Privacy Policy

Last updated: May 15, 2026

KudoClip, Inc. (“KudoClip”) takes privacy seriously. This policy explains what personal data we collect when you (a) sign up for and use the KudoClip dashboard, or (b) submit a testimonial through a KudoClip-powered QR code; how we use that data; and the rights you have over it.

1. Two kinds of people, two kinds of data

If you operate a business that uses KudoClip:

  • Account info: business name, business vertical (optional), email, hashed password.
  • Subscription info: plan, billing status, Stripe customer ID. (We don't store card details; Stripe does.)
  • Usage info: campaigns, uploads collected, downloads taken, dashboard activity.
  • Communications: support emails, in-product notifications you've received or dismissed.

If you submitted a testimonial via a KudoClip QR code:

  • The video or photo you recorded.
  • If you provided them: your name and email/phone (optional, used to send you confirmation or thank-you notes from the business).
  • Technical metadata: file type, duration, recording quality.
  • AI-derived data: transcription text, sentiment scores, content summary, quality keywords.
  • Your consent record: the text you agreed to (versioned), when you accepted it, and which business you submitted to.

2. Biometric information

Customer testimonials are video and photo content of identifiable people. Where state law (such as the Illinois Biometric Information Privacy Act “BIPA” or the Texas Capture or Use of Biometric Identifier law “CUBI”) treats facial or voice data captured in this kind of content as biometric information, we treat that data the same way:

  • Notice + consent: the customer is shown a versioned consent statement at submission time and must explicitly agree before the upload is accepted.
  • Limited retention: we keep the original recording for as long as the business's account is active. On account deletion, blobs are removed from storage.
  • No sale, no transfer for marketing: we do not sell biometric data and do not transfer it to unaffiliated third parties for marketing.
  • Sub-processors only: AI analysis transmits the recording to the AI providers listed on our sub-processors page solely to return a score and summary.

3. How we use this data

  • To provide and improve the Service.
  • To process payments via Stripe.
  • To send transactional email (verification, password reset, payment receipts and failures, weekly digest, activation series, quota warnings, account deletion). You can opt out of non-transactional categories in your account settings.
  • To compute aggregated analytics and prevent abuse.
  • To respond to your support requests.

We do not sell your personal information. We do not use customer testimonial content to train AI models that benefit other customers.

4. Sub-processors

We use the third-party services listed at kudoclip.com/legal/sub-processors to operate the Service. Each sub-processor is bound by its own privacy policy and a contractual obligation to protect your data.

5. Cookies and analytics

We use essential cookies (sign-in session, cross-site request forgery protection) and — with your consent — analytics cookies (PostHog for product analytics, Google Analytics + Meta Pixel for marketing attribution). See our Cookie Policy for the full breakdown.

6. Retention

  • Active business accounts: indefinite for as long as the account exists.
  • Canceled accounts: data is preserved until the business deletes the account or 30 days after subscription end, whichever is later.
  • Customer testimonial content: lifetime of the business's account, unless the business deletes a specific upload.
  • Rate-limit and idempotency records: 30 days.
  • Email logs (via Resend): per Resend's retention defaults (~30 days for engagement events).

7. Your rights

Depending on where you live (GDPR for EU/UK, CCPA/CPRA for California, similar laws elsewhere), you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Object to or restrict certain processing.
  • Receive a portable copy of your data.
  • Opt out of the sale or sharing of your data (which we don't do anyway).

Most of these are exercisable directly:

  • Business owners: Account settings → edit/delete.
  • Testimonial submitters: contact the business you submitted to (they own the editorial decision). If they can't resolve it, email us at legal@kudoclip.com and we'll help.

8. Children

KudoClip is not directed at children under 18. Our consent flow requires submitters to confirm they are 18 or older. If you believe we have inadvertently collected data from a minor, contact legal@kudoclip.com and we'll delete it promptly.

9. Security

Account passwords are stored as bcrypt hashes (cost factor 12). All traffic is encrypted in transit (TLS 1.2+). Storage volumes are encrypted at rest by our cloud providers (Neon for the database, Microsoft Azure Blob Storage for media). We use rate limiting, webhook signature verification, and SSO-by-default access for internal admin tooling.

No system is perfectly secure. If you discover a vulnerability, please report it to legal@kudoclip.com with the subject “Security report”.

10. International transfers

KudoClip and most of our sub-processors are based in the United States. By using the Service you understand your data may be stored and processed in the US.

11. Changes to this policy

Material changes will be announced via email or in-product notice. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

Privacy questions: legal@kudoclip.com. General support: support@kudoclip.com.

For maintainers: in-house MVP baseline. Replace with Termly- or iubenda-generated Privacy Policy before public launch. Keep the sub-processors link working; the standalone sub-processors page lives at /legal/sub-processors.