Privacy Policy

Introduction

Claiv ("we," "us," or "our") operates claiv.io (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered business advisory services.

By using Claiv, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Platform.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Full name
• Email address
• Password (encrypted and hashed)
• Company or business name
• Industry and sector
• Business stage (startup, growth, established)
• Job title or role

Business Context Information:

• Business goals and objectives
• Company size and organizational structure
• Current business challenges and priorities
• Market and competitive landscape details
• Financial constraints and business targets
• Strategic questions and decisions

Conversation Data:

• Questions asked to AI agents
• Business problems and strategic contexts shared
• Follow-up queries and clarifications
• Feedback and preferences

Payment Information:

• Billing name and address
• Payment method details (processed securely by Stripe)
• Transaction history
• Subscription plan details

Communications:

• Support inquiries and correspondence
• Feedback and feature requests
• Email communication preferences

Usage Preferences:

• Preferred conversation modes
• Agent selection preferences
• Notification settings
• Workspace configurations

1.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on the Platform
• Advisory token consumption
• Agent interaction patterns
• Browser type and version
• Device information
• Operating system
• IP address
• Referring website addresses

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See our Cookie Policy for detailed information.

2. How We Use Your Information

2.1 To Provide and Improve Our Services (Legal Basis: Performance of Contract)

• Deliver AI-powered business advisory services
• Personalize agent responses based on your business context
• Process and manage your subscription
• Enable coordination between specialist AI agents
• Maintain persistent business memory across conversations
• Process payments and send transaction confirmations
• Provide customer support and respond to inquiries

2.2 For Legitimate Business Interests (Legal Basis: Legitimate Interest)

• Analyze usage patterns to improve our Platform
• Conduct research and development for new features
• Detect, prevent, and address fraud and security issues
• Monitor and analyze Platform performance
• Debug and fix technical issues
• Ensure Platform stability and security
• Improve AI agent accuracy and coordination

2.3 With Your Consent (Legal Basis: Consent)

• Send marketing and promotional communications
• Display personalized content and recommendations
• Use analytics cookies and similar technologies for non-essential tracking

2.4 To Comply with Legal Obligations (Legal Basis: Legal Obligation)

• Comply with applicable laws and regulations
• Respond to legal requests and prevent harm
• Enforce our Terms of Service
• Protect our rights and property

3. How We Share Your Information

3.1 Third-Party Service Providers

We share your information with trusted third-party service providers who process data on our behalf:

AI Services:

• Anthropic - Provides Claude AI models that power our specialist agents and process conversation data. Anthropic Privacy Policy

Authentication:

• Clerk - Manages user authentication, account security, and session management. Clerk Privacy Policy

Payment Processing:

• Stripe - Processes subscription payments and manages billing information. Stripe is PCI-DSS compliant. Stripe Privacy Policy

Database and Hosting:

• Neon - Provides PostgreSQL database hosting for storing account and conversation data. Neon Privacy Policy
• Replit - Hosts our application infrastructure. Replit Privacy Policy

Analytics:

• Google Analytics - Tracks Platform usage and performance metrics using cookies. Google Privacy Policy

Marketing and Advertising:

• Meta (Facebook/Instagram) - For social media advertising and analytics. Meta Privacy Policy
• TikTok - For social media advertising and analytics. TikTok Privacy Policy
• LinkedIn - For social media advertising and analytics. LinkedIn Privacy Policy
• Twitter/X - For social media advertising and analytics. X Privacy Policy

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. We have data processing agreements in place with all processors handling EU/UK personal data.

3.2 Business Transfers

In connection with any merger, sale of company assets, financing, acquisition, or similar transaction, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our Platform of any such change in ownership or control of your personal information.

3.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government or regulatory requests
• Protection of our rights, privacy, safety, or property
• Prevention of fraud or illegal activities
• Enforcement of our Terms of Service

3.4 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, and Platform improvement purposes.

4. International Data Transfers

Claiv is based in the United Kingdom. However, some of our service providers (including Anthropic, Stripe, Google, and Replit) are based in the United States and other countries outside the UK and European Economic Area (EEA).

When we transfer your personal information internationally, we ensure appropriate safeguards are in place:

For transfers to the United States:

• Standard Contractual Clauses (SCCs) - We use European Commission-approved SCCs with our US service providers
• EU-U.S. Data Privacy Framework - Some providers (including Google) are certified under the Data Privacy Framework
• Contractual protections - All providers must maintain equivalent data protection standards

Your Rights: These transfers do not affect your data protection rights under UK GDPR or EU GDPR.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Technical Measures:

• Encryption in transit (TLS/SSL)
• Encryption at rest for databases
• Secure password hashing (bcrypt/Argon2)
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Secure API authentication and authorization

Organizational Measures:

• Access controls and role-based permissions
• Employee confidentiality agreements
• Regular security training
• Incident response procedures
• Data minimization practices

Note: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

Active Accounts:

We retain your personal information for as long as your account is active and as needed to provide our services.

