Privacy Policy

Overview

This Privacy Policy describes how Cleyo ("Cleyo", "we", "us", or "our") collects, uses, and protects personal data when you use our website at cleyo.io, our web application at app.cleyo.io, and the Cleyo browser extension (together, the "Services").

Cleyo is a business development platform for recruiters. We help you find companies that are hiring, identify the right people to contact, and run multi-step outreach campaigns. Because our Services involve professional contact data, we act as a data controller for the information we hold about our own users, and as a data processor for the prospect data you load into your workspace. We are committed to handling all of it in line with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

Information we collect

Account and profile data

When you create an account we collect your name, email address, password (stored only as a salted hash), company name, and the preferences you set, such as your email signature and timezone.

Connected mailbox and messaging data

When you connect a mailbox or messaging account, we store the credentials needed to send messages on your behalf. These credentials are encrypted at rest and are only used to deliver the campaigns you create. We process the content of the emails and messages you draft and send through Cleyo, along with delivery, open, and reply events.

Prospect and contact data

To run outreach you load or generate professional contact data about the decision makers you want to reach, such as names, job titles, employers, business email addresses, and LinkedIn profile URLs. Some of this is entered by you, and some is retrieved through our enrichment and search providers. You are responsible for having a lawful basis to process the prospect data you bring into Cleyo.

Usage and technical data

We log technical information needed to operate and secure the Services, including IP address, browser and device type, the pages and features you access, and timestamps. We keep records of security-relevant actions so we can detect and investigate abuse.

Payment data

Subscriptions and credit purchases are handled by a third-party payment provider. We do not see or store your full card number. We retain billing metadata such as plan, invoice history, and the last four digits of your card.

How we use your information

We use personal data only for the purposes below, each with a lawful basis under the GDPR:

• To provide the Services: creating your account, running searches, drafting and sending campaigns, and syncing your data (performance of our contract with you).
• To secure the Services: authentication, rate limiting, audit logging, fraud and abuse prevention (our legitimate interest in a safe product).
• To improve and support the product: diagnosing issues and responding to your requests (our legitimate interest, and your consent where required).
• To process payments and prevent billing fraud (performance of contract and legal obligation).
• To send service and transactional messages, and, only with your consent, product updates you can opt out of at any time.

We do not sell your personal data, and we do not use the content of your mailboxes, messages, or prospect lists to train machine learning models.

The Cleyo browser extension

The Cleyo browser extension keeps your Cleyo workspace in sync while you work on LinkedIn. It is optional, and you can remove it at any time from your browser. The sections below describe exactly what it does with data.

What data the extension handles

• Professional profile details you choose to save: when you are viewing a LinkedIn profile and decide to add it as a lead, the extension saves the professional details shown on that page, such as name, headline, and current company, to your Cleyo workspace.
• Sign-in information: used to keep you connected to your Cleyo workspace so the extension can sync on your behalf.
• Your settings and activity: your preferences and a short record of recent sync activity, stored locally in your browser.

The extension keeps your workspace up to date by syncing periodically in the background. It only activates on LinkedIn and only saves a profile when you ask it to.

Limited use commitment

Our use of information received from the extension adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:

• We only collect and use the data described above to provide and improve the Cleyo sync features you have asked for.
• We do not sell this data, and we do not transfer it to third parties except to provide the Services or for legal reasons described below.
• We do not use the data for advertising, and we do not use it to determine creditworthiness or for any lending purpose.
• No humans read your data except where you give consent, where it is necessary for security or to comply with the law, or where the data has been aggregated and anonymized.

The extension only works on LinkedIn. It does not access the pages you visit on other websites.

How we share information

We share personal data only with the categories of service providers (sub-processors) that help us run Cleyo, each bound by contract to protect it and use it only on our instructions:

• Cloud hosting and database providers, which store and run the application that powers your workspace.
• Email and messaging delivery providers, which send the messages you create through your connected accounts.
• Contact search and enrichment providers, which help you find and verify professional contact details for the prospects you research.
• AI and language model providers, which help rank opportunities and draft campaign messages.
• A payment provider, which processes subscriptions and billing.

We provide a current list of the specific sub-processors we use to customers on request at support@cleyo.io. We may also disclose data when required by law, to enforce our terms, or to protect the rights, safety, and security of Cleyo and our users. If Cleyo is involved in a merger or acquisition, we will notify you before your data becomes subject to a different privacy policy.

International data transfers

Some of our providers may process data outside your country, including outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to ensure your data receives an equivalent level of protection.

Data retention

We keep personal data only for as long as we need it. Account and workspace data is retained while your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, except where we must keep certain records longer to meet legal, tax, or security obligations. Connected mailbox tokens are deleted as soon as you disconnect an account.

How we protect your data

Security is a core part of how Cleyo is built. We apply industry-standard safeguards, including:

• Encryption of sensitive data in transit and at rest.
• Access controls that keep each user's workspace isolated from others.
• Monitoring, logging, and rate limiting to detect and prevent abuse.
• Ongoing hardening and review of our systems.

No system is perfectly secure, but we work continuously to protect your data and to meet recognized privacy and security standards.

Your privacy rights

Depending on where you live, you have rights over your personal data. For users in the EEA and the UK, these include the right to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or incomplete.
• Delete your data (the right to be forgotten).
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time, without affecting prior processing.

You can exercise most of these rights directly from your account settings, or by contacting us at the address below. You also have the right to lodge a complaint with your local data protection authority.

Cookies and local storage

We use cookies and similar technologies that are strictly necessary to keep you signed in and to keep the Services secure. We do not use third-party advertising cookies. The browser extension stores its settings and a local activity log in your browser's local storage, which never leaves your device except as part of the sync described above.

Children

Cleyo is a professional tool intended for business use. It is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you in the app or by email. Your continued use of the Services after an update means you accept the revised policy.

Contact us

If you have questions about this policy or how we handle your data, or you want to exercise your rights, contact our privacy team at: