Privacy Policy
Last revised: April 30, 2026
Nullge (hereinafter "Company") establishes and discloses the following Privacy Policy in accordance with the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and other relevant laws and regulations, in order to protect the personal information of users processed in connection with the provision of the ClipIt service (hereinafter "Service").
Article 1 (Purposes of Processing Personal Information)
The Company processes personal information for the following purposes only and does not use it for any other purpose. If the purpose of use changes, the Company will take necessary measures, including obtaining separate consent, in accordance with Article 18 of the Personal Information Protection Act.
- Member registration, user identification, record retention for dispute resolution, prevention of unauthorized use, and processing of membership withdrawal
- Restriction of use for members who violate applicable laws or the Service Terms of Use, and prevention and sanction of fraudulent activities
- Member protection and service operation, including handling of customer inquiries
- Provision and improvement of the Service and development of new services
- Payment processing, invoice issuance, and fee collection arising from paid service provision
- Analysis of service usage frequency and access, and preparation of service usage statistics
- Delivery of notices such as introduction of new information and revision of Terms of Use
Article 2 (Categories of Personal Information Collected and Methods of Collection)
1. Categories of Information Collected
Member Registration and Authentication
- Required: email address, display name (nickname), authentication identifier (OAuth account ID)
- Optional: profile image
Paid Service Use and Payment
- Payment information: processed through the payment service provider (Paddle); the Company retains only transaction receipt information (transaction ID, payment date, amount, masked payment method). Original payment method details such as credit card numbers are not retained by the Company.
Information Automatically Collected During Service Use
- IP address, cookies, access date and time, service usage records (creation job history, processed video metadata, etc.)
- YouTube URLs entered or original video files uploaded by users are processed temporarily for clip generation and are automatically deleted according to Company policy upon completion of processing.
2. Methods of Collection
- Direct input by users during service registration and use
- Receipt from OAuth partners (e.g., Google) within the scope of user consent
- Automatic generation and collection during service use
Article 3 (Retention and Use Period of Personal Information)
- The Company processes and retains personal information within the retention and use period prescribed by applicable law or agreed upon by the data subject.
- Members' personal information is, in principle, destroyed without delay upon membership withdrawal or deletion request. However, to prevent recurrence of fraudulent use and for dispute resolution, member information is retained for six months from the date of contract termination.
- Generated clips and temporary video files are automatically deleted according to the following standards.
- Temporary video files during processing: immediately upon completion of processing
- Downloadable clips (original bake output): 3 days after generation
- The Company retains the following personal information separately from other personal information for the periods specified below.
- Where an investigation or inquiry under applicable law is in progress: until the conclusion of such investigation or inquiry
- Transaction records under the Act on Consumer Protection in Electronic Commerce
- Records concerning advertising and display: 6 months
- Records concerning contracts or withdrawal of offers: 5 years
- Records concerning payment and supply of goods: 5 years
- Records concerning consumer complaints or dispute resolution: 3 years
- Website visit records under the Protection of Communications Secrets Act: 3 months
Article 4 (Provision of Personal Information to Third Parties)
The Company processes users' personal information only within the scope specified in Article 1 of this Policy and may provide personal information to third parties only in the following circumstances.
- Where prior consent has been obtained from the user
- Where necessary for fee settlement arising from service provision
- Where provided in a form that cannot identify specific individuals, for purposes of statistical compilation, academic research, or market research
- Where required by special provisions of law or unavoidable for compliance with statutory obligations
Article 5 (Consignment of Personal Information Processing)
The Company has entrusted the processing of personal information as set out below for smooth service provision, and supervises the safe processing of personal information related to entrusted tasks.
| Trustee | Entrusted Task | Country | Retention Period |
|---|
| Supabase Inc. | Member authentication, database operation, file storage | United States | Until membership withdrawal |
| Google LLC | Video processing infrastructure (cloud computing/storage) and OAuth login | United States | Until membership withdrawal (video processing data automatically deleted upon completion) |
| Paddle.com Market Ltd. | Paid service payment processing and billing | United Kingdom | Retention period under the Act on Consumer Protection in Electronic Commerce |
| Vercel Inc. | Web hosting and access log management | United States | Until membership withdrawal (access logs: 90 days) |
Some services provided by the above trustees are provided from overseas servers in the United States, United Kingdom, and other countries. The Company endeavors to ensure that users' personal information is securely protected even when processed overseas, in accordance with Article 28-2 of the Personal Information Protection Act.
