Privacy Policy
TL;DR
You sign in with Google and upload a video. We process it, then delete the video and the report 6 hours after you download it — or 6 days after upload if you never download, so you have time to grab it. After that, the only things we keep are your email (so the same person can't farm free reports or scam refunds) and three numbers: how long the video was, how many bugs we found, and how much you paid. We don't sell your data or train on it. To analyze your video we send it to Google Gemini (paid tier — no training) and Deepgram (transcription). Questions? [email protected].
What we collect
When you use klunk, the following data is involved:
- Your email address. You sign in with Google, so we receive the email on your Google account. We use it to recognize you across reports — and, honestly, to stop one person from claiming the free report over and over or abusing refunds.
- The video file you upload. Stored on our server temporarily so the pipeline can read it.
- The output bundle: screenshots, video clips, prose walkthroughs, the answer to any question you asked, and the master report. Temporary.
- Three numbers per job: how long the video was, how many bugs we found, and how much you paid. Plus a random job ID and status flags.
- Payment: if you pay, the card transaction is handled entirely by Stripe. We never see or store your card number — we only store the amount and whether it was paid/refunded.
- Standard server logs: IP address, user-agent, request paths — used only to diagnose problems, rotated out within 30 days.
We do not collect your name, company, address, phone number, or anything else identifying. There are no marketing trackers and no analytics pixels.
How long we keep it — and exactly what
Your video and your finished report are deleted 6 hours after you download them — or 6 days after upload if you never download, so you always have time to come back and grab your report. Whichever happens first. After that, the job row is stripped down to four things and nothing else. Here's the whole truth in one table:
| What | Do we keep it? |
|---|---|
| 🎥 Your uploaded video | ✗ Deleted 6h after download (6 days max) |
| 📁 Your report — screenshots, clips, ZIP, answers | ✗ Deleted 6h after download (6 days max) |
| 📧 Your email | ✓ Kept — anti-abuse only |
| ⏱️ How long the video was | ✓ Kept (just a number) |
| 🐛 How many bugs we found | ✓ Kept (just a number) |
| 💳 How much you paid | ✓ Kept (just a number) |
| 🙋 Your name, company, address, anything else | — Never collected |
We keep the email + those three numbers indefinitely so the free-trial and refund rules can't be gamed, and so we can keep basic books. They can't be used to reconstruct your video or your report — those are gone.
Standard web server logs are retained for up to 30 days for debugging and security, then rotated out.
Who we share it with
To deliver the service we use a small set of third parties:
- Google Gemini API (Google LLC) — to read your video, we send its frames and audio to Gemini. We use the paid Gemini API, and per Google's API terms paid-tier content is not used to train Google's models and is retained only briefly for abuse/safety. There's no per-request switch for this — it's a property of the paid tier, which we're on. Being straight with you: once your video reaches Google, it's handled under Google's terms, which we link but don't control. If that matters to you, read them before uploading.
-
Deepgram (Deepgram, Inc.) — we send your video's audio to
Deepgram to transcribe what you said, which drives the report. Deepgram's
default would let them use audio to improve their models, so we explicitly
opt out (their
mip_opt_outflag) on every request — your audio isn't used for their training and is kept only long enough to transcribe. - Google Sign-In — login is handled via Google OAuth (through Auth0). We receive your email and name; we never see your Google password.
- Stripe (Stripe, Inc.) — handles all card payments. Your card details go straight to Stripe and never touch our servers.
- Cloudflare R2 + Cloudflare (Cloudflare, Inc.) — your upload transits Cloudflare's edge during upload, then is pulled to our server and the staging copy is deleted. Cloudflare also provides our DNS/CDN and sees request metadata (IPs, paths, headers) per their privacy policy.
- Hetzner Online GmbH — our hosting provider. The box your video briefly lives on is in their German data center.
We do not share your data with advertisers, data brokers, analytics providers, or anyone else. We don't run any tracking pixels or third-party analytics.
Cookies and tracking
We don't use tracking cookies, marketing cookies, or third-party analytics. The site doesn't need to set any cookies to function. If your browser shows a Cloudflare anti-bot cookie, that's a CDN-level thing not under our control.
Your rights
Your video and report delete themselves (6h after you download, or 6 days after upload), so access/deletion of those is largely automatic. The one thing that persists is your email plus the three numbers above. If you want that gone too — a full erasure — email [email protected] from the address in question and we'll wipe it within 72 hours. (Heads up: erasing your email also resets your free-trial eligibility, which is the honest trade.) Want a specific job deleted early — before it expires on its own? Send the job ID and we'll handle it.
Security
Uploads go over HTTPS. The server is behind Cloudflare with TLS termination and a firewall. The SQLite database lives only on the server, not in any cloud DB. We do not use the data for any purpose other than producing your report.
No system is perfectly secure, and klunk is built by a small team (currently one person). If you discover a security issue, please email [email protected] — we'll respond fast and credit you if you'd like.
Children
klunk is intended for software developers and product teams. It is not designed for, or directed at, children under 16. We don't knowingly accept uploads from children.
International users
klunk's servers are currently located in Germany (Hetzner Falkenstein). By using the service from outside the EU you consent to your data being processed in the EU and (briefly, via Gemini) in Google's processing regions.
Changes to this policy
If we change this policy we'll update the date at the top. For any meaningful change to data handling, we'll also note it on the home page or About page so you actually see it.
Contact
Email [email protected]. We don't have a legal team — you're talking to a real person.