Privacy Policy · FlashCutMaker

1. Who we are

FlashCutMaker is operated as an independent project. References to “we”, “us”, and “our” mean the operator of the FlashCutMaker website and software. For privacy questions, reach us at blaisemu007@gmail.com.

If applicable law treats us as a data controller for personal information processed through FlashCutMaker, you can contact us using the email above as our designated point of contact for privacy matters.

2. Scope of this policy

This policy applies to:

The FlashCutMaker website and editor;
Our APIs that proxy image search and image bytes;
Authentication flows powered by Firebase Authentication.

It does not apply to:

Third-party platforms you choose to upload or share your finished video to (e.g., TikTok, YouTube, Instagram);
Third-party image providers (Unsplash, Brave) when you visit their sites directly;
Buy Me a Coffee, which has its own privacy policy and processes any tips on its own platform.

3. Data we collect

3.1 Information you provide

Account information. If you sign in with Google, we receive your Google account’s display name, email address, profile picture URL, and a Firebase user ID (UID). We do not see or store your Google password.
Creative inputs. The text content, font, colors, animation settings, aspect ratio, and other styling you enter into the editor. This data lives in your browser and only leaves it when you voluntarily download or share the rendered output.
Search queries. When you search for images, the text of your query is sent to our servers and forwarded to Unsplash and/or Brave Search.
Support & communications. If you email us, we receive your email address and the contents of your message.

3.2 Information collected automatically

Log data. Like most websites, our hosting provider (Vercel) and downstream services automatically receive standard log data: IP address, user-agent string, referring URL, request paths and timestamps. This is used for security, abuse prevention, debugging, and service reliability.
Device & viewport data. Your browser exposes characteristics such as screen size and time zone, which we use to render an appropriate layout (e.g., mobile vs. desktop dock).
Usage analytics. We use Vercel Analytics, which collects anonymized, aggregated usage data (page views, basic events) without cookies and without tracking you across other sites. See Section 9.
Authentication state. Firebase Authentication stores tokens locally (in browser storage) so we can keep you signed in across sessions.

3.3 Information we do not collect

We do not collect payment-card data. Donations are handled entirely by Buy Me a Coffee.
We do not run third-party advertising trackers or build advertising profiles about you.
We do not access your microphone, camera, or files on your device.
We do not upload your rendered videos to our servers.

4. Images, search queries & the image proxy

FlashCutMaker’s “Images” mode lets you search for free stock photos (Unsplash) and/or general web images (Brave Search Images) to use as backgrounds in your animations. Because this is the most data-sensitive part of the product, we want to be transparent about how it works.

4.1 What happens when you search

You type a topic (e.g., “mountain sunrise”) and hit Search.
Your query is sent to our own API endpoints (/api/unsplash or /api/brave-images) over HTTPS.
Our server forwards the query to the relevant provider (Unsplash and/or Brave Search) using our API credentials, so the provider sees our server’s request — not your IP address.
The provider returns a list of image URLs and metadata, which we relay back to your browser.

4.2 The image proxy (`/api/proxy-image`)

When you select images, your browser fetches them through our image proxy. We do this for two reasons: (1) so the editor canvas can read pixel data and export your video without browser security errors (“tainted canvas”), and (2) so we can enforce size and content-type limits to keep things stable.

The proxy is a thin pass-through. It fetches the public image, validates it, and streams it back to your browser. We do not permanently store images. They are cached by your browser and by edge caches for up to one hour (Cache-Control: public, max-age=3600) so the editor stays responsive while you work.

4.3 What we don’t do

We do not associate your search queries with your account in any persistent profile.
We do not sell or share queries with advertisers.
We do not use your queries to train AI models.
Search is gated to signed-in users purely for abuse prevention.

4.4 Your responsibility for image content

You are responsible for the images you select and how you use them. Stock providers (Unsplash) include their own licenses; general web search results may include copyrighted material that requires the owner’s permission for reuse. FlashCutMaker is a tool — it does not grant you rights to any third-party image.

5. How we use your data

We use the data described above for the following purposes only:

Provide the service. Render your animations, fetch images you searched for, keep you signed in, save local preferences.
Security & abuse prevention. Detect and block automated abuse of the image proxy and search endpoints; gate search to signed-in users; enforce rate limits.
Service reliability. Investigate bugs, monitor errors, and improve performance based on aggregated metrics.
Product improvement. Understand which features are used and which are not — using only privacy-respecting analytics.
Communications. Reply to your support requests.
Legal compliance. Comply with applicable law and respond to lawful requests.

We do not use your data for advertising, profiling for sale, or training machine-learning models.

6. Legal bases for processing (GDPR)

If you are in the EEA, UK, or Switzerland, our legal bases are:

Contract (Art. 6(1)(b) GDPR): processing required to deliver the service you requested — e.g., running search queries, rendering frames, maintaining your session.
Legitimate interests (Art. 6(1)(f) GDPR): security, fraud and abuse prevention, basic product analytics, and keeping the service running. We balance these against your rights and freedoms.
Consent (Art. 6(1)(a) GDPR): where we ask you for it (e.g., signing in with Google via the Google consent screen).
Legal obligation (Art. 6(1)(c) GDPR): where we must process data to comply with the law.

