Privacy Policy

1. Overview

This Privacy Policy explains how ShortcutStudio collects, uses, and shares information when you use our website and editor (the "Service").

The Service is hosted on Cloudflare and uses Clerk for authentication. Payments are handled via Clerk Billing and Stripe.

2. Information We Collect

We collect information in three main ways: (a) information you provide, (b) information collected automatically, and (c) information from service providers.

A. Information you provide

• Support communications: messages you send to contact@shortcutstudio.app.
• User Content: project content you create or upload in the editor.

B. Account data (via Clerk)

Authentication is handled by Clerk. We receive a Clerk user ID and may access profile fields such as name, username, and profile image to display in the UI.

C. Project and marketplace data (stored in Cloudflare D1)

• Project data: project name, color, icon, summary, chat history, shortcut JSON, and a cached signed shortcut file (BLOB).
• Marketplace metadata: likes, downloads, remixes count, creator name, creator profile image, and whether a project is public or private.
• Rate limit and usage data: daily counters by user and category to enforce plan limits.

D. Automatically collected data

• Usage and device data: events and interactions with the Service, and basic device and browser information.
• Log data: IP address and infrastructure logs collected by Cloudflare as part of hosting and security operations.

E. Chat history handling

Chat history is normalized and trimmed (currently up to the last 80 messages, with content length limits) to keep context relevant and manageable.

3. AI Processing

When you use AI features, we send relevant prompt and context data to OpenRouter to generate output.

• Default model: openai/gpt-oss-120b (OSS-120B)
• Providers (in order): DeepInfra, Novita, GMICloud, NCompass
• We disable OpenRouter fallbacks, so if none of these providers are available the request may fail.

We do not allow providers to train on your data to our knowledge, but providers may apply their own policies. If you have concerns, you should review OpenRouter and provider policies.

4. Shortcut Conversion and Signing

To deliver a signed shortcut, your program is converted to a plist and sent to our signing service. The signed file may be stored in Cloudflare D1 as a cached file for faster downloads.

5. Analytics

We use:

• Google Analytics (gtag)
• Cloudflare analytics and logging

These systems may collect IP address, device information, and usage events to help us understand usage and improve the Service.

6. Payment Information

Payments are processed by Stripe through Clerk Billing. We do not store full payment card details on our servers. Billing status and plan features are handled by Clerk.

7. How We Use Information

• Provide, maintain, and improve the Service.
• Generate, convert, and sign shortcuts.
• Operate the marketplace and display public projects.
• Enforce rate limits and plan features.
• Prevent abuse, detect fraud, and secure the platform.
• Communicate with you, including responding to support requests.

8. Sharing and Disclosure

We share data only as needed to provide the Service, including with:

• Clerk: authentication and billing.
• Stripe: payment processing via Clerk.
• OpenRouter: AI inference requests.
• Cloudflare: hosting, database, and infrastructure logs.
• Google Analytics: site analytics.

We may also disclose information if we believe disclosure is reasonably necessary to comply with law, enforce our Terms, protect our users, or prevent fraud or security issues.

9. Public Projects

If you publish a project, metadata such as name, summary, icon, creator name, creator profile image, and marketplace counts are public. The shortcut itself may be downloadable by other users depending on how the marketplace feature works at the time of publishing.

10. Data Retention

We retain your project data while your account is active or until you delete the project.

When Clerk notifies us that a user account has been deleted, we delete associated projects, likes, and download records from our database. Some information may persist for a limited time in backups, logs, or for legal and security purposes.

11. Security

We use reasonable technical measures designed to protect data. No system can guarantee absolute security, and you use the Service at your own risk.

12. Cookies and Local Storage

Clerk and our UI use cookies and local storage for authentication, security, theme preferences, and user experience settings. You can control cookies through your browser settings, but some parts of the Service may not function properly if you disable them.

13. Your Choices and Rights

You can update or delete projects in the editor. You can delete your account through Clerk.

Depending on where you live, you may have additional privacy rights (such as access, deletion, or correction). For privacy requests, contact contact@shortcutstudio.app.

14. Changes to this Policy

We may update this Privacy Policy from time to time. We will post updates and revise the "Last updated" date above.

15. Contact

For questions about privacy, contact contact@shortcutstudio.app.