Data Collection

Personal Information (Voluntary): Name, email address, contact information, any other information you provide.
Usage Data (Automatic): IP address, browser type, device information, operating system, usage patterns.
Cookies (Automatic): Used to enhance your experience and for analytics. You can manage these through your browser settings.
Sensitive Data: The policy doesn’t explicitly mention the collection of sensitive data like biometrics, health information, or racial data.

Data Usage

Primary Purposes: Providing and maintaining services, processing transactions, responding to inquiries, improving services.
Secondary Purposes: Personalizing your experience, sending updates/newsletters (you can opt out).
AI/Profiling: The policy doesn’t mention using data for AI training or user profiling.

Third-Party Sharing

Service Providers: Data may be shared with third-party service providers who assist with operations, analysis, and service improvement. The specific providers are not named.
Legal Compliance: Data may be disclosed if required by law or legal requests.
Marketing/Sales: The policy doesn’t explicitly state that data is sold or rented for marketing purposes.
International Transfers: The policy doesn’t specify whether data is transferred internationally or the compliance measures in place.

User Rights

Access: You can access and update your personal information by logging into your account or contacting support@shotcut.in.
Deletion: The policy doesn’t explicitly state a right to data deletion.
Opt-Out: You can opt out of promotional communications by following instructions in the emails.
Limitations/Fees: The policy doesn’t mention limitations or fees for data requests.

Data Retention

The policy doesn’t specify how long data is kept.

Security Measures

The policy mentions taking “reasonable measures” to protect information from unauthorized access, disclosure, alteration, and destruction. However, it acknowledges that no method is entirely secure.

Concerning Clauses

Vague Language: The policy uses vague terms like “reasonable measures” and doesn’t provide specifics on data retention or third-party providers. This makes it difficult to assess the level of protection.

Summary Cards:

1. Which Data Is Collected (Email, IP – for Ads)

Email: Yes
IP Address: Yes (for analytics, potentially advertising)
Rating: 3/5 (lack of transparency on ad targeting)

2. Your Privacy Rights (Access: Yes, Delete: No)

Access: Yes
Delete: No (explicit right not mentioned)
Rating: 2/5 (lack of deletion right is a significant concern)

3. How Long Data Is Kept (12 months, GDPR Compliant)

Duration: Unspecified
GDPR Compliance: Not explicitly stated
Rating: 1/5 (lack of information on data retention)

4. Security of Your Data (Encryption: Yes, Shares: Google)

Encryption: Not explicitly mentioned
Data Sharing: Unspecified, but likely with unnamed service providers.
Rating: 2/5 (lack of detail on security measures and data sharing)

5. Hits & Misses

✅ Clear Purpose (for service delivery)
❌ No opt-out for sharing with service providers
❌ Vague language on data retention and security

Key Takeaways:

The policy lacks transparency regarding data retention, specific third-party sharing, and security measures.
The absence of a clear right to data deletion is a significant concern.
The vague language used makes it difficult to fully understand the extent of data collection and usage.

Overall Rating: 2/5 The privacy policy needs significant improvement to provide users with sufficient clarity and control over their data.