Account Deletion:

• When you delete your account, we delete your personal information within 30 days unless we're required to retain it for legal, regulatory, or legitimate business purposes.
• Conversation data is permanently deleted within 30 days of account deletion.
• Billing records may be retained for up to 7 years for tax and accounting purposes as required by law.

Backup Systems:

Deleted data may persist in backup systems for up to 90 days before being permanently purged.

Aggregated Data:

We may retain aggregated or anonymized data indefinitely for analytics and research purposes.

7. Your Privacy Rights

Your rights vary depending on your location. We respect and facilitate the exercise of all applicable rights.

7.1 Rights for UK and EU Users (GDPR)

You have the right to:

• Right to Access: Obtain confirmation of whether we process your personal data and request a copy of your data.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data when no longer necessary, you withdraw consent, you object to processing, or data was unlawfully processed.
• Right to Restriction of Processing: Request limitation of processing when you contest data accuracy, processing is unlawful, or you've objected to processing.
• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where consent is the legal basis.
• Right to Lodge a Complaint: File a complaint with your local data protection authority (UK: ICO).

7.2 Rights for California Users (CCPA/CPRA)

California residents have the right to:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected.
• Right to Delete: Request deletion of personal information (subject to certain exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information. Note: We do not sell or share your personal information.
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment.

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: support@claiv.io
• Subject Line: "Privacy Rights Request"

We will respond to your request within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Platform. For detailed information about our use of cookies, please see our Cookie Policy.

Types of Cookies We Use:

• Strictly Necessary Cookies: Essential for Platform functionality
• Analytics Cookies: Help us understand how you use the Platform (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Advertising Cookies: Deliver relevant advertisements (with your consent)

Your Choices:

• You can control cookies through our cookie consent banner
• You can manage cookie preferences in your browser settings
• You can opt-out of Google Analytics using the Google Analytics Opt-out Browser Add-on

9. Children's Privacy

Claiv is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@claiv.io. We will delete such information from our systems within 30 days.

10. AI-Specific Privacy Considerations

10.1 AI Processing of Your Data

Your conversations and business information are processed by AI models provided by Anthropic (Claude). This processing occurs to:

• Generate personalized business advice
• Coordinate multiple specialist agents
• Maintain business context across conversations
• Improve response relevance and accuracy

Important: AI models may occasionally generate inaccurate, incomplete, or inappropriate responses. Always verify AI-generated advice before making business decisions.

10.2 AI Training and Model Improvement

Your Data and AI Training:

• We do not use your conversations to train Anthropic's AI models unless you explicitly opt-in.
• Anthropic's data processing is governed by their Data Processing Agreement and commercial terms.
• We may use aggregated, anonymized conversation patterns to improve our agent coordination technology.

10.3 Human Review

We may review a limited sample of conversations for:

• Quality assurance and Platform improvement
• Customer support resolution
• Safety and abuse prevention
• Debugging technical issues

When human review occurs, we minimize access to personal information and maintain strict confidentiality.

11. Third-Party Links and Services

Our Platform may contain links to third-party websites, services, or resources not operated by Claiv. We are not responsible for the privacy practices of these third parties.

Recommendation: Review the privacy policies of any third-party services before providing your personal information.

12. Marketing Communications

12.1 Types of Communications

With your consent, we may send you:

• Product updates and new feature announcements
• Tips for using Claiv effectively
• Industry insights and business advice content
• Special offers and promotions
• Newsletters and blog updates

12.2 Opting Out

You can opt-out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at support@claiv.io

Note: You cannot opt-out of transactional or service-related emails (account notifications, billing confirmations, security alerts, etc.).

13. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature. Currently, there is no industry standard for how to respond to DNT signals. We do not currently respond to DNT browser signals.

We do, however, honor opt-out preferences set through our cookie consent banner and respect Global Privacy Control (GPC) signals where legally required.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our practices
• Legal, regulatory, or operational requirements
• New features or services

Notification of Changes:

• Material Changes: We will notify you via email or prominent notice on the Platform at least 30 days before changes take effect.
• Non-Material Changes: We will update the "Last Updated" date at the top of this policy.

Your Rights: Continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may delete your account.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Email: support@claiv.io
• Subject Line: "Privacy Inquiry"

Data Protection Inquiries: For specific data protection questions, please use the subject line "Data Protection Request."

Response Time: We aim to respond to all privacy inquiries within 5 business days.

16. Supervisory Authority Contact Information

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

United Kingdom:

• Organization: Information Commissioner's Office (ICO)
• Website: https://ico.org.uk/
• Phone: 0303 123 1113

European Union:

Find your local supervisory authority: https://edpb.europa.eu/about-edpb/board/members_en

California (USA):

• Organization: California Attorney General's Office
• Website: https://oag.ca.gov/privacy