Skip to content
Clipia.
Sign In

  • Home

  • Create Video

  • Create Image

  • My Works

  • Models

  • Guides

  • Pricing

  • Settings

  • Support

Clipia.

Think differently — create the impossible.

Product

  • Create Image
  • Create Video
  • AI Models
  • Video Models
  • Image Models
  • Guides
  • Model Rankings
  • Balance

Support

  • About
  • Contact Us
  • Telegram Support

Legal

  • Terms of Service
  • Privacy Policy
  • Cross-Border Transfers
  • Acceptable Use
  • Cookie Policy
  • Content License
Company:IE Zakharov M. S.
TIN:361608356714
OGRNIP:324366800070377
Email:info@clipia.ai
Terms of Service·Privacy Policy·Cookie Policy·Acceptable Use
© 2026 Clipia.ai. All rights reserved.

Поверните устройство вертикально

Please rotate your device to portrait

Clipia.

Cross-Border Data Transfer Policy

Effective date: 17 April 2026

1. Introduction

This document discloses the procedure and conditions under which personal data of Clipia.ai Users are transferred across national borders in connection with the provision of AI-powered content generation services.

The document is drafted in accordance with Article 12 of Russian Federal Law No. 152-FZ «On Personal Data» (as amended by Federal Law No. 266-FZ of 14 July 2022) and Articles 44–49 of the EU General Data Protection Regulation (GDPR) for data subjects in the European Economic Area.

The data controller is Zakharov Maksim Sergeevich, Individual Entrepreneur registered in the Russian Federation (OGRNIP 324366800070377, INN 361608356714; registered on 19 July 2024; registered address: 396336, Voronezh Oblast, Russian Federation) — owner of the domain and the Clipia.ai service (hereinafter — «Operator», «Service»).

2. Definition and legal grounds

«Cross-border transfer» means the transfer of personal data to the territory of a foreign state, including to foreign legal entities subject to its jurisdiction, or making personal data accessible from the territory of a foreign state.

Legal grounds for transfer:

  • Consent of the data subject expressed at registration and upon acceptance of the Terms of Service
  • Performance of the contract to which the data subject is a party (to execute generation requests)
  • Legitimate interest of the Operator in securing the Service and ensuring service quality

3. Categories of data transferred

CategoryExamples
IdentificationEmail, username, account ID
OAuth identifiersGoogle Sub, Yandex UID, Telegram User ID
TechnicalHashed IP, User-Agent, timestamps, device type
Generation contentPrompts, reference media, generated results
Payment identifiersAnonymised card token, amount, payment ID
CommunicationsSupport tickets, email metadata
Application errorsStack traces, client logs (no content)

Special categories of personal data (race, ethnicity, political or religious beliefs, health, sexual life) are not transferred abroad, except where the data subject voluntarily includes such information in a prompt or reference media.

4. Recipients of personal data

4.1. Infrastructure (hosting, CDN)

RecipientCountryPurpose
Amazon Web Services, Inc.USA, IrelandMedia storage (S3)
Cloudflare, Inc.USA (global)DNS, DDoS protection
Amazon CloudFrontUSA (global edge)CDN media delivery

4.2. Authentication

RecipientCountryPurpose
Google LLCUSAOAuth «Sign in with Google»
Telegram FZ-LLCUAETelegram Login OAuth

4.3. Payments

RecipientCountryPurpose
Lava.topCyprus / EUUSD / EUR payment processing

Russian payment providers (CloudPayments, Robokassa) process data within the Russian Federation and do not perform cross-border transfers. Full card details are not passed to the Operator by any provider.

4.4. Communications

RecipientCountryPurpose
Resend, Inc.USATransactional email (verification, receipts, notices)

4.5. Monitoring and analytics

RecipientCountryPurpose
Functional Software, Inc. (Sentry)USAError monitoring
Google LLC (Google Analytics 4)USAAggregated web analytics

Yandex Metrica processes data within the Russian Federation and does not constitute a cross-border transfer.

4.6. AI generation providers

To provide content generation, the Operator uses a network of foreign machine-learning model providers. End model providers include:

ProviderCountryModel type
OpenAI, L.L.C.USAGPT Image, text moderation
Anthropic, PBCUSAClaude (assistant)
Google LLCUSAGemini, Imagen
xAI Corp.USAGrok Imagine, Grok Video
Midjourney, Inc.USAMidjourney V7
Black Forest Labs GmbHGermanyFLUX Kontext, FLUX 2
Higgsfield AI, Inc.USAHiggsfield DoP, Soul
Alibaba GroupPRCQwen, Wan
ByteDance Ltd.PRCSeedance, Seedream, Doubao
Kuaishou TechnologyPRCKling
MiniMax AIPRCHailuo

Access to these models may be provided directly or through foreign technology partners (infrastructure aggregators) handling routing, load balancing, failover, and integration security. Information about specific technology partners is a commercial secret of the Operator and may be disclosed upon a reasoned request of the supervisory authority.

Transmitted: prompt text, reference media, request parameters (model, resolution, duration), anonymised request ID.

Not transmitted: email, username, IP address, payment data, any account content beyond the specific request.

5. Destination countries

CountryProtection statusTransfer basis
USADoes not provide adequate protectionUser consent
EU (Ireland, Cyprus, Germany)Provides adequate protection (Roskomnadzor Order No. 274 of 15.03.2013)Standard terms
PRCDoes not provide adequate protectionUser consent
UAEDoes not provide adequate protectionUser consent

Safeguards for transfers to non-adequate jurisdictions:

  • Transfer only over secure channels (TLS 1.2+)
  • Data minimisation
  • Data Processing Agreements (DPAs) with recipients
  • Access control and audit
  • User identifier hashing where feasible

6. Retention periods at recipients

  • Generation content — transit-only, retained by AI providers for no more than 30 days
  • Email and account identifiers — until consent is withdrawn
  • Sentry technical logs — 30 days
  • Google Analytics 4 — 14 months
  • Payment data — per PCI DSS and the tax law of the provider's jurisdiction

7. Your rights

Regarding cross-border transfer, you have the right to:

  • Withdraw consent — use of the Service becomes impossible, as generation requires sending requests to AI providers
  • Request information about specific recipients of your personal data and the grounds for transfer
  • Demand that a recipient cease processing if processing violates your rights
  • Lodge a complaint with Roskomnadzor, the EU supervisory authority of your residence, or a court of competent jurisdiction

Requests: privacy@clipia.ai. Response within 30 calendar days.

8. Roskomnadzor notification

The Operator notifies Roskomnadzor of its intent to perform cross-border transfer of personal data in accordance with Roskomnadzor Order No. 178 of 28 October 2022.

Notification number and date: filing in progress. Will be published in this section upon assignment.

9. Amendments

The Operator may update this document. Material changes (new recipients, new jurisdictions) are communicated 30 calendar days in advance via email and in-service notice.

10. Contact

Data controller

NameZakharov Maksim Sergeevich, Individual Entrepreneur (Russian Federation)
OGRNIP324366800070377
INN361608356714
Registered on19 July 2024
Registered address396336, Voronezh Oblast, Russian Federation
Personal data queriesprivacy@clipia.ai
DPOdpo@clipia.ai

Supervisory authority

Russian Federation: Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). Address: 109992, Moscow, Kitaygorodsky Proyezd 7, bld. 2. Website: rkn.gov.ru

Related documents

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
Cross-Border Data Transfer Policy | Clipia.ai