Clenta, Inc. ("Clenta," "we," "our," or "us") operates the website at clenta.ai and the Iris mobile application (iOS and Android). This Privacy Policy explains how we collect, use, disclose, and protect personal information about you when you visit our website, join our waitlist, or use our products.
When you visit clenta.ai, we may collect:
When you submit your email address to join our waitlist or request early access, we collect:
This information is used solely to contact you about product updates and access. We do not sell or share it with third parties for their marketing purposes.
When you create a Clenta account or are added by your employer, we collect:
Billing and payment are handled by Stripe. Clenta does not store credit card numbers or full payment card data. We receive transaction-level information such as invoice amounts, payment dates, and subscription status. Stripe's privacy policy is available at stripe.com/privacy.
We use the information we collect to:
We do not:
If your employer has provisioned a Clenta account, your name, role, and email may be visible to your organization's administrators. Individual Iris conversations are visible only to you and your organization's administrators on applicable plans.
We share personal information with third-party service providers who process data on our behalf under written agreements requiring appropriate data protection. Our current service providers include:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and infrastructure | U.S. (AWS us-east-1) |
| Anthropic | AI model powering Iris (zero data retention per API terms) | U.S. |
| Hetzner | Agent runtime infrastructure | Germany (EU) |
| Stripe | Payment processing | U.S. |
| Apple / Expo Application Services | App distribution and build infrastructure | U.S. |
We may disclose personal information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect rights, safety, or security.
If Clenta is acquired or merged with another company, your personal information may be transferred as part of that transaction. We will notify you of any such transfer and the applicable privacy policy going forward.
| Data type | Retention period |
|---|---|
| Waitlist email addresses | Until you unsubscribe or request deletion, or 24 months from collection if no account is created |
| Account information | For the duration of your account, plus 30 days after account closure |
| Iris conversation and log data | For the duration of the organization's subscription (per the DPA) |
| Server access logs | 90 days |
| Payment records | 7 years (legal/tax obligation) |
| Backup copies | Deleted within 90 days of the applicable deletion trigger |
Clenta currently uses only strictly necessary cookies — session tokens required to keep you authenticated in the application. These cookies are essential for the application to function.
We do not currently use:
If and when Clenta introduces analytics or other non-essential cookies, we will update this Privacy Policy with at least 30 days' notice, implement a cookie consent banner on clenta.ai, and provide controls to accept or reject non-essential cookies.
Regardless of your location, you may request to access, correct, delete, or export the personal information we hold about you. Contact us at privacy@clenta.ai to make a request. We will respond within 30 days.
If you are a California resident, you have the right to know what personal information we collect and how we use it, request deletion, opt out of the "sale" or "sharing" of your personal information (we do not sell or share), and not be discriminated against for exercising your rights.
Clenta does not sell personal information. To submit a California privacy request, contact privacy@clenta.ai.
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the GDPR and UK GDPR, including the right to access, rectify, erase, restrict, and port your personal data, and to object to processing based on legitimate interests.
Legal basis for processing: We process account user data on the basis of contract performance. We process waitlist data on the basis of legitimate interests. We process server logs on the basis of legitimate interests (security and debugging).
You have the right to lodge a complaint with your local data protection authority. In the UK, that is the ICO (ico.org.uk).
Where personal data is transferred from the EEA or UK to the U.S. or other third countries, such transfers are subject to Standard Contractual Clauses or other appropriate safeguards.
To exercise your GDPR rights, contact privacy@clenta.ai.
We implement appropriate technical and organizational measures to protect your personal information, including AES-256 encryption at rest, TLS 1.2+ in transit, row-level database security isolating each organization's data, and JWT-based authentication.
No security measure is 100% effective. If you believe your account has been compromised, contact us immediately at privacy@clenta.ai.
The Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a child under 16, we will delete it promptly.
clenta.ai may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy with a new "Last Updated" date and notify account users via email or in-app notification at least 30 days before material changes take effect.
For privacy-related inquiries, data access requests, or to exercise your rights:
Email: privacy@clenta.ai
Mail: Clenta, Inc., [REGISTERED ADDRESS PENDING C CORP COMPLETION]
We aim to respond to all requests within 30 days.