This Privacy Policy explains how Clivo.email ("we", "our", "us") collects, uses, stores, and protects user data. Below this Privacy Policy, you will also find Clivo’s Information Security Policy, which defines how we protect data at an organizational, technical, and operational level.

1. Information We Collect

A. Personal Data

Name
Email
Password (stored in hashed form)
Billing details (processed via PayProGlobal)

B. Usage & Tracking Data

Cookies
Analytics data
Browsing behavior
Tracking pixels

C. Design Data

Uploaded Figma files
Extracted assets (PNG, JPG, SVG)
Generated HTML/MJML templates
User prompts

We do not collect IP addresses or device-level information.

2. How We Use Your Data

We use data to:

Provide and improve Clivo.email
Generate AI-based templates
Convert Figma files to HTML
Process subscriptions and payments
Maintain account access
Provide customer support
Monitor system performance
Analyze usage to improve user experience

We do not use customer data to train any AI models.

3. Legal Basis (GDPR)

For EU/UK users, we process data under:

Contractual necessity
Legitimate interest
User consent (cookies)

4. Third-Party Processors

Hosting & Storage

AWS (data hosting & storage)

Payments

PayProGlobal

Analytics

Google Analytics

AI Models

OpenAI
Anthropic

We only share the minimum data required for service functionality.

5. Data Retention

We store:

HTML outputs and Figma assets until the user deletes them
Account and billing data while the account remains active
Cookies as per browser/device settings

6. Data Security

We use:

HTTPS encryption
Encrypted password storage
AWS enterprise-grade security
Access controls for internal staff

7. User Rights

Depending on your region, you may:

Access your data
Delete your data
Modify your data
Export your data
Opt out of tracking cookies

Contact support@clivo.email for requests.

8. Children's Privacy

Clivo is not intended for individuals under 18 years old.

9. Changes to Policy

We may update this Privacy Policy as needed.

Contact

Email: support@clivo.email

Information Security Policy

Effective Date: Dec 5, 2025

1.0 Purpose and Benefits

This Information Security Policy (“Policy”) defines the minimum security requirements for Inboxist MarTech Solutions Pvt Ltd, DBA Clivo.Email (“Clivo”). It establishes a framework to protect the confidentiality, integrity, availability, and resilience of all information assets — including Personal Data and Shared Personal Data.

This Policy ensures:

Administrative, technical, and physical safeguards aligned with industry best practices
Compliance with applicable Data Protection Laws and partner requirements (e.g., Klaviyo)
Proactive security through vulnerability scanning, logging, monitoring, and incident response
Strong operational resilience, redundancy, backups, and disaster recovery

2.0 Authority

This Policy is approved by Clivo’s Executive Management:

Inboxist MarTech Solutions Pvt Ltd
99, Greeta Tech Park, Rajiv Gandhi Salai, Perungudi,
Chennai, Tamil Nadu, India – 600096

3.0 Scope

This Policy applies to:

All Clivo-owned and third-party-managed systems (AWS, payment processors, analytics tools)
All information used or created in Clivo operations
All workforce members, including employees, contractors, and temporary staff

4.0 Information Statement

4.1 Organizational Security

Clivo maintains an information risk management and security governance program
An Information Security Officer (ISO) oversees risk, security advice, and compliance
Executive Management collaborates to enforce consistent risk management

4.2 Functional Responsibilities

Executive Management

Responsible for approving the Policy, allocating resources, overseeing risk, ensuring contractual & regulatory compliance, and enabling security training.

Information Security Officer (ISO)

Manages security risks, best practices, vendor security, vulnerability scanning, incident response, and cybersecurity awareness.

IT / Engineering

Responsible for secure configurations, patch management, access control, endpoint protection, backups, and monitoring.

Workforce Members

Must protect data, use systems only for authorized purposes, follow security training, and report incidents.

4.3 Separation of Duties

Clivo implements separation of duties or compensating controls such as logging and peer review.

4.4 Information Risk Management

Risk assessments are required for new systems, major releases, integrations, and vulnerabilities.

4.5 Information Classification and Handling

Personal Data and Shared Personal Data are classified as sensitive and protected across their lifecycle.

4.6 IT Asset Management

Clivo maintains inventory of all critical infrastructure and investigates unauthorized systems.

4.7 Personnel Security

Includes training, role-based access, and immediate removal of access upon termination.

4.8 Cyber Incident Management

Clivo maintains a structured incident response procedure, including customer notifications when required.

4.9 Physical & Environmental Security

Clivo uses secure facilities and ensures devices with sensitive data have encryption or equivalent safeguards.

4.10 Access Control

Unique accounts, secure authentication, least-privilege access, and session timeout enforcement.

4.11 System Security

Includes secure development, hardened configurations, separate environments, and change management.

4.12 Collaborative Computing Devices

Users are informed when cameras, microphones, or screen sharing are active.

4.13 Vulnerability Management

Regular scanning, prioritization, remediation, and vendor security evaluations.

4.14 Operations Security

Logging, monitoring, backups, BC/DR procedures, and use of redundant or tolerant infrastructure.

5.0 Compliance

All workforce members must comply with this Policy. Any limitations must be documented with compensating controls.

6.0 Definitions

Personal Data: Information about an identifiable individual.
Shared Personal Data: Personal Data shared with third parties (e.g., Klaviyo).
Security Incident: Unauthorized access, disclosure, loss, disruption, or misuse.
Data Protection Laws: All applicable privacy and information security regulations.

7.0 Contact Information

Information Security Officer / Policy Owner
Inboxist MarTech Solutions Pvt Ltd – DBA Clivo.Email
99, Greeta Tech Park, Rajiv Gandhi Salai, Perungudi,
Chennai, Tamil Nadu, India – 600096
Email: support@clivo.email

8.0 Revision History

Date : 5 Dec 2025
Description of Change : Initial publication of Information Security Policy
Reviewer : Arul Raj / Founder