Article 6 (Rights and Obligations of Users)
1. Rights of Users
- Users may at any time access or modify their registered personal information, and may refuse or withdraw consent to the Company's processing of personal information, or request membership withdrawal. However, in such cases, use of some or all of the Service may be restricted.
- Access to and modification of personal information is available directly through the settings page within the Service; for other matters, please contact the Privacy Officer by written letter or email and the Company will act without delay.
- Where a user requests correction of an error in personal information, the Company will not use or provide such personal information until the correction is completed.
- Rights may also be exercised through a legal representative or an authorized agent of the data subject. In such case, a power of attorney in accordance with Form 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
2. Obligations of Users
- Users must keep their personal information accurate and up to date to prevent unforeseen incidents. Responsibility for incidents caused by inaccurate information entered by the user lies with the user.
- Users are obligated to manage their passwords and accounts securely and not to infringe upon others' information.
Article 7 (Procedures and Methods for Destruction of Personal Information)
- The Company destroys personal information without delay when it becomes unnecessary, such as upon expiry of the retention period or achievement of the processing purpose.
- Destruction Procedure: Information entered by users for membership registration is transferred to a separate database after the purpose is achieved, stored for a certain period in accordance with internal policy and applicable law, and then destroyed.
- Destruction Method: Electronic file information is deleted using technical methods that prevent record reproduction; information printed on paper documents is shredded or incinerated.
Article 8 (Non-Use for AI Training)
- The Company does not use any content entered by users into the Service—including original videos, generated clips, or auto-generated subtitles—for training its own artificial intelligence (AI) models.
- For external AI service providers to whom processing is entrusted (e.g., speech recognition, natural language processing), the Company uses APIs with policies that prohibit use as training data.
Article 9 (Use of Cookies)
1. Purposes of Cookie Use
- Maintaining authentication sessions (essential)
- Saving user preferences (language, theme, etc.)
- Service usage statistics and improvement
2. Installation, Operation, and Refusal of Cookies
Users have the right to choose whether to allow cookies, and may determine cookie acceptance or delete existing cookies through their web browser settings. However, refusing to store essential cookies required for authentication may restrict use of the Service.
3. Cookie Settings
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Safari: Preferences → Privacy → Cookies and Website Data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Article 10 (Measures to Ensure Security of Personal Information)
1. Administrative Measures
- The Company establishes and implements an internal management plan for safe processing of personal information.
- The Company restricts access rights to users' personal information to the minimum number of personnel.
2. Technical Measures
- Users' personal information is protected by passwords, and important data is transmitted via encrypted communication (HTTPS).
- The Company operates a threat detection system against external intrusions and regularly performs security patches and vulnerability assessments.
Article 11 (Privacy Officer)
The Company designates a Privacy Officer as set out below to take overall responsibility for personal information processing and to handle data subjects' complaints and provide remedies related to personal information processing.
- Name: Sungeun Cho
- Position: Representative
- Email: support@clipit.studio
For reporting or consultation regarding other personal information infringement, please contact the following agencies.
- Personal Information Infringement Report Center (kisa.or.kr / 118 without area code)
- Personal Information Dispute Mediation Committee (kopico.go.kr / 1833-6972)
- Supreme Prosecutors' Office Cyber Crime Investigation Unit (spo.go.kr / 1301 without area code)
- National Police Agency Cyber Investigation Bureau (cyberbureau.police.go.kr / 182 without area code)
Article 12 (External Links and Exceptions to Application of Privacy Policy)
The Company may provide links to external sites or materials. In such cases, the Company has no control over such external sites or materials, bears no responsibility for personal information collection activities thereon, and this Privacy Policy does not apply.
Article 13 (Amendments to Privacy Policy)
When adding, deleting, or modifying this Privacy Policy, the Company will provide notice through the Service screen starting 7 days before the effective date. However, where there is a significant change to users' rights or obligations, notice will be provided starting 30 days before the effective date.