Privacy Policy

This Privacy Policy applies to Cluxive's own website, product, and related services. Privacy roles can differ depending on the type of data involved.

• For account, billing, support, security, marketing/contact, and website operations data, Cluxive generally acts as the data controller or business.
• For customer-provided service data processed through the Cluxive product on behalf of a business customer, Cluxive generally acts as a processor or service provider, and the business customer is responsible for the notices, permissions, and legal basis required for its use of that data.
• If you are a website visitor interacting with a Cluxive-powered widget on a customer's website, that business is usually the primary party responsible for the content, lead flow, and visitor-facing data practices on its site.

Depending on how you use Cluxive, we may collect the following categories of information:

• Account and identity data: name, email address, sign-in activity, membership details, workspace role, and authentication/session information.
• Business and onboarding data: business name, website URL, business contact information, welcome messages, lead prompts, approved summaries, knowledge content, uploaded materials, detected PDF links, scanned page summaries, and onboarding drafts.
• Widget, chat, and lead data: visitor questions, assistant replies, chat sessions, lead forms, lead names, phone numbers, email addresses, notes, priority labels, and source page URLs.
• Usage, analytics, and install data: widget launch, message, and submission events; page paths; widget session keys; install signals; allowed domains; operational telemetry; and anti-abuse or rate-limit signals.
• Billing and transaction metadata: pricing plan, subscription status, trial status, Stripe customer and subscription identifiers, checkout metadata, and related account state. Payment card information is handled by the payment processor rather than stored directly by Cluxive.
• Support, admin, and audit data: support-side changes, admin audit records, reasons for support actions, knowledge revision history, and legal acceptance records.
• Website and contact data: contact form details, setup-help inquiries, and security-verification data such as bot-check results.
• Technical and network data: IP address, approximate location inferred from IP, user agent, device/browser data, request origin, referrer, and logs needed for security, fraud prevention, and troubleshooting.

• directly from you when you create an account, complete onboarding, edit settings, request support, or contact us;
• from your website or connected public sources when onboarding tools scan public pages and linked PDF documents that you direct us to review or that our product discovers from your website during setup;
• automatically when users interact with the dashboard, billing flows, widget, contact forms, APIs, and security systems;
• from service providers that help us with authentication, email delivery, payments, anti-abuse, hosting, analytics, and infrastructure operations;
• from workspace owners, admins, or authorized support personnel acting on behalf of a customer account.

• provide, host, configure, secure, and maintain the Cluxive service;
• authenticate users and manage accounts, memberships, sessions, and legal acceptance records;
• scan and summarize public website information during onboarding, create knowledge drafts, and help customers configure a live assistant;
• deliver widget functionality, respond to visitor prompts, capture leads, send notification emails, and maintain conversation history;
• process billing, trials, subscriptions, and account lifecycle events;
• monitor product usage, measure performance, improve reliability, and understand feature adoption;
• detect, investigate, and prevent abuse, fraud, security incidents, unauthorized access, and misuse;
• provide customer support, maintain admin audit trails, and troubleshoot operational issues;
• comply with legal obligations, protect rights and safety, and enforce our agreements.

Cluxive uses cookies and similar technologies for authentication, session continuity, security, legal acceptance flow, product preferences, and analytics or operational measurement. Some of these technologies are strictly necessary for the service to function properly.

Browser settings may allow you to block or remove certain cookies, but doing so can break sign-in, dashboard behavior, billing flows, or other core product functions.

We may share information in the following circumstances:

• Service providers and subprocessors: including providers that support hosting, infrastructure, authentication, email delivery, payments, anti-abuse, logging, analytics, and AI or model-serving operations.
• Within a customer workspace: where account owners, admins, and authorized users can access workspace data based on the roles and permissions configured in the product.
• With customer-designated recipients: such as lead notification email addresses configured by the customer.
• For legal and safety reasons: when reasonably necessary to comply with law, protect rights, investigate abuse, respond to lawful requests, or prevent harm.
• Business transactions: in connection with a merger, acquisition, financing, reorganization, asset sale, or similar transaction, subject to applicable confidentiality and legal requirements.

Cluxive does not describe itself here as selling personal information for cross-context behavioral advertising. If that changes, we will update this policy and any required notices.

Billing and subscription management in Cluxive rely on third-party payment infrastructure. For example, checkout and subscription records may be handled through Stripe. Cluxive stores billing metadata needed to manage subscriptions and account state, but payment card details are collected and processed by the payment provider rather than stored directly by Cluxive.

We retain information for as long as reasonably necessary to provide the service, maintain account history, support customers, improve platform reliability, investigate incidents, comply with law, resolve disputes, and enforce our agreements.

• account, billing, legal-acceptance, and audit information may be retained for recordkeeping and compliance;
• chat, lead, onboarding, and knowledge records may be retained while the customer account remains active and for a reasonable period afterward;
• logs and security telemetry may be retained for shorter periods or as needed for abuse prevention and incident response.

Cluxive and its service providers may process information in the United States or other countries where we or our providers operate. Those countries may have data protection rules that differ from the rules in your jurisdiction. Where required, we will use legally recognized transfer mechanisms or comparable safeguards.

Cluxive uses administrative, technical, and organizational measures designed to protect information against unauthorized access, misuse, loss, or alteration. These measures include role-based access controls, authentication controls, rate limiting, audit logging, and other product and infrastructure safeguards.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Customers are responsible for choosing appropriate use cases, limiting sensitive data, and maintaining the security of their own systems and users.

Depending on your location and the context in which we process your information, you may have rights to access, correct, delete, export, or object to certain processing, or to limit certain uses of your information. Rights may be subject to verification, legal exceptions, and role distinctions.

If Cluxive processes your information solely on behalf of one of our business customers, we may direct your request to that customer because it controls the relevant data and relationship. Where required, we will assist our customers with these requests.

If you are covered by a U.S. state privacy law, you may have rights to know, access, delete, correct, or receive a copy of certain personal information, and to appeal a denied request where applicable. Any such rights are subject to verification and the limits permitted by law.

We disclose in this Privacy Policy the categories of personal information we collect, the sources of that information, the purposes for which it is used, and the categories of parties with whom it may be shared.

Cluxive is not directed to children under 13, and we do not knowingly collect personal information directly from children for our own services. If you believe a child has provided information to us improperly, contact us so we can review and address the issue.

Unless we expressly support it in writing for a particular service, please do not submit medical records, government identification numbers, payment card numbers, precise financial account credentials, or other highly sensitive personal data through onboarding materials, chat inputs, or the widget.

We may update this Privacy Policy from time to time to reflect product, legal, security, or operational changes. When we do, we will post the updated version here, update the effective version above, and may require renewed acceptance before continued access to some parts of the service.

For privacy questions or requests, contact us at contact@cluxive.com. If you are writing about data processed through a specific Cluxive customer workspace or widget, please identify the relevant business or website so we can route the request correctly.