GDPR Compliance
Your rights under the General Data Protection Regulation
Introduction
Our commitment
The General Data Protection Regulation (GDPR) is EU law that strengthens privacy rights and sets rules for how organizations handle personal data. Clipora is committed to processing personal data lawfully, fairly, and transparently, and to helping you exercise the rights GDPR provides. This page summarizes how we approach GDPR; our Privacy Policy contains fuller detail on what we collect and why.
Legal basis for processing
Why we process personal data
Under GDPR, we must have a valid legal basis for each processing purpose. The main bases we rely on are summarized below.
Contract
We process personal data when it is necessary to perform our agreement with you—for example, to provide Clipora, authenticate your account, and deliver the features you subscribe to.
Consent
Where we rely on consent—for example, certain marketing communications or optional analytics—you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Legitimate interest
We may process data for our legitimate interests when balanced against your rights, such as improving security, preventing abuse, and understanding aggregate product usage in a privacy-respecting way.
Legal obligation
We process data when required to comply with applicable law, including responding to lawful requests from public authorities where permitted.
Your GDPR rights
What you can ask for
If you are in the European Economic Area, the UK, or another jurisdiction that recognizes these rights, you may exercise the following, subject to conditions and exceptions in applicable law.
Right of access
You can ask for confirmation of whether we process your personal data and receive a copy of the information we hold about you, subject to legal exceptions.
How to exercise: Email team@clipora.app from the address associated with your account and specify that you are making an access request.
Right to rectification
You can ask us to correct inaccurate personal data or complete incomplete data that relates to you.
How to exercise: Update profile or billing details in-app where available, or email team@clipora.app with the corrections you need.
Right to erasure
In certain circumstances you can request deletion of your personal data (the “right to be forgotten”), for example when data is no longer needed or you withdraw consent where that was the sole basis.
How to exercise: Contact team@clipora.app or use our account deletion flow if offered; we will confirm identity and applicable exceptions.
Right to restrict processing
You may ask us to limit how we use your data in specific situations, such as while we verify accuracy or the lawfulness of processing.
How to exercise: Send a written request to team@clipora.app describing the restriction you seek and the reason.
Right to data portability
Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
How to exercise: Email team@clipora.app asking for a portable export; we will respond within our standard timelines.
Right to object
You can object to processing based on legitimate interests or for direct marketing. We will stop unless we demonstrate compelling legitimate grounds or the processing is for legal claims.
How to exercise: Reply to any marketing email with “unsubscribe” or write to team@clipora.app to object to other processing.
Rights related to automated decision-making
You have safeguards where decisions with legal or similarly significant effects are based solely on automated processing, including the right to human review where applicable.
How to exercise: If you believe an automated decision affects you, contact team@clipora.app and we will explain the logic and your options.
How to exercise your rights
Contact and timelines
To submit any GDPR-related request, email team@clipora.app. We aim to respond within one month (approximately 30 days) as required by GDPR in many cases, and will let you know if we need more time or information. Please include: your full name, the email address associated with your Clipora account, a clear description of your request, and any relevant identifiers (such as workspace or project names) so we can locate your data. We may ask for reasonable identity verification before fulfilling certain requests.
International data transfers
When data leaves the EEA
If we transfer personal data from the European Economic Area, the UK, or Switzerland to countries that are not subject to an adequacy decision, we use appropriate safeguards such as the EU Commission's Standard Contractual Clauses (SCCs) or equivalent UK/Swiss mechanisms, together with supplementary measures where appropriate. We also apply technical and organizational measures—including encryption in transit, access controls, and vendor diligence—to protect data regardless of location.
Filing complaints
We want to help first
If you have concerns about how we handle personal data, please contact us at team@clipora.app so we can investigate and respond. You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.
Updates
Changes to this information
We may update this GDPR page or our Privacy Policy to reflect product, legal, or regulatory changes. When we make material updates, we will communicate them through reasonable means—such as posting the revised page, in-app notices, or email where appropriate and where we have your contact details.