Back to home

Privacy Policy

Last updated: March 31, 2026

1. Data Controller

Cluently is a product of AVEC TROIS E, SAS with a share capital of 100 EUR, registered under SIREN 914 595 657, RCS Nanterre, headquartered at 14 Avenue Bernard Palissy, 92210 Saint-Cloud, France, represented by Alexandre Obli, President. For any question related to your personal data, contact us at [email protected].

2. Data We Collect

  • Account data : email address, name, profile picture (via Better Auth authentication).
  • Usage data : pages visited, features used, timestamps (via PostHog, EU cloud instance). Only collected with your consent.
  • Project data : leads, signals, workflows, conversations, and content you create within the platform.
  • Payment data : processed by Stripe. We never store card numbers.
  • LinkedIn data : connection and messaging data you explicitly authorize through Unipile integration.

3. Legal Basis (GDPR Art. 6)

  • Contract performance : providing the service you signed up for.
  • Legitimate interest : improving the product, preventing fraud.
  • Consent : marketing emails, analytics cookies.

4. Data Processing and Sub-processors

We use the following third-party services to operate the platform:

  • Better Auth (authentication) - self-hosted
  • Stripe (payments) - US, EU SCCs in place
  • Railway (hosting) - EU region
  • Anthropic (AI processing) - US, EU SCCs in place
  • OpenAI (AI processing) - US, EU SCCs in place
  • Unipile (LinkedIn integration) - France
  • Dropcontact (email enrichment) - France, GDPR-compliant
  • Resend (email delivery) - US, EU SCCs in place
  • PostHog (analytics, with consent) - EU instance
  • Cloudflare (CDN, DNS, data) - US, EU SCCs in place

5. Data Retention

We retain your account and project data for as long as your account is active. When you delete your account, all associated data is permanently removed within 30 days. Payment records are kept for 10 years as required by French tax law (Article L123-22 of the Commercial Code). Analytics data is anonymized after 24 months.

6. Your Rights (GDPR Art. 15-22)

As an EU resident, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (right to be forgotten)
  • Restrict processing
  • Data portability (export your data in JSON format)
  • Object to processing
  • Lodge a complaint with the CNIL (French Data Protection Authority)

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Data Transfers

Some of our sub-processors are located outside the EU. For each transfer, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Security

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.3), access control, regular dependency audits, and penetration testing.

9. Cookies

We use strictly necessary cookies for authentication (session cookie) and language preference. Analytics cookies (PostHog, EU instance) are only activated after you give explicit consent via our cookie banner. We do not use advertising cookies or trackers. You can withdraw your consent at any time by clearing your browser cookies.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

  • Right to know what personal information we collect, use, and disclose.
  • Right to delete your personal information.
  • Right to opt-out of the sale of personal information. We do not sell your personal data.
  • Right to non-discrimination for exercising your privacy rights.

To exercise your CCPA rights, email [email protected]. We will verify your identity and respond within 45 days.

11. Chrome Extension

The Cluently LinkedIn Connector Chrome extension reads your LinkedIn session cookies (li_at, li_a) to securely sync your LinkedIn connection with the Cluently platform. This allows the platform to send messages on your behalf through your own LinkedIn account.

  • What we access : LinkedIn session cookies (li_at, li_a), your browser's user-agent string, and your public IP address.
  • How it's stored : LinkedIn cookies are encrypted at rest using AES-256-GCM before being stored in our database. They are decrypted only when performing authorized LinkedIn actions.
  • What we don't do : we never modify or delete your LinkedIn cookies, scrape LinkedIn page content, or share your session data with third parties.
  • How to revoke : click 'Disconnect' in the extension popup or uninstall the extension. Your encrypted cookies are deleted from our servers within 24 hours.

12. Open Data Attribution

Parts of the Service use data from the French SIRENE registry and other datasets published on data.gouv.fr under the Licence Ouverte / Open Licence (Etalab). These datasets remain the property of their respective publishers.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect.