Data Collection

Personal Information (Voluntary): Name, email address, contact details.
Non-Personal Information (Automatic): Browser type, operating system, IP address (used for analytics and service improvement). Cookies are used to enhance user experience.
Sensitive Data: The policy doesn’t explicitly mention the collection of sensitive data like biometrics, health information, or racial data.

Data Usage

Primary Purposes: Improving web analytics services, personalizing user experience, communicating updates.
Secondary Purposes: AI model training (using aggregated and anonymized data).
AI/Profiling: Data is used for AI model training to improve service accuracy. The policy doesn’t detail the extent of profiling.

Third-Party Sharing

Third Parties: The policy states data is shared with third-party service providers only as necessary for service provision. Specific providers are not named.
Data Sale/Rent/Marketing: The policy explicitly states that personal information is not sold, rented, or leased.
International Transfers: The policy doesn’t explicitly mention international data transfers or compliance with specific regulations beyond mentioning GDPR, CCPA, and PECR compliance in the context of a “lightweight tracking mode”.

User Rights

Access, Correction, Deletion: Users have the right to review, update, or delete their personal information.
How to Exercise Rights: Contact support@shotcut.in.
Limitations/Fees: The policy doesn’t specify limitations or fees.

Data Retention

Retention Period: The policy doesn’t specify how long data is kept.

Security Measures

The policy mentions the implementation of industry-standard security measures to protect personal information. Specific measures are not detailed.

Concerning Clauses

Vague Language: The phrase “industry-standard security measures” lacks specificity. The lack of a defined data retention period is also concerning. ⚠️
Lack of Transparency on Third Parties: The policy doesn’t name the third-party service providers. ⚠️

Summary Cards:

1. Which Data Is Collected (Email, IP – for Ads)

Email address (voluntary)
IP address (automatic, for analytics)
Rating: 3/5 (Missing detail on other data collected)

2. Your Privacy Rights (Access: Yes, Delete: Yes)

Access: Yes (via contacting support)
Delete: Yes (via contacting support)
Rating: 4/5 (Process could be more clearly defined)

3. How Long Data Is Kept (Unspecified, GDPR Compliant (partially))

Retention period: Unspecified ⚠️
GDPR Compliance: Mentioned, but details are lacking.
Rating: 2/5 (Unspecified retention is a major concern)

4. Security of Your Data (Encryption: Unspecified, Shares: Unspecified Third Parties)

Encryption: Not specified ⚠️
Data Sharing: With unspecified third-party service providers. ⚠️
Rating: 1/5 (Lack of detail on security and sharing)

5. Hits & Misses

✅ Clear purpose of data collection (mostly)
✅ No data sale/rent
❌ Vague security measures
❌ Unspecified data retention period
❌ Lack of transparency on third-party sharing

Key Takeaways:

Shotcut collects personal and non-personal data.
Data is used for service improvement and AI training.
Data is not sold but is shared with unspecified third parties.
Users can access and delete their data, but the process isn’t fully detailed.
The policy lacks specifics on data retention and security measures.

Overall Rating: 2.2/5 The policy needs significant improvement in transparency and detail regarding data security, data retention, and third-party sharing.