We use a small number of carefully selected third-party providers (“sub-processors”) to run FlashCutMaker. They process data on our behalf under their own terms and privacy policies:

Provider	Purpose	Data involved
Google Firebase Authentication	Sign-in & account identity	UID, email, display name, profile photo URL, auth tokens, IP
Vercel	Hosting, edge network, serverless functions	IP, user-agent, request metadata, logs
Vercel Analytics	Privacy-friendly product analytics (no cookies)	Anonymized page views, basic event names
Unsplash	Stock image search results	Search query text (sent server-to-server)
Brave Search	Web image search results	Search query text (sent server-to-server)
Buy Me a Coffee	Optional support donations	Whatever you provide on their checkout (we never see card data)
Google Fonts	Loading typography (Inter, Playfair, Orbitron, etc.)	IP address (when your browser fetches font files)

We will never sell your personal information. We do not disclose personal information to third parties except (a) the sub-processors above to operate the service, (b) when you ask us to (e.g., you click an external link), (c) to comply with a valid legal request, or (d) to protect the rights, property, or safety of users or the public.

8. Cookies & similar technologies

FlashCutMaker is intentionally light on cookies. We use:

Authentication storage — Firebase Authentication keeps a session token in your browser’s storage (IndexedDB / localStorage). Without it, you would have to sign in on every page load. This is strictly necessary for sign-in to work.
Local preferences — small entries in localStorage and sessionStorage remember UI state (e.g., your selected aspect ratio or which dock tab was open). These never leave your device.

Vercel Analytics is cookieless. We do not use third-party advertising, re-targeting, or cross-site tracking cookies. You can clear or block any of the storage above in your browser settings, but doing so may sign you out and reset local preferences.

9. Analytics

We use Vercel Web Analytics (and Speed Insights, where enabled) to understand basic usage and performance. These tools:

Do not set or read cookies;
Do not store IP addresses persistently;
Hash or truncate identifiers so individual users cannot be re-identified;
Do not share data across sites or with advertisers.

We also fire a small number of custom event names (e.g., support_cta_clicked) so we can tell which buttons people actually use. For support links, we additionally store a short server log (button location and approximate time; your account email when you are signed in, or IP address when you are not) so we can see which placements drive support interest. That log is for internal operations only and is not used for advertising.

10. Data retention

Account data (UID, email, name) is retained for as long as your account exists. If you delete your account or ask us to delete it (see Section 13), we remove the corresponding Firebase Authentication record.
Creative inputs stay in your browser. We do not store them on our servers.
Search queries are processed in real time. We may retain short-lived application logs containing query text for up to 30 days for debugging and abuse prevention, after which they are deleted or anonymized.
Server & CDN logs are typically retained by our hosting provider for a limited period (commonly 30 days) before automatic deletion or rotation.
Proxied images are not stored. They are cached for up to one hour to keep the editor responsive, then evicted.
Analytics events are aggregated and retained per our analytics provider’s policy.

11. Security

We take reasonable, industry-standard measures to protect your data:

All traffic to FlashCutMaker is served over HTTPS/TLS.
Sign-in uses Google’s OAuth flow via Firebase — we never see your password.
API credentials for Unsplash and Brave are kept on the server side only; they are never exposed to your browser.
The image proxy validates URLs against a blocklist (e.g., refuses private/internal addresses) and enforces size, type, and timeout limits.
Server logs and analytics data are scoped to the smallest set we need to operate the service.

No method of transmission or storage is 100% secure. If you discover a security issue, please report it to blaisemu007@gmail.com.

12. International data transfers

FlashCutMaker is provided through global infrastructure. Depending on where you are and where our sub-processors operate, your data may be transferred to and processed in countries outside your home country, including the United States. Where required by law (e.g., GDPR), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) used by our sub-processors.

13. Your rights

Depending on your location, you may have the following rights with respect to personal information we hold about you:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate or incomplete information.
Erasure — ask us to delete personal data we hold about you.
Restriction — ask us to limit how we process your data.
Portability — request a copy of your data in a portable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent, withdraw it at any time (without affecting prior processing).
Complain — lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at blaisemu007@gmail.com from the address associated with your account. We will respond within the time required by applicable law (typically 30 days). We will not discriminate against you for exercising any of these rights.

14. Children’s privacy

FlashCutMaker is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at blaisemu007@gmail.com and we will delete it promptly.

15. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (“CCPA”), as amended by the CPRA, gives you specific rights:

Right to know what personal information we collect, the categories of sources, the purposes, and the categories of recipients.
Right to delete personal information we’ve collected from you, subject to certain exceptions.
Right to correct inaccurate personal information.
Right to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under the CCPA.
Right to limit use of sensitive personal information. We do not collect sensitive personal information for purposes that require this limit.
Right to non-discrimination for exercising any of these rights.

Categories of personal information we collect, by CCPA category, include: identifiers (UID, email, IP), internet/network activity (logs, page views), and inferences only as needed to operate the service. We do not collect biometric, precise geolocation, or commercial transaction data on our servers.

To exercise California rights, email blaisemu007@gmail.com. We may need to verify your identity before responding.

16. EEA / UK residents

In addition to the rights in Section 13, you may lodge a complaint with your local supervisory authority. For UK residents, this is the Information Commissioner’s Office (ICO). For EEA residents, you can find your authority via the European Data Protection Board.

17. Do Not Track

FlashCutMaker does not use cross-site behavioral advertising and does not change its behavior in response to browser Do Not Track signals, since the features that would normally rely on tracking do not exist on this site.

18. Third-party links & content

The editor surfaces images and links from third parties (Unsplash, Brave Search). When you click an external link or visit those services, you are subject to the third party’s privacy policy and terms. We are not responsible for content or practices on sites we do not control.

19. AI / automated decision-making

FlashCutMaker does not make legal or similarly significant decisions about you automatically. We do not use your creative inputs, search queries, or account information to train AI/ML models, and we do not provide them to third parties for that purpose.

20. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the service, the law, or our practices. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, surface a notice in-app. Your continued use of FlashCutMaker after the new policy takes effect means you accept the updated terms.

21. How to contact us

For any privacy-related question, request, or complaint, contact us at:

blaisemu007@gmail.com