Privacy Policy
Clout Uploader — Content operations platform for TikTok creators and agencies
Last updated: 01 March 2026
1. Who We Are (Data Controller)
Here at Clout Uploader (“we” or “us”), we respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”).
For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), we act as the data controller of your Personal Information.
Contacts: [email protected]
2. Scope of This Policy
This Privacy Policy describes how we collect, use, and protect your Personal Information when you access or use https://clout.wtf (the “Website”) and/or our Clout Uploader software and related services (the “Software” and “Services”).
This Policy forms part of, and is incorporated into, the End User License Agreement (EULA).
3. Information We Collect
We collect only the information necessary to provide and operate the Software and Services.
3.1. Information you provide
- Contact information (e.g. email address)
- Basic personal details (if voluntarily provided)
- Payment-related information (via third-party processors)
- Communications (support requests, inquiries)
3.2. Information from third-party platforms
If you interact with our communities (e.g. Discord, Telegram), we may receive:
- Username or user ID
- Public profile details you choose to share
- Technical and diagnostic data (Telemetry)
The Software processes limited technical data necessary for its functionality, including machine identifier (hashed), application version, operating system version, license tier, error summaries and crash indicators, aggregated usage counters, performance and reliability metrics. A diagnostic “heartbeat” may be transmitted approximately every 24 hours.
4. What We Do NOT Collect
We deliberately minimize data collection. We do not collect or process account credentials (usernames, passwords, tokens), user-generated content (videos, photos, descriptions, media), Apple ID credentials, proxy credentials, contacts or address books, detailed behavioral tracking or browsing history, precise location data (GPS or IP-based tracking). We also:
- Do not sell Personal Information
- Do not use Personal Information for advertising or profiling
- Do not monitor user-generated content
- Do not access, control, or manage your third-party accounts or devices
The Software operates solely as a tool on your own infrastructure. You remain fully responsible for all actions performed using the Software.
5. Support Bundles (User-Initiated)
You may optionally generate support bundles via the “Report Issue” feature. These files are not automatically transmitted. They remain on your device unless you choose to share them. Support Bundles may include logs, crash reports, and system summaries (excluding sensitive credentials). We retain such data only as necessary to resolve support requests.
6. Purposes and Legal Bases for Processing
We process Personal Information for the following purposes:
| Processing Purpose | Categories of Personal Data | Legal Basis | Service Providers / Third Parties | Retention Criteria |
|---|---|---|---|---|
| Account creation, License activation, and Service delivery | Identifiers, Customer Records Information | Performance of a contract (Art. 6(1)(b)) | Payment providers (e.g. Stripe or equivalent) | Retained for duration of License Term + up to 12 months |
| License enforcement and anti-abuse measures | Device identifiers (hashed machine ID), technical identifiers | Legitimate interests in protecting software and enforcing license (Art. 6(1)(f)) | Internal systems only (no external sharing) | Retained for duration of License Term + limited audit period |
| Software diagnostics, telemetry, and performance monitoring | Device and system data (OS version, app version), aggregated usage metrics, error logs | Legitimate interests in ensuring functionality and reliability (Art. 6(1)(f)) | Infrastructure providers (hosting / telemetry processing) | Retained for 30–90 days, then deleted or aggregated |
| Customer communication and support | Identifiers (email), communications content | Performance of a contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f)) | Email providers (e.g. Google Workspace or equivalent) | Retained until resolution + up to 6 months |
| User-initiated support bundles | Technical logs, system configuration data (excluding credentials), diagnostic reports | Performance of a contract (Art. 6(1)(b)) | Internal processing only unless shared by user | Retained only as necessary to resolve issue |
| Payment processing and billing | Identifiers, transaction data (no full card details stored by us) | Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)) | Payment processors (e.g. Stripe or equivalent) | Retained for statutory accounting and tax periods (up to 10 years) |
| Security, fraud prevention, and compliance | Technical identifiers, limited account data | Legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) | Infrastructure and security providers | Retained as necessary for security investigations |
| Website operation and essential functionality | Minimal technical data (cookies, session data) | Legitimate interests (Art. 6(1)(f)) | Hosting providers | Retained for session duration or short technical cycles |
| Legal compliance and enforcement of rights | Relevant account, transaction, and technical data | Legal obligation (Art. 6(1)(c)); legitimate interests (Art. 6(1)(f)) | Authorities or advisors where required | Retained as required by applicable law |
Where we rely on legitimate interests, we ensure such interests are not overridden by your rights. Where required, we rely on consent, which you may withdraw at any time.
7. Telemetry and License Enforcement
Telemetry is an essential part of the Software’s functionality. We use technical and diagnostic data to ensure Software stability and performance, identify and fix errors, enforce license limits and prevent unauthorized use, detect misuse and protect our systems. Telemetry data is pseudonymized and is not used to identify you as an individual. If you object to such processing, you may not be able to use the Software.
8. Data Retention
We retain Personal Information only for as long as necessary:
| Data type | Retention period |
|---|---|
| Account and contact data | Duration of contract + 12 months |
| Payment data | Up to 10 years (legal obligations) |
| Telemetry data | 30–90 days |
| Support requests | Resolution + 6 months |
| Support bundles | Until resolution or deletion |
After this period, data is deleted or anonymized.
9. Sharing of Information
We do not sell, rent, or trade your Personal Information. We share only limited data with carefully selected service providers strictly as necessary to operate and secure the Services:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Cloudflare, Inc. | IP address (in transit), request metadata | Content delivery (CDN), DDoS protection, and storage services (R2) |
| Hetzner Online GmbH | Server-level data (infrastructure storage) | Infrastructure hosting and system operation |
These providers process data solely on our behalf and under contractual obligations consistent with applicable data protection laws. Third-party providers operate strictly at the infrastructure level and do not have independent access to user-level data.
