Privacy Policy
Effective Date: June 8, 2026
Last Updated: June 10, 2026
Contact: privacy@clovitek.com · CloviTek LLC, 3731 S Broughtyferry Cv., Salt Lake City, UT 84106, USA
Preamble
This Privacy Policy ("Policy") is issued by CloviTek LLC (operating the CloviTek platform; "CloviTek," "we," "us," or "our"), with its principal place of business at 3731 S Broughtyferry Cv., Salt Lake City, UT 84106, USA.
CloviTek is a multi-tenant SaaS platform that provisions and operates branded business-software workspaces for our customers ("tenant companies"), together with an AI engine that powers content, marketing, outreach, media, support and automation features. This Policy explains how we collect, use, share, and protect personal information when you use the CloviTek platform (including platform.clovitek.com, dash.clovitek.com, and the tenant workspaces and AI features we provide), in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act/CPRA (CCPA), and other applicable data protection laws.
Controller vs. processor. For the personal data of our direct account holders and platform administrators, CloviTek acts as a data controller. For data that a tenant company uploads, imports, or directs us to process on its behalf — including its own customers', staff's, leads' and prospects' personal data — CloviTek acts as a data processor / service provider, and the tenant company is the controller. Where we act as a processor, our processing is governed by our Terms & Conditions and any applicable Data Processing Addendum (DPA).
We may update this Policy from time to time. We will notify you of material changes via email and/or an in-app notice and by updating the "Last Updated" date above.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable individual.
- Processing: Any operation performed on Personal Data (collection, use, storage, sharing, deletion, etc.).
- Tenant Company: A customer organization for which CloviTek provisions and operates a branded workspace.
- End User: An individual (e.g., a tenant company's staff or client) who accesses a tenant workspace.
- Prospect/Lead Data: Third-party personal data that a tenant directs us to enrich, process, or contact on its behalf via our outreach and enrichment features.
- AI Engine: CloviTek's internal generation and automation service that routes content to third-party AI providers.
- Sub-processor: A third party engaged by CloviTek to process Personal Data in connection with delivering the Services (see §7).
- Services: The CloviTek SaaS platform, tenant workspaces, AI features, and related tools.
2. Information We Collect
We collect the following categories of personal data, depending on your role and interactions with the platform.
| Category | Examples | Purpose | Lawful Basis |
|---|---|---|---|
| Contact & Identity Information | Name, email, phone, address, city | Account creation, communication, support | Contract, Legitimate Interests, Consent |
| Account & Profile Data | Username, password (hashed), avatar, company, user ID, locale, preferred currency | Account management, security, personalization | Contract, Legitimate Interests |
| Tenant / Company Data | Company name, address, city, state, country, ZIP, phone, email, registration number | Workspace provisioning, branding, billing | Contract, Legal Obligation |
| Billing & Payment Data | Billing details, plan/subscription, transaction and order history, coupon usage (card data is handled by our payment processors, not stored by us) | Payments, invoicing, refunds, compliance | Contract, Legal Obligation |
| Usage, Session & Operational Data | Login activity, IP, device/browser info, session records (database-backed, 120-minute lifetime), per-API-call metering records (agent name, tenant ID, status) | Security, troubleshooting, service metering, abuse prevention | Legitimate Interests |
| Uploaded & Generated Content | Files, documents, prompts, business/customer data, and AI-generated outputs (text, images, audio, video) | Service delivery, storage, AI features | Contract, Legitimate Interests, Consent |
| Prospect & Lead Data (processed for tenants) | Names, business emails, direct-dial phone numbers, company and enrichment attributes | Enrichment, outreach and lead-generation performed on behalf of a tenant | Processed on tenant's instructions; tenant is controller (Contract / tenant's Legitimate Interests) |
| Support & Communications | Support tickets, chat/email transcripts, feedback | Support, quality assurance, dispute resolution | Contract, Legitimate Interests |
| Cookies & Functional Tracking | Session cookie, CSRF token, SSO token, cookie-consent preferences | Site functionality, authentication, security | Consent (non-essential), Legitimate Interests (essential) |
| Legal & Compliance Data | Consent records, data subject requests, audit/metering logs | Compliance, legal defense, audits | Legal Obligation, Legitimate Interests |
We do not intentionally collect special-category data, and we do not knowingly collect data from children (see §10).
3. How We Use Your Information
We process your data to:
- Provision, brand, and operate tenant workspaces and single sign-on (SSO);
- Deliver and improve our AI-powered features;
- Process payments, subscriptions, coupons, and (where applicable) bank transfers;
- Communicate with you about updates, support, and account matters;
- Provide security, metering, troubleshooting, and abuse prevention;
- Send marketing communications (with your consent, where required);
- Perform enrichment and outreach on a tenant's behalf and instructions; and
- Comply with legal obligations and respond to regulatory requests.
We rely on contract performance, legitimate interests, legal obligations, and consent (where required) as our lawful bases.
4. AI Processing of Your Content (Disclosure)
CloviTek's AI Engine sends prompts, uploaded content, and tenant/end-user content to third-party AI and large-language-model ("LLM") providers to generate outputs. You should not submit sensitive personal data, regulated data, or confidential information you do not have the right to process through these AI features. AI features include content/SEO generation, social posts, cold-email and SMS copy, video/course/slide pipelines, chatbot retrieval (RAG), website/style design, and code/security/visual quality checks.
The categories of AI/LLM and voice providers we use are listed as sub-processors in §7. AI-generated outputs may be inaccurate or incomplete and must be independently verified before reliance (see our Disclaimer). Output ownership and "no-training" assurances vary by provider and are governed by each provider's terms; CloviTek configures providers to support business use but does not warrant any provider's training practices.
