X · ClipRanking
EN

Privacy Policy

Last updated: May 4, 2026

Data we do not collect

  • · IP addresses (no raw data is retained)
  • · Personally identifying cookies
  • · Authentication credentials
  • · Device identifiers / advertising IDs
  • · Behavioral tracking cookies

Data we do collect

  • · X account_id (public numeric ID)
  • · tweet_id (public numeric ID)
  • · Download click counts and view counts (aggregate only)
  • · Access logs (rotated every 30 days)
  • · Salted SHA-256 IP hash for download click logs (raw IPs are never stored)
  • · Short-lived IP hash for rate limiting (held in KV for ~60 seconds)
  • · Country code (ISO-3166 alpha-2 / used for country-level ranking aggregation)
  • · Submissions to the contact and takedown forms
  • · Cloudflare Turnstile bot-verification signals
  • · Cloudflare Web Analytics aggregates (page views, Web Vitals, etc.)

About country codes

When the Download button is clicked, we store the country code (e.g. JP / US) resolved by Cloudflare's built-in GeoIP. The granularity is not personally identifying and is used only to generate aggregate values for country-level rankings. Traffic via VPN / Tor / unknown networks is excluded from aggregation.

About the anonymousId

On the live download feed of the /realtime page, each event includes a six-character short identifier as anonymousId. This is the first six hex characters (24 bits) of a salted SHA-256 IP hash; the original IP cannot be recovered, and the value is never used for cross-service tracking or ad targeting. It exists only to provide pseudo-identity within download events during a single salt window (so simultaneous downloads from the same user can be recognized as such). The salt may be rotated by the operator, after which prior hashes can no longer be matched.

Form submissions

Submissions to the contact form (/contact) and takedown form (/takedown) retain the following fields:

  • · Subject / category / body (target tweet URL and reason for takedown requests)
  • · Contact email (optional for contact, required for takedown)
  • · Submitter name (optional)
  • · Salted SHA-256 IP hash at submission time (raw IPs are never stored)
  • · User-Agent at submission time

Use is limited to reviewing and responding to submissions. We do not share with third parties or use the data for advertising. Takedown disposition is also recorded internally for legal purposes (e.g. DMCA).

Bot verification (Cloudflare Turnstile)

Cloudflare Turnstile performs bot / spam verification on form submissions. Turnstile temporarily collects browser behavior signals (mouse movement, render timing, etc.) and a short-lived cookie to assess whether the submission is human, but it does not identify individuals, and only the verification token is delivered to this Service. See Cloudflare's privacy policy for details.

Analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics for site improvement. Cloudflare Web Analytics does not use cookies or client-side identifiers; it collects only aggregate values such as page views, referrers, country, device class, and Core Web Vitals. No personally identifying information is collected, and the metrics are used only to improve the Service. See Cloudflare Web Analytics and Cloudflare's privacy policy for details.

Google Analytics 4 (GA4)

We use GA4 to understand new vs returning visitors and overall site usage. With Google Consent Mode v2, no analytics cookie (_ga) is stored until you accept the consent banner; before consent, only cookieless, anonymous pings are sent. We do not enable Google Signals or ads personalization. GA4 does not store IP addresses (they are used transiently for coarse geolocation, then discarded). You can withdraw consent at any time by clearing cookies in your browser. See Google's privacy policy for details.

Advertising

To support operating costs, the Service may display ads via external networks (Adsterra, PropellerAds, etc.). Those networks may set cookies or similar technologies in your browser, but the Service itself does not collect or track advertising identifiers.

Data retention

  • · Aggregate data (rankings / view counts / country aggregates): indefinite
  • · Raw event logs (downloads / views): rotated every 30 days (deleted)
  • · Contact form submissions: deleted one year after the case closes
  • · Takedown form submissions: retained for five years for legal records (e.g. DMCA counter-notice)
  • · Click-log IP hash: rotated together with raw event logs (every 30 days)
  • · Rate-limit IP hash: discarded once the KV TTL expires (around one to a few minutes)

Third-party disclosure

We do not provide collected information to third parties. If a disclosure is required by law, we will respond to the minimum extent necessary.

GDPR / CCPA

The Service is designed around the principle of data minimization (no retention of personal data) and naturally complies with GDPR and CCPA requirements. To request deletion of personal information you provided through a form, please use the contact form.

Contact

Please reach us via the contact form.