Back to home

GDPR Compliance

Cluently is designed from the ground up to comply with the General Data Protection Regulation (EU 2016/679). Here is how we protect your data and respect your rights.

Our Commitments

Data minimization

We only collect data strictly necessary to provide the service. No shadow profiles, no hidden tracking.

Privacy by design

Every feature is built with data protection in mind. Project data is strictly isolated. Multi-tenant architecture ensures no cross-contamination between accounts.

EU hosting

Our database and primary infrastructure are hosted in EU regions. When we use US-based sub-processors, Standard Contractual Clauses (SCCs) are in place.

No selling of data

We never sell, rent, or share your personal data with third parties for their own marketing purposes.

Your Rights

Right of Access

Request a full copy of all personal data we hold about you. We will provide it in a structured, machine-readable format within 30 days.

Right to Portability

Export your leads, signals, workflows, and conversations at any time in JSON or CSV format directly from your Settings page.

Right to Erasure

Request complete deletion of your account and all associated data. We process deletion requests within 30 days.

Right to Restrict Processing

Ask us to limit how we process your data while you contest its accuracy or object to its use.

Data Processing for Prospecting

Cluently processes publicly available business data (LinkedIn profiles, company websites, public filings) under the legitimate interest legal basis (GDPR Art. 6.1.f). We apply the following safeguards:

  • Only professional contact data is collected. No personal or sensitive data.
  • Contact enrichment is performed manually at the user’s explicit request, never automatically.
  • We use Dropcontact for GDPR-compliant email verification. No US-based enrichment databases.
  • An unsubscribe mechanism is included in all outreach. Opt-outs are honored immediately.
  • Leads can be blacklisted, preventing any further contact.

AI and Data Processing

Our AI features process your project data to generate insights and content. This data is sent to our AI providers (Anthropic, OpenAI) solely for processing your requests. We do not use your data to train AI models. All AI providers have Data Processing Agreements (DPAs) in place with appropriate safeguards for EU data.

Data Breach Notification

In the event of a personal data breach, we will notify the CNIL within 72 hours as required by GDPR Art. 33. If the breach is likely to result in high risk to your rights, we will also notify you directly without undue delay.

Contact the Data Controller

For any GDPR-related request, contact our Data Protection Officer at [email protected]. We respond to all requests within 30 days.

You also have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertes) at www.cnil.fr.

See also: Privacy Policy and Terms of Service