Privacy Policy

1. Introduction

This is the Privacy Policy of GetHighlights, a product of GetHighlights LLC, with its legal address at 3422 Timbergrove Heights St Houston, TX 77008, United States of America. GetHighlights provides an AI clipping platform, turning videos into shorts. This Privacy Policy explains how we process personal data of individuals who use our services, including our platform, websites (e.g. gethighlights.app), and other product and Services ("Services").

At GetHighlights, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy.

Remember that your use of GetHighlights's Services is at all times subject to our Terms of Services, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Services.

This Policy applies where we offer our Services, products, and platforms to individual users. For purposes of this Privacy Policy and applicable data protection laws, GetHighlights is the Data Controller of your personal data. We determine the purposes and means of processing the information collected through our Services.

GetHighlights complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. GetHighlights has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. GetHighlights has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/. GetHighlights is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. Upon such changes, we will alert you to any such changes by placing a notice on the GetHighlights website, by sending you an email, by sharing a prominent in-app alert and/or by some other means. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

If you are an EU, UK, or Swiss Individual, where we transfer your personal data to third party service providers who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

2. Scope – What Does This Policy Cover?

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. "Personal Data" means any information relating to an identified or identifiable individual, such as an individual's name, address, telephone number, or email address. This Privacy Policy does not cover the practices of companies we don't own or control or people we don't manage.

3. What Information Do We Collect, and for What Purposes?

Special Categories of Personal Data (Art 9 GDPR)

GetHighlights does not request, collect, or intentionally process any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). We ask that you do not upload or share such information through our Services.

Payment Data

Subscription status is synced via RevenueCat. We do not store payment card details — all payments are processed by Apple App Store.

4. How Do We Share Your Data?

We may share your personal data with the following categories of third parties:

• Service Providers: Hosting, analytics, support, and payment processors including RevenueCat and Apple App Store, who process data on our behalf to deliver the Services.
• Analytics Partners: Partners who help us understand how our Services are used and improve performance.
• Business Partners: Partners with whom we collaborate to offer integrated features or co-branded services.
• Parties You Authorize: Third parties you explicitly authorize to receive your data through integrations or sharing features.
• Legal Obligations: When required by law, regulation, legal process, or enforceable governmental request.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction.

5. Third-Party Data Processors

We share data with the following third-party services, each acting as a data processor:

AI Processing Disclosure: When you analyze a video, a low-resolution proxy (720p) is sent to Google Gemini via their Generative AI API. Google processes the video to detect highlight moments. The proxy video is deleted from Google's servers after processing. Your original full-resolution video never leaves your device. This processing is performed as part of delivering the Services you requested.

6. How Long Do We Store Your Information?

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations.

• Profile information: Retained for the lifetime of your account.
• Payment data: Retained as long as needed to manage your purchase or subscription and comply with tax/legal obligations.
• Device/IP data: Retained as long as needed to ensure the effectiveness and security of our systems.

7. How Do We Secure Your Information?

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

• Row-Level Security (RLS) on all database tables — users can only access their own data
• All data is encrypted in transit (TLS) and at rest
• Authentication uses secure, passwordless magic links
• No tracking cookies or third-party advertising scripts
• Per-user storage isolation ensures data separation between accounts

8. Children's Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at mike.tetlow@gethighlights.app so we can take appropriate action to delete such information.

9. Subprocessors and Third-Party Websites

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party services you access through our platform.

We reserve the right to engage new sub-processors to assist in delivering our Services. We ensure that all sub-processors meet high security and privacy standards, and are bound by data processing agreements consistent with this Privacy Policy and applicable law.

10. Additional U.S. State Disclosures and Rights

Under the GDPR and the California Privacy Rights Act (CPRA), as well as other applicable U.S. state privacy laws, you may have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Deletion: Request deletion of your personal data, subject to certain legal exceptions.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Exercising Your Rights

You can exercise these rights directly through the Privacy & Data section in your account settings, or by contacting us at mike.tetlow@gethighlights.app.

Selling and Sharing

We do not sell your personal data. We do not share your personal data for cross-context behavioral advertising purposes.

Do Not Track

Our Services do not currently respond to "Do Not Track" signals from browsers, as no universal standard for such signals has been adopted.

Nevada Residents

Nevada residents may opt out of the sale of covered information as defined under Nevada law. We do not currently sell covered information, but you may submit an opt-out request to mike.tetlow@gethighlights.app.

Appeal Process

If we decline to take action on a request you have submitted, you may appeal our decision by contacting us at mike.tetlow@gethighlights.app with the subject line "Privacy Rights Appeal." We will respond to your appeal within the timeframes required by applicable law.

11. International Data Transfers

Our servers are located in the United States (via Supabase on AWS). If you are accessing our Services from outside the United States, your data will be transferred to, stored, and processed in the United States.

We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework for transfers of personal data from the EEA, UK, and Switzerland to the United States.

Where required, we also rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate safeguards for international data transfers.

If you have questions about international data transfers, please contact us at mike@gethighlights.app.

12. Data Rights of International Users

If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions with applicable data protection laws, you have the following rights:

AI Research and Development Opt-Out

If you wish to opt out of having your data used for AI research and development purposes, you may do so by emailing mike.tetlow@gethighlights.app with the subject line "AI R&D – Opt-Out." We will process your request within 30 days.

Automated Decision Making

GetHighlights does not use automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. Our AI-powered highlight detection is a tool to assist you and does not make decisions that have legal or similarly significant effects on your rights.

13. Additional Jurisdiction-Specific Terms

Age Requirements

• Brazil: Users must be at least 18 years old, or have parental consent if between 16 and 18.
• Egypt and South Africa: Users must be at least 18 years old.
• Indonesia: Users must be at least 21 years old, or have parental consent.
• Mexico: Users must be at least 18 years old.
• South Korea: Users must be at least 14 years old, or have parental consent.
• Vietnam: Users must be at least 16 years old, or have parental consent.

Country-Specific Provisions

• Brazil (LGPD): You have the right to request confirmation of the existence of processing, access, correction, anonymization, portability, deletion, and information about third-party sharing.
• Indonesia: You have the right to request deletion of your personal data. We will respond within 14 business days of your verified request.
• Russia: We process personal data of Russian citizens in accordance with Federal Law No. 152-FZ. Cross-border transfers are conducted in compliance with applicable requirements.
• South Korea (PIPA): You have the right to request access, correction, deletion, and suspension of processing. We will respond within 10 days of your request.
• United Arab Emirates: Personal data processing is carried out in compliance with applicable UAE data protection regulations.

14. Right to Lodge a Complaint (EU, UK and Switzerland)

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, GetHighlights commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States.

EU, UK, and Swiss individuals with inquiries or complaints should first contact GetHighlights at mike@gethighlights.app.

GetHighlights has further committed to refer unresolved DPF-related complaints to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf for additional details.

You also have the right to lodge a complaint with the relevant data protection authority:

• EEA: Your local supervisory authority — find your authority here.
• UK: Information Commissioner's Office (ICO) — ico.org.uk.
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch.

15. Contacting Us

EU GDPR Representative

Email: mike@gethighlights.app

Contact Information

Website: www.gethighlights.app

Email: mike@gethighlights.app

Phone: +1 (720) 593-0365

Address: 3422 Timbergrove Heights St Houston, TX 77008, United States of America