1. Introduction
ClientOS ("we", "us", "our") is operated by [Company Name]. We are committed to protecting the privacy of our users ("you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
ClientOS acts as a data processor on behalf of agencies (data controllers) who use our platform to manage their client relationships. This policy covers both agency users and their end clients.
2. Data We Collect
Account Data: Name, email address, organization name, and role when you create an account.
Usage Data: Pages visited, features used, browser type, IP address, timestamps. Collected for product improvement and security.
Client Data: Data entered by agencies about their clients, including names, project details, deliverables, invoices, and reports. This data is owned by the agency.
Payment Data: Processed by Stripe. We do not store credit card numbers. We store Stripe customer/subscription IDs for service delivery.
AI Processing Data: When generating reports, we send anonymized project metrics to the Anthropic API. No personally identifiable information (PII) is sent to AI providers.
3. How We Use Your Data
We use your data to: provide and maintain the service, process payments, send transactional emails (invoices, notifications), improve the platform, ensure security, and comply with legal obligations.
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.
4. Data Storage & Security
Data is stored in the EU/EEA region using Supabase (hosted on AWS eu-central-1). All data is encrypted at rest (AES-256) and in transit (TLS 1.3). OAuth tokens for third-party integrations are encrypted with AES-256-GCM.
Access to production data is restricted to essential personnel with multi-factor authentication.
5. Third-Party Services
We use the following sub-processors: Supabase (database, auth, storage) — EU region. Vercel (hosting, CDN) — global edge network. Stripe (payments) — PCI DSS Level 1 compliant. Anthropic (AI report generation) — receives anonymized data only. Resend/Postmark (transactional email).
6. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to: access your data, rectify inaccurate data, erase your data ("right to be forgotten"), restrict processing, data portability (export), object to processing, and withdraw consent.
To exercise these rights, use the settings in your account dashboard or contact us at privacy@clientos.app.
Data Export: Available in Settings. We deliver a ZIP file containing your data in JSON and CSV format within 24 hours.
Data Deletion: Available in Settings. Deletion is scheduled with a 30-day grace period. After this period, all personal data is permanently deleted or anonymized. Financial records are retained for 7 years per legal requirements.
7. Data Retention
Active account data is retained while the account is active. Deleted accounts are anonymized after the 30-day grace period. Invoice and financial data is retained for 7 years. Audit logs are retained for 12 months. Backups are retained for 30 days.
8. Cookies
We use essential cookies for authentication and session management. We use functional cookies for preferences. We use analytical cookies (if consented) for understanding usage patterns. No advertising cookies are used. See our Cookie Policy for details.
9. Contact
For privacy inquiries, contact us at: privacy@clientos.app
[Company Name], [Address], [Country]