Legal

Privacy Policy

How CrossClips collects, uses, secures, and deletes account, clipboard, billing, and website data.

Effective: April 27, 2026Last updated: April 27, 2026

CrossClips Privacy Policy

Effective Date: April 27, 2026
Last Updated: April 27, 2026

This Privacy Policy explains how CrossClips handles personal data when you use the CrossClips website, mobile apps, desktop apps, and related services (together, the "Services").

CrossClips is a clipboard management and synchronization product. Because clipboard content can be highly sensitive, we design the product to minimize what we can read and to keep clip text encrypted before it is synced.

1. Who this policy applies to

This policy applies to:

the CrossClips website and marketing pages;
CrossClips account creation, login, support, and billing flows;
the CrossClips apps on supported platforms; and
account, deletion, and subscription support requests made through CrossClips.

If you use a third-party provider with CrossClips, such as Apple, Google, Supabase, or Google Drive, that provider's own privacy terms also apply to the data it processes for its part of the service.

2. Contact details

If you have a privacy, deletion, or data-handling question, contact:

Email: hello@crossclips.app
Website: https://crossclips.app
Deletion page: Account and Data Deletion

3. What we collect

We collect data in the following categories.

email address;
password-authentication records handled through our authentication provider;
user ID, session identifiers, and linked sign-in provider identifiers;
if you use Google, Apple, or X sign-in, basic account profile data returned by that provider, such as email address, display name, or provider account identifier.

B. Clipboard and sync data

When you enable clipboard auto-capture or otherwise save clips:

clipboard text that you choose to capture or save;
encrypted clip payloads stored for sync;
clip metadata such as timestamps, device labels, source device IDs, source app names where available, content classification, pinned/favorite state, folder/tag relationships, and similar organization metadata.

Important:

clip text is encrypted on-device before sync;
some metadata remains readable to operate the service; and
CrossClips should not be treated as a vault for secrets you do not want copied at all.

C. Encryption and recovery data

encrypted key-envelope records needed to unlock synchronized clip history;
recovery workflow state and related metadata;
locally cached device unlock state, where supported by the device platform.

We do not want your recovery key sent to us in plaintext. You are responsible for storing your recovery key securely.

D. Device, app, and operational data

device type, app version, platform, and device label;
active-device and session records used to enforce device limits and subscription access;
connectivity and sync state;
diagnostics or debug information you choose to send to support or that is created while troubleshooting specific product issues.

E. Google Drive integration data

If you connect Google Drive for rich-content sync on supported desktop platforms:

Google account connection status;
selected CrossClips Drive-folder identifiers and names;
Google Drive file IDs, file names, MIME types, sizes, timestamps, and related sync metadata;
file bytes uploaded to your connected Google Drive folder.

For Drive-backed clips, file bytes are stored in your Google Drive account, not end-to-end encrypted by CrossClips before upload. CrossClips stores the metadata and references needed to show and sync those items.

F. Billing and subscription data

subscription plan, billing interval, entitlement status, and renewal/cancellation state;
store or provider transaction identifiers;
verification payloads and subscription metadata received from Apple, Google, or direct web-billing providers;
limited payment-support information you provide when contacting support.

CrossClips does not store full payment card numbers issued by Apple, Google, or third-party processors.

contact-form submissions, support category, and support correspondence;
analytics-consent choices on the website;
website analytics events if you affirmatively accept analytics cookies or tracking on the website.

4. Data we do not intentionally request from the app

The CrossClips app is not designed to request continuous access to:

contacts;
camera;
microphone;
precise location; or
photo-library access as a core feature.

If a platform later requires a system picker or share flow for a user-initiated action, that action is governed by the platform permission flow shown at that time.

5. How we collect data

We collect data:

directly from you when you create an account, sign in, contact support, connect a provider, or purchase a subscription;
from your device when you enable clipboard capture or use sync features;
from Apple, Google, payment providers, or identity providers when they confirm transactions or sign-in state;
from Google Drive when you choose to connect your Drive account; and
from website analytics tools only after consent where consent is required.

6. How we use data

We use personal data to:

create and manage your account;
authenticate you and maintain sessions;
capture, encrypt, sync, organize, and display clips;
provide device handover, favorites, folders, tags, search, and other app features;
verify subscriptions, enforce entitlements, and support billing;
operate optional Google Drive sync you enable;
respond to support, security, and deletion requests;
monitor service reliability, debug failures, and prevent abuse; and
improve the website and marketing experience when analytics consent is provided.

We do not use clipboard content for targeted advertising, do not sell personal data, and do not use clipboard content to train advertising profiles.

We share data only as needed to operate the Services or comply with law.

Examples include:

Supabase for authentication, database, realtime sync, and server functions;
Apple and Google for store billing, purchase verification, and identity services where you use them;
Google Drive if you connect Drive for file sync;
direct web billing providers such as Razorpay if you purchase through a web checkout that uses them;
website analytics providers such as Firebase Analytics and Mixpanel, but only for consented website analytics events;
service providers assisting with infrastructure, security, support, fraud prevention, or email delivery; and
government authorities, courts, or regulators where required by law.

We expect service providers that receive user data for CrossClips operations to protect it in a manner consistent with their role, applicable law, and this policy's general privacy commitments.

8. Encryption, security, and sensitive content

CrossClips uses security measures designed for clipboard-sync software, including:

client-side encryption for synchronized text clips;
encrypted transport channels;
access controls for backend systems; and
account and session controls tied to your sign-in state.

Important limitations:

encrypted text clips still require readable metadata to function;
if you use Google Drive sync for files or images, those file bytes are handled through your Google Drive account;
clipboard systems may contain passwords, one-time codes, private keys, financial details, or other highly sensitive content; and
you are responsible for deciding what you copy, retain, sync, share, or upload.

9. Retention and deletion

We keep data only for as long as reasonably necessary for the purposes described above, unless a longer period is required by law or for legitimate security or fraud-prevention reasons.

General retention rules:

clip history remains until you delete it, your account is deleted, or retention is otherwise shortened by your own actions;
account data remains while your account is active and for a limited period needed for security, compliance, and dispute handling;
billing and transaction records may be retained for accounting, tax, fraud, and legal compliance;
support messages and troubleshooting logs may be retained as needed to resolve the issue and maintain service integrity; and
consent records may be retained to document compliance choices.

You can request account deletion through the in-app path where available or through the public Account and Data Deletion page.

10. Your choices and controls

You can generally:

turn clipboard auto-capture on or off in app settings;
choose whether to save clips manually or automatically;
disconnect Google Drive;
revoke or avoid website analytics consent;
update account information available through the service; and
request deletion of your account and associated data.

Where a store subscription exists, deleting your account does not itself cancel external store billing. Store-billed subscriptions must also be cancelled through the relevant store settings.

11. Children's privacy

CrossClips is not directed to children under 13 and is not intended for minors who cannot lawfully use the service or consent to data processing under applicable law. If you believe a child has provided personal data in violation of this policy, contact us.

12. International use

CrossClips may process data in jurisdictions different from your own, including through infrastructure or service providers that support the Services. Where required, we rely on contractual, technical, or organizational safeguards appropriate to the transfer.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last Updated" date. If a change materially affects how we use personal data, we may provide additional notice through the app, website, or email.