AI voice/narration. Where you use text-to-speech features, synthetic-voice outputs are generated from text you provide. You are responsible for ensuring you hold the rights to any voice, likeness, or script used.
5. Cookies and Tracking
The CloviTek tenant application currently sets essential / functional cookies only — a session cookie, a CSRF token, and a short-lived HMAC SSO token — and stores your cookie-consent preference. We do not currently load third-party analytics or advertising cookies in the tenant application. See our Cookie Policy for full details. If analytics or marketing technologies are added in the future, this Policy and the Cookie Policy will be updated and, where required, consent obtained.
6. International Data Transfers
Your data may be transferred to and processed in countries outside your home jurisdiction, including the United States, by us and our sub-processors. Data residency for tenant storage corresponds to the configured cloud storage region. Where required, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, and supplementary technical and organizational measures (encryption, access controls) to protect transferred data.
7. Sub-Processors and Third Parties We Share Data With
We share personal data with trusted third-party sub-processors to deliver the Services, under contractual and security safeguards. We do not sell personal data. Sub-processors are engaged only for specified purposes and are required to apply appropriate security measures.
We work with sub-processors in the following categories:
| Category | Data Shared | Purpose |
|---|---|---|
| AI / LLM Generation | Prompts, uploaded/generated content, usage metadata | AI text generation, vision QC, research, model routing, image generation |
| AI Voice / Text-to-Speech | Text scripts, voice settings | Synthetic-voice generation |
| Email / Messaging | Email address, name, phone, message content | Transactional email, outreach email, SMS |
| Lead Enrichment & Outreach | Names, business emails, phone numbers, company attributes | Lead enrichment and outreach on tenant instructions |
| Payments — Stripe, Inc. | Billing details, transaction records, payment token (card data is captured and tokenized by Stripe; full card numbers are not stored by CloviTek) | Card capture and payment processing |
| Subscription Billing — Chargebee, Inc. | Billing contact, subscription/plan, invoice and transaction records, payment token | Subscription billing, invoicing, dunning |
| Lifetime-Deal Sales — AppSumo | License code, buyer contact, order record (card data handled by AppSumo as merchant of record) | Lifetime-deal storefront and reseller |
| Social / Content / Link Tools | Content, scheduled posts, URLs | Social scheduling, link shortening, SEO content |
| Media / Video / Stock Assets | Media assets, video files | Video hosting/encoding, stock imagery |
| Infrastructure / Storage / CDN / Automation | All categories as needed for hosting, storage, and automation | Cloud hosting, object storage, CDN/WAF, workflow automation, data residency |
| Monitoring / Error Tracking | Diagnostic/error data, limited identifiers | Reliability, error tracking, uptime monitoring |
| Authentication / Identity (OAuth) | OAuth tokens, profile identifiers | Sign-in and integration authorization |
Payment-card data. Payment cards are captured and tokenized by our PCI-DSS-certified payment providers — Stripe (card processing) and, for subscription billing, Chargebee (which orchestrates billing on top of the card processor). CloviTek does not receive, process, or store full payment card numbers on its own systems; we retain only non-sensitive billing records (such as transaction identifiers, amounts, plan, and card brand or last four digits where provided). We rely on these providers' own PCI-DSS compliance for card handling. CloviTek itself does not represent that it holds PCI-DSS or SOC certification; those certifications are maintained by our payment providers for the services they operate.
A full list of current sub-processors by name is available on request at privacy@clovitek.com. We will provide 30 days' advance notice of material additions or changes to sub-processors that affect your data, giving you the opportunity to object.
8. Data Security
We use a layered security program, including: encryption in transit (TLS) and at rest where supported; role-based access controls and gated, key-authenticated AI calls; DRY-by-default AI execution (no real side effects without explicit live authorization); per-call metering and audit logs; secrets held in a secured vault (never exposed in outputs); and continuous monitoring with error tracking. No system is perfectly secure; we cannot guarantee absolute security.
9. Data Retention and Deletion
We retain personal data only as long as necessary for the purposes described or as required by law. Tenant content is retained for the life of the tenant relationship and deleted or anonymized on verified request or account closure, subject to legal-hold and backup-rotation periods. Metering and audit logs are retained for security and accounting. For data held by sub-processors, we coordinate deletion and seek confirmation where feasible.
10. Children's Privacy
The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children under 13 (or the applicable age in your jurisdiction). If we learn we have collected such data without required consent, we will delete it.
11. Your Rights
Subject to applicable law (GDPR, CCPA/CPRA, and others), you have the rights to access, correct, delete, restrict, object, port your data, opt out of "sale"/"sharing" (we do not sell data), withdraw consent, and not be discriminated against for exercising your rights. Where CloviTek processes data as a processor on a tenant's behalf, please direct your request to the relevant tenant company (controller); we will assist them in responding. To exercise rights as a CloviTek account holder, email privacy@clovitek.com. We will verify your identity and respond within the legally required timeframe.
12. Changes to This Policy
We may update this Policy. For material changes we will provide reasonable advance notice by email and/or in-app notice and update the "Last Updated" date. Continued use after the effective date constitutes acceptance.
13. Contact Us
- Email: privacy@clovitek.com
- Mail:
CloviTek LLC,3731 S Broughtyferry Cv., Salt Lake City, UT 84106, USA
This document is provided for informational purposes and does not constitute legal advice. High-stakes provisions (DPA, sub-processor terms, international transfers, and AI voice/likeness) should be reviewed by qualified counsel before publication. — CloviTek Legal
