contact us so we can delete it.

10. Security

We protect your data using a combination of technical and organisational measures, including:

  • End-to-end encryption of clipboard content (AES-256-GCM)
  • Encryption in transit (TLS 1.2+) for all communications with our servers
  • Strict access controls on production systems
  • Multi-factor authentication for administrative access
  • Regular software updates and security patches

No system is perfectly secure, but these measures aim to make compromise of useful data extremely unlikely.

11. Changes to this policy

We may update this policy from time to time — for example, to reflect changes in the service, in our sub-processors, or in applicable law. When we make a material change, we will update the “Last updated” date at the top and, where appropriate, notify you in the app or by email.

12. Contact

For any question about this policy or about the way we handle your data:

Hugo S. — micro-entrepreneur

Email: contact@clipster-app.com