ClipLedger
Main navigation
Why ClipLedgerHow It WorksFeaturesPricing
Start for free

Data Processing Agreement (DPA)

Last updated: April 2nd, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the user of ClipLedger ("Customer") and Marmalade skies s.r.o. ("Provider").

This DPA applies when the Customer uses ClipLedger to process personal data subject to the General Data Protection Regulation (GDPR).

This Data Processing Agreement may be provided in multiple languages for convenience. In case of any discrepancies, the English version shall prevail.

1. Parties

Controller

The Customer using the ClipLedger service.

Processor

Marmalade skies s.r.o.
IČO: 24372901
Bělehradská 858/23
120 00 Praha
Czech Republic

The Provider processes personal data on behalf of the Customer in order to provide the ClipLedger service.

2. Subject Matter of Processing

The processing activities covered by this DPA include providing the ClipLedger platform for:

  • managing creator campaigns
  • storing campaign configuration data
  • processing submitted video links
  • calculating creator payouts based on public video statistics.
  • retrieving account data and media insights from third-party platforms such as YouTube, TikTok, and Meta (Facebook and Instagram), including access to the authenticated user's own video data (such as video identifiers and view counts)
  • storing user profile data, including user-uploaded profile images

3. Categories of Personal Data

Depending on how the Customer uses the Service, the following data may be processed:

  • email addresses
  • user display names
  • authentication identifiers
  • creator channel URLs or usernames
  • video URLs submitted to campaigns
  • technical metadata such as IP addresses.
  • social media account identifiers (e.g., Instagram or TikTok account IDs)
  • public profile information (such as display name and profile picture, including user-uploaded profile images)
  • media performance metrics (such as video views and engagement statistics, video identifiers and public video metadata (including view counts) of videos belonging to the authenticated user)

ClipLedger does not intentionally process special categories of personal data.

4. Categories of Data Subjects

Personal data processed through the Service may relate to:

  • campaign owners
  • creators participating in campaigns
  • users of the ClipLedger platform.

5. Purpose of Processing

The Provider processes personal data only for the purpose of:

  • operating the ClipLedger platform
  • enabling campaign management features
  • retrieving video data, account information, and media performance metrics (including view counts) from third-party platforms (including YouTube, TikTok, and Meta services such as Facebook and Instagram) in order to verify submitted videos and calculate campaign performance
  • calculating campaign payouts
  • maintaining system security and abuse prevention.

6. Processor Obligations

The Provider shall:

  • process personal data only according to the documented instructions of the Customer
  • ensure that persons authorized to process data are subject to confidentiality obligations
  • implement appropriate technical and organizational security measures
  • assist the Customer in responding to data subject requests where applicable
  • notify the Customer without undue delay in the event of a personal data breach affecting the Service.

7. Subprocessors

The Customer authorizes the Provider to engage subprocessors necessary to operate the Service.

The following subprocessors are currently used:

Vercel

  • Service provided: Application hosting and infrastructure
  • Data processed: Application data, metadata
  • Processing location: Germany (EU region)
  • International transfer safeguard: Not applicable (EEA processing)

Resend

  • Service provided: Transactional email delivery
  • Data processed: Email addresses, notification content
  • Processing location: United States (where applicable)
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

Stripe

  • Service provided: Subscription billing and payment processing
  • Data processed: Billing identifiers, payment status, subscription information
  • Processing location: United States and/or European Union
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

Upstash

  • Service provided: Rate limiting and caching infrastructure (Redis)
  • Data processed: IP addresses and technical request identifiers used for abuse prevention
  • Processing location: Germany (Frankfurt, EU region - eu-central-1)
  • International transfer safeguard: Not applicable (EEA processing)

Google

  • Services provided: Authentication (Google OAuth) and YouTube API access
  • Data processed: Authentication identifiers, publicly available video metadata
  • Processing location: Global infrastructure operated by Google
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

Meta

  • Services provided: Authentication (Facebook Login) and Instagram Graph API access
  • Data processed: Account identifiers, basic profile information, and media performance metrics (such as video views and insights)
  • Processing location: Global infrastructure operated by Meta
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

TikTok

  • Services provided: API access for retrieving basic profile information and the authenticated user's own video data
  • Data processed: Account identifiers, display name, profile picture, video identifiers, and video performance metrics (such as view counts)
  • Processing location: Global infrastructure operated by TikTok
  • International transfer safeguard: Standard Contractual Clauses or other appropriate safeguards

Neon

  • Service provided: Database hosting (serverless PostgreSQL)
  • Data processed: All application data including user accounts, campaign data, and related metadata
  • Data processed: All application data including user accounts, campaign data, and related metadata
  • International transfer safeguard: Not applicable (EEA processing)

Cloudflare (R2)

  • Service provided: Object storage and content delivery
  • Data processed: User-uploaded files such as profile images (avatars)
  • Processing location: Eastern Europe (EEUR region, EU)
  • International transfer safeguard: Not applicable (EEA processing)

The Provider may update this list of subprocessors as necessary to operate the Service.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), the Provider ensures that appropriate safeguards are in place, including the use of Standard Contractual Clauses or other mechanisms permitted under GDPR.

9. Security Measures

The Provider implements reasonable technical and organizational measures to protect personal data, including:

  • encrypted connections (HTTPS)
  • access control to infrastructure systems
  • secure cloud infrastructure providers
  • monitoring and abuse prevention mechanisms.

10. Data Retention

Personal data is retained only for as long as necessary to provide the Service or as required by applicable law.

Customers may request deletion of their account and associated personal data by contacting hello@marmaladeskies.dev.

11. Term and Termination

This DPA remains in effect for as long as the Customer uses the ClipLedger service.

Upon termination of the Service, personal data will be deleted or returned in accordance with applicable law and the Provider's data retention policies.

12. Governing Law

This DPA shall be governed by the laws of the Czech Republic.