We may also disclose Personal Information:
- To comply with applicable law, regulation, legal process, or governmental request
- To enforce our rights under the EULA
- To detect, prevent, or address fraud, security, or technical issues
We do not authorize these providers to use your data for their own purposes. We may also disclose information: to comply with legal obligations, to enforce our rights under the EULA, to prevent fraud or misuse, in connection with a business transfer.
10. International Data Transfers
We host and process personal data primarily in Europe. Due to the global nature of our operations and our use of service providers and AI model providers, personal data may be transferred to and processed in countries outside your country of residence, including outside the European Economic Area (EEA), where data protection laws may differ from those in your jurisdiction. Where personal data is transferred outside the EEA to a country that has not been recognized by the European Commission as providing an adequate level of data protection, we rely on appropriate safeguards in accordance with Chapter V GDPR, including the E.U. Standard Contractual Clauses, where applicable, the UK SCCs, supplementary technical and organizational measures, such as encryption, access controls, and data minimization. These safeguards are designed to ensure that your personal data remains protected in accordance with GDPR requirements, regardless of where it is processed. You may request additional information about international data transfers and applicable safeguards by contacting us using the details provided in this Privacy Policy.
11. Your Rights
Rights under GDPR (European Economic Area)
If you are located in the European Economic Area (EEA), you have the following rights under applicable data protection laws:
- Right of access. To obtain confirmation as to whether we process your Personal Information and to request a copy of such data;
- Right to rectification. To request correction of inaccurate or incomplete Personal Information;
- Right to erasure (“right to be forgotten”). To request deletion of your Personal Information where legally applicable;
- Right to restriction of processing. To request that we limit the processing of your Personal Information under certain circumstances;
- Right to data portability. To receive your Personal Information in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible;
- Right to object. To object to processing based on our legitimate interests, including for security or operational purposes;
- Right to withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal;
- Right to lodge a complaint. To file a complaint with your local data protection authority if you believe your rights have been violated.
Rights under CCPA (California, USA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended:
- Right to know. To request information about the categories and purposes of Personal Information we collect, use, and disclose;
- Right to delete. To request deletion of your Personal Information, subject to certain legal exceptions;
- Right to opt out of sale or sharing. We do not sell or share Personal Information for cross-context behavioral advertising;
- Right to non-discrimination. You will not be discriminated against for exercising your rights.
To exercise your rights, please contact us at: [email protected]. We will respond within 30 days, or as otherwise required by applicable law. We may request additional information to verify your identity before processing your request. If your request is complex or numerous, we may extend the response period as permitted by law.
12. Cookies and Tracking Technologies
When you visit or interact with our Website or use our Services, we and our service providers may use cookies, web beacons, software development kits (SDKs), pixels, and similar tracking technologies (collectively, “Cookies”) to collect certain information automatically. Some of this information may constitute personal data under applicable data protection laws.
Cookies are small text files stored on your device that enable us or our partners to recognize your browser or device and remember certain information. Cookies help us operate the website securely and efficiently, understand how the Services are used, personalize content, and support analytics and marketing activities, where permitted by law.
We use cookies only as necessary for Website functionality and basic analytics (where applicable).
13. Data Security
We implement appropriate technical and organizational measures to protect Personal Information and system integrity, including:
- Encryption in transit. All communications between the Software and our servers are secured using HTTPS with TLS encryption;
- Pseudonymization. Machine identifiers are cryptographically hashed and cannot be reversed to identify a specific device or individual;
- Local encryption. Application logs are encrypted in production environments;
- Secure transmission and minimization. Crash reports are transmitted securely via HTTPS and deleted locally after successful delivery;
- Access controls and infrastructure security. Server environments are restricted to authorized access and protected against unauthorized use;
- Data minimization by design. We collect and process only the technical data strictly necessary for licensing, diagnostics, and system reliability.
While we take reasonable and appropriate measures to protect data, no system can guarantee absolute security. To the extent permitted by applicable law, our liability related to data security is limited as set out in the EULA.
14. Data Breach Notification
We will comply with applicable legal obligations regarding data breach notification and take appropriate steps to mitigate any risks.
15. Children’s Privacy
We do not knowingly collect Personal Information from individuals under the age of 16 (or applicable local age).
16. Automated Decision-Making
We do not use Personal Information for automated decision-making or profiling with legal or similarly significant effects.
17. Links to third-party resources
Our Services may contain links (including those embedded into the ads distributed via our Services) to third-party resources that are not administered by us and are not governed by this Privacy Policy. We encourage you to familiarize yourself with the privacy policies and security practices of the linked third-party websites before providing them with any personal information.
18. Changes to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or to address feedback received from our customers. Any changes will be published on this page, and we encourage you to review it regularly to stay informed about how we protect your information. When we post changes, we revise the “Last Updated” date at the top of this policy. If we make any material changes in the way we collect, use, or share your information, we will notify you by prominently emailing you, and if required by applicable law, we will request your consent for such changes.
19. Language
Any translation of the English version of this Privacy Policy is provided solely for your convenience. In case of any differences between the English version and any other translation, the English version shall prevail and shall be the only legally binding version.
20. Contact Information
If you have questions or comments regarding this Privacy Policy and our privacy practices, or you have any requests to exercise your legal rights, please contact us via email: [email protected].
By using Clout Uploader, You acknowledge that You have read and understood this Privacy Policy.