Privacy Policy

Last updated: 30 June 2026

1. Who we are

Lidito ("lidito", "we", "us") operates the web application at lidito.app (the "Service"). The Service helps you turn long-form videos into short clips and schedule them to social platforms. If you have a privacy question, email support@lidito.app.

2. What data we collect

We collect the following categories of data:

  • Account data — email, name, profile image, and an account identifier from your authentication provider.
  • Billing data — payment method tokens, subscription status, and invoice history. We do not store full card numbers.
  • Content you upload — video files, source URLs, transcripts, captions, hashtags, hook text, thumbnails, and any campaign metadata you create.
  • Outputs we generate — clips, edits, exports, and processing job history.
  • Connected-account tokens — OAuth access and refresh tokens for TikTok, X, Instagram, and YouTube accounts that you choose to connect.
  • Usage data — events such as which tools you use, when jobs complete, and aggregate counts, used to operate the Service and improve features.
  • Technical data — IP address, browser user-agent, device type, and timestamps, captured in server access logs.

3. Where your data lives (sub-processors)

Lidito is not local-first. To run the Service we use the following sub-processors, each of whom may process your data under their own privacy terms:

  • Vercel Inc. — frontend hosting and edge caching.
  • Railway Corp. — backend API server, application logs, and the primary database.
  • Cloudflare, Inc. — object storage of uploaded videos and generated outputs (Cloudflare R2).
  • Modal Labs, Inc. — GPU-accelerated processing for specific video tasks. Videos are sent to Modal's ephemeral containers and deleted after processing completes.
  • Clerk Inc. — user authentication, session management, and account-level identifiers.
  • Stripe Inc. — payment processing, subscription management, and billing portal.
  • TikTok, X (Twitter), Meta (Instagram), and YouTube (Google) — when you connect those accounts and instruct us to post on your behalf.

4. How we use your data

  • To operate the Service and process the jobs you request.
  • To upload content to third-party platforms (TikTok, X, Instagram, YouTube) at your explicit instruction.
  • To bill you for paid plans, prevent abuse, and enforce usage limits.
  • To send you transactional emails (account, billing, security).
  • To diagnose errors and improve the product.
  • To comply with legal obligations.

We do not sell your personal data. We do not use your content to train machine-learning models.

5. Connected social accounts

When you connect TikTok, X, Instagram, or YouTube, the Service stores an OAuth access token (and refresh token where the platform supports it) so we can post content on your behalf when you schedule or trigger an upload. Tokens are stored on our backend infrastructure (Railway). You can revoke access from the relevant platform's connected-apps page or by disconnecting the account in our Settings, which deletes the stored token.

6. Retention

  • Uploaded videos and outputs — retained while your account is active, then deleted on a periodic cleanup or when you delete them from history.
  • Account, billing, and history records — retained while your account is active and for up to 12 months after deletion for legal/accounting reasons, then erased or anonymised.
  • Server logs — typically retained 14–30 days by our hosting providers.
  • OAuth tokens — deleted immediately when you disconnect the account.

7. Your rights

Depending on your location (including under the EU/UK GDPR and the California CCPA/CPRA), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights, email support@lidito.app and we'll respond within 30 days. You can also delete your account from Settings, which triggers deletion of your content and personal data subject to the retention periods above.

8. Security

We use HTTPS for all traffic, encrypt data at rest where our sub-processors offer it, and restrict admin access using the principle of least privilege. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you as required by law.

9. International transfers

Our sub-processors operate in the United States and elsewhere. If you use the Service from outside the United States, you understand that your data will be transferred to and processed in the United States, which may have different data-protection laws than your country.

10. Children

The Service is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after a change constitutes acceptance.

12. Contact

Questions, requests, or complaints: support@lidito.app.