Privacy Policy

We collect information that you provide directly to us when you register for an account, update your profile, use our services, or communicate with us. This may include: • Account Information: Your name, email address, company name, job title, and password. • Billing Information: Credit card details, billing address, and transaction history. (Note: Cloverly uses PCI-compliant payment processors; we do not store full credit card numbers on our servers.) • Usage Data: Information about how you interact with the Service, including log data, device information, IP address, browser type, and pages visited. • Customer Data: Any leads, contacts, deals, notes, emails, or other business data you choose to store within the CRM. This data is owned by you and processed on your behalf. We may also receive information about you from third-party integrations you connect to Cloverly (e.g., email providers, calendar services), but only to the extent authorized by you.

Protecting your data is fundamental to how we built Cloverly. We implement a comprehensive security program that includes: • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256. • Access Controls: Role-based access controls ensure users can only access data they are authorized to view. Multi-factor authentication (MFA) is available and encouraged for all accounts. • Regular Audits: We conduct quarterly security audits, annual penetration testing by third-party security firms, and continuous vulnerability scanning. • Infrastructure: Our infrastructure is hosted in SOC 2 Type II certified data centers with redundant power, networking, and physical security. • Incident Response: We maintain a documented incident response plan and will notify affected users within 72 hours of discovering any unauthorized access to personal data. While we take every reasonable precaution, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We use the information we collect to: • Provide, maintain, and improve the Service, including troubleshooting, data analytics, and research. • Process transactions and send related information, such as confirmations and invoices. • Send you technical notices, updates, security alerts, and administrative messages. • Respond to your comments, questions, and customer service requests. • Personalize your experience and deliver content relevant to your interests. • Monitor and analyze trends, usage, and activities in connection with the Service. • Detect, investigate, and prevent fraudulent transactions, security breaches, and other illegal activities. We will never sell your personal information to third parties for marketing purposes. We do not use your Customer Data to train AI models or for any purpose other than providing the Service to you.

We do not share your personal information or Customer Data with third parties except in the following limited circumstances: • Service Providers: We may share information with trusted third-party vendors who perform services on our behalf, such as cloud hosting providers, payment processors, and email delivery services. These vendors are bound by confidentiality obligations and are prohibited from using your data for any purpose other than providing services to Cloverly. • Legal Compliance: We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your information. • With Your Consent: We may share information with third parties when you give us explicit consent to do so. We do not share, sell, rent, or trade Customer Data with third parties for their promotional purposes.

Cloverly and our third-party partners use cookies, pixels, and similar tracking technologies to recognize you when you visit our website and use the Service. We use these technologies to: • Keep you signed in and remember your preferences. • Understand how you interact with our website and Service. • Improve our products and measure the effectiveness of our communications. • Deliver relevant content and advertising (only on our marketing website, never inside the CRM application). You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. For more details, see our Cookie Preferences panel accessible from the footer of our marketing website.

Depending on your location, you may have certain rights regarding your personal information: • Access: You can request a copy of the personal data we hold about you. • Correction: You can update or correct inaccurate information through your account settings or by contacting us. • Deletion: You can request deletion of your personal data and Customer Data, subject to certain legal exceptions. • Portability: You can request an export of your data in a structured, machine-readable format. • Objection: You can object to certain processing of your personal data, such as direct marketing. • Withdraw Consent: Where we rely on your consent to process data, you can withdraw that consent at any time. To exercise any of these rights, please contact us at privacy@cloverly.app. We will respond to all legitimate requests within 30 days. We may need to verify your identity before processing your request.

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you cancel your subscription, we will retain your data for 90 days in case you wish to reactivate your account. After 90 days, your data is permanently deleted from our production systems. If you explicitly request deletion of your account and all associated data, we will process the deletion within 30 days, except where we are legally obligated to retain certain records (e.g., for tax or audit purposes). Backups are retained for disaster recovery purposes for up to 12 months. When your data is deleted from production, it will also be removed from active backup sets within the next backup cycle.