Privacy Policy

This policy explains what personal data Clevera collects, why, who it is shared with, and what rights you have over it. It applies to clevera.site and to the tools sold through the Clevera tool store.

Who is the controller

The data controller is Steven Parrett, sole trader, trading as Clevera, of 1 and 2 South Stour Cottages, Lower Mersham, Ashford, Kent, TN25 7HU, United Kingdom. Contact: stevenjparrett@gmail.com.

What we collect and why

When you visit clevera.site

Strictly necessary cookies as described in our Cookie Policy. We use Vercel for hosting; Vercel may collect basic request logs (IP, user agent, path) for security and platform reliability.

When you contact us

The name, email and message you send us. Used to reply to you and to keep a record of the conversation.

When you buy a tool

Your email address, the tool you bought, the amount paid, and a reference to the Stripe checkout session and payment. Card details are handled entirely by Stripe and never reach our servers.

When you use a tool you bought

Depending on the tool, this can include:

• An encrypted copy of any third-party API key you supply, so the tool can call that service on your behalf. We use authenticated encryption and store only the ciphertext.
• Brand assets and brand voice information you upload to train the tool.
• Briefs and instructions you send to the tool, and the drafts the tool generates from them.
• Messages you send to an inbound agent over Slack or email, and the agent’s replies.
• Scheduled-post times and your reminder preferences.

We use this data only to provide the tool to you and to support you if you ask for help. We do not use your content to train models.

Lawful basis

Where UK and EU data protection law applies, our lawful bases are:

• Contract — to take payment, deliver the tool, give you support and run the features you have bought.
• Legitimate interests — to keep the service secure, to investigate suspected misuse, and to keep error and access logs for a limited period.
• Legal obligation — to keep records required for tax and accounting purposes.

Who we share data with

We use a small number of trusted processors, each only for the purpose listed:

• Stripe — payment processing. Handles your card details directly. stripe.com/privacy
• Supabase — database and authentication for accounts and tool data. supabase.com/privacy
• Vercel — hosts the site and tools. vercel.com/legal/privacy-policy
• Resend — sends transactional email such as sign-in links. resend.com/legal/privacy-policy
• Sentry — error and performance reporting from the live service. sentry.io/privacy
• OpenAI — only where you trigger generation in a tool that uses your OpenAI API key. The brief and any reference content you choose are sent to OpenAI to fulfil the request. openai.com/policies/privacy-policy

We do not sell your data, and we do not share it with anyone else for marketing.

International transfers

Some of the processors above are based in the United States. Where personal data is transferred outside the UK or the EEA, the transfer relies on the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or the data protection framework operated by the receiving country, whichever applies.

How long we keep it

• Account and tool data: for as long as your account is open. If you ask us to delete your account, we will delete or anonymise your personal data within 30 days, except for records we have to keep for legal reasons.
• Payment records: kept for 6 years after the transaction, to meet UK tax and accounting requirements.
• Email correspondence: kept for up to 2 years from the last reply, then deleted.
• Error logs (Sentry): retained according to the Sentry plan defaults; typically up to 90 days.

Your rights

If UK or EU data protection law applies to you, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct it if it is inaccurate or incomplete.
• Have it deleted, subject to records we must keep for legal reasons.
• Restrict or object to certain processing.
• Receive a portable copy of data you have provided.
• Withdraw consent where we are relying on consent.

To exercise any of these, email stevenjparrett@gmail.com. We aim to respond within 30 days.

If you are not satisfied with our response, you can complain to the UK Information Commissioner’s Office at ico.org.uk, or to your local data protection authority in the EEA.

Security

We use HTTPS across the site, encrypt third-party API keys at rest with authenticated encryption, and protect access to production systems with strong, unique credentials and two-factor authentication where available. No system is perfectly secure; if we ever discover a breach affecting your data, we will notify you and the relevant regulator as required by law.

Changes to this policy

The current version of this policy is always at clevera.site/privacy with the date it was last updated. If a change materially affects how we use your data, we will let you know by email.

Contact

Questions or requests: stevenjparrett@gmail.com.