Klipit
/

Privacy Policy

Effective date: May 28, 2026

1. Introduction

Klipit ("the Service"), operated at klipit.no and related tenant domains, is a community clip contest platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

2. Data we collect

From TikTok (with your authorization)

  • Your TikTok user ID (open_id)
  • Display name, username, and avatar URL
  • Your public video list including: video title, description, creation date, duration
  • Video metrics: view count, like count, comment count, share count

We only access public video data. We do not access private videos, direct messages, followers lists, or any non-public information. We never post content on your behalf or modify your TikTok account in any way.

From Discord (with your authorization)

  • Your Discord user ID
  • Username and avatar

We only request the "identify" scope from Discord. We do not access your messages, servers, friends list, or any other Discord data.

Payout details (optional)

  • Your PayPal payout email address, if you choose to provide it

3. How we use your data

  • To identify you on the platform and display your profile on the leaderboard
  • To periodically fetch your public video metrics for contest leaderboard calculations
  • To store historical snapshots of video view counts to calculate rankings
  • To display your TikTok username and avatar on the public leaderboard
  • To associate your TikTok and Discord identities for contest participation
  • To pay contest prizes to the PayPal email you provide

4. Data storage and security

  • Your TikTok access tokens and refresh tokens are encrypted using AES-256-GCM before being stored in our database. Plaintext tokens are never stored.
  • Data is stored in a PostgreSQL database hosted on infrastructure located in Europe.
  • Video metrics are stored as time-series snapshots (not overwritten), allowing us to calculate view growth over any period.
  • Your PayPal payout email is stored in the database and is only visible to administrators.
  • We use HTTPS for all communications.
  • Session cookies are httpOnly and signed with HMAC-SHA256.

5. Data sharing

We share the following data publicly on the leaderboard:

  • Your TikTok display name, username, and avatar
  • Your total video view count for the active contest period
  • Your leaderboard rank

Your PayPal payout email is not shown publicly. It may be shared with PayPal only when needed to process a contest payout.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

6. Third-party services

The Service integrates with the following third-party services:

  • TikTok API - to fetch your public video data (with your authorization)
  • Discord API - to verify your identity (with your authorization)
  • PayPal - to process contest payouts when you provide a PayPal payout email
  • Cloudflare - for DNS and CDN services
  • Rybbit - for privacy-friendly analytics, error tracking, and session replay when you consent

Each of these services has its own privacy policy that governs their handling of your data.

7. Cookies

The Service uses a single session cookie ("klipit_session") to maintain your authenticated session. This cookie is httpOnly (not accessible to JavaScript), signed to prevent tampering, and expires after 7 days. We do not use analytics cookies, tracking cookies, or third-party cookies. If you consent to analytics, we load Rybbit for analytics and session replay; form fields are masked in recordings.

8. Your rights

  • Right to access: You can view your stored data on your profile page.
  • Right to disconnect: You can revoke the Service's access to your TikTok account at any time through TikTok's settings. You can revoke Discord access through Discord's authorized apps settings.
  • Right to deletion: You can delete your account and all associated data from your profile page, or by emailing us at [email protected].

9. Data retention

We retain your data for as long as your account is active. Video metric snapshots are stored indefinitely to support historical leaderboard calculations. If you delete your account, all your personal data (profile information, tokens, and associated video records, including your PayPal payout email) is permanently removed.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at [email protected].