Privacy Policy

Introduction

EchoFort Technology ("NexClip", "we", "us", or "our"), a company registered in India (GSTIN: 33AMTPV8141Q1ZY), operates the NexClip platform (https://nexclip.app) and the NexClip mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including AI video generation, micro-task marketplace, and app promotion campaigns.

This policy is published in compliance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 of India, the General Data Protection Regulation (GDPR) for users in the European Economic Area, and the California Consumer Privacy Act (CCPA) for users in California, USA.

By accessing or using NexClip, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access the platform.

Information We Collect

1. Personal Information You Provide

• Phone number (required for account creation)
• Email address (for publishers during signup)
• Name (optional, for profile display)
• Payment information (processed securely via Razorpay; we do not store card details)
• UPI ID or bank account details (for worker withdrawal payouts)
• Two-factor authentication secret (encrypted, for 2FA security)
• Referral code usage (for credit rewards tracking)

2. Information Collected Automatically

• Device information (device type, OS version, browser type, screen resolution)
• IP address and approximate geolocation
• Device push token (for mobile push notifications via Expo)
• Usage data (pages visited, features used, session duration)
• Video generation data (topics, settings, output metadata)
• Task submission data (screenshots submitted for task verification)
• Error and crash reports (collected via Sentry for platform stability)
• Device fingerprint hash (for fraud prevention in micro-task system)

3. Information from Third Parties

• Twilio (OTP verification status)
• Razorpay (payment verification and order status)
• Google Play Store (app install verification for micro-tasks)

How We Use Your Information

• To create and manage your account
• To process payments and credit purchases
• To generate AI-powered videos based on your requests
• To facilitate micro-task creation, assignment, and verification
• To process worker payouts and withdrawals
• To verify task completion using AI-powered screenshot analysis
• To prevent fraud and ensure platform integrity
• To send transactional notifications (task approvals, withdrawals, video completion)
• To improve our services and develop new features
• To respond to support requests and inquiries
• To comply with legal obligations

AI Processing & Third-Party Services

NexClip uses artificial intelligence services to power core features:

• Anthropic (Claude AI) — Primary AI service for script generation, content enhancement, chat assistance, and intelligent features. Your video topics, prompts, and chat messages are processed by Anthropic's Claude models.
• OpenAI (GPT-4) — Fallback AI service for visual query generation and task verification via screenshot analysis. Your video topics and task screenshots may be sent to OpenAI when the primary service is unavailable.
• ElevenLabs / Google TTS — Voice synthesis for video narration. Script text is sent for audio generation.
• Pexels / Pixabay / YouTube — Stock video and image sourcing. Search queries (derived from your video topics) are sent to these services.
• Twilio — Phone number verification via OTP. Your phone number is shared with Twilio for SMS delivery.
• Razorpay — Payment processing (PCI-DSS Level 1 certified). Transaction details are shared with Razorpay for payment verification. We do not store card or UPI details on our servers.
• AWS (Amazon Web Services) — Cloud storage for generated videos and media files. Content is stored on S3 with server-side encryption in AWS data centres.
• Sentry — Error monitoring and performance tracking. Anonymous crash reports, error logs, and performance data are collected to improve platform stability.
• Google Analytics — Website usage analytics. Anonymized browsing data, page views, and session information are collected to understand platform usage patterns.
• Expo Push Notifications — Push notification delivery for the mobile app. Your device push token is stored to send notifications about video completion, task updates, and account activity.

Each third-party service has its own privacy policy. We encourage you to review their policies. Data may be transferred to and processed in countries outside India, including the United States, where these service providers operate. We ensure appropriate safeguards are in place for all cross-border data transfers in compliance with applicable data protection laws.

Data Security

• All data is transmitted over HTTPS (TLS 1.2+)
• Passwords are hashed using bcrypt with salt rounds
• JWT tokens are used for authentication with expiration via httpOnly cookies
• Optional Two-Factor Authentication (2FA) with TOTP-based authenticator apps
• Payment card data is never stored on our servers (handled by Razorpay PCI-DSS)
• Credit operations use database-level SERIALIZABLE transactions with pessimistic write locks
• Generated videos are stored on AWS S3 with server-side encryption
• Task submission screenshots are analyzed in real-time and not retained beyond verification

While we implement industry-standard security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Data Retention

• Account data: Retained as long as your account is active
• Generated videos: Stored on S3 until you delete them or your account is closed
• Transaction records: Retained for 7 years for tax and legal compliance
• Task submissions: Retained for 90 days after task completion for dispute resolution
• OTP sessions: Automatically expire after 10 minutes
• Analytics data: Aggregated and anonymized after 12 months

Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data for specific purposes
• Withdrawal: Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at privacy@nexclip.app or through the Support section in your dashboard.

Children's Privacy

NexClip is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us.

Lawful Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide our services (account creation, video generation, payment processing, task marketplace)
• Legitimate interests: Fraud prevention, platform security, service improvement, and analytics
• Consent: Push notifications, marketing communications, and optional analytics
• Legal obligation: Tax record retention, regulatory compliance, and responding to lawful requests

Fraud Prevention & Device Fingerprinting

To maintain platform integrity and prevent abuse in our micro-task marketplace, we collect:

• Device fingerprint: A hash of device attributes (screen size, OS, browser) to detect duplicate accounts and fraudulent submissions
• IP address analysis: Used to detect VPN/proxy usage and IP clustering patterns that may indicate fraudulent activity
• Submission patterns: Timing and frequency of task submissions to detect automated or rapid-fire abuse

This data is processed on the basis of legitimate interests (fraud prevention) and is essential to ensuring fair payouts and genuine task completions. Device fingerprint data is retained for the duration of your account and deleted upon account closure.

Cookies & Local Storage

NexClip uses the following client-side storage mechanisms:

• Authentication token: Stored in httpOnly cookies/localStorage to keep you logged in (essential)
• User preferences: Theme settings and display preferences (functional)
• Google Analytics cookies: _ga, _gid — to understand usage patterns (analytics, can be opted out)
• Sentry session: Error tracking session data (performance)

You can clear localStorage and cookies through your browser settings at any time. This will log you out of the platform. You may also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Account Deletion

You may request deletion of your account at any time through Settings or by contacting support@nexclip.app. Upon deletion:

• Your profile and personal data will be permanently deleted within 30 days
• Generated videos will be removed from our storage
• Any remaining credit balance will no longer be accessible (please use your credits before requesting deletion)
• Transaction records will be retained for legal compliance (anonymized)

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and DPDPA 2023. Notification will be provided via email (if available) or through an in-app notice. We will also notify the relevant supervisory authority as required by applicable law. The notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken to address and mitigate the breach.

Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, where our third-party service providers (Anthropic, OpenAI, AWS, Twilio, Sentry) operate. These countries may have different data protection laws than your jurisdiction.

We ensure appropriate safeguards are in place for all international data transfers, including Standard Contractual Clauses (SCCs) where required by GDPR, and compliance with the DPDPA 2023 provisions on cross-border data transfers. Data is only transferred to countries and service providers that maintain adequate security standards.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: You may request details about the categories and specific pieces of personal information we have collected about you
• Right to delete: You may request deletion of your personal information, subject to certain exceptions
• Right to opt-out: We do not sell your personal information to third parties. If this changes, we will provide an opt-out mechanism
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at privacy@nexclip.app. We will respond within 45 days.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of NexClip after changes constitutes acceptance of the updated policy. For significant changes, we will provide prominent notice (such as an in-app notification or email).

Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: