Privacy Policy

1. Introduction

Welcome to Clevaa, a product operated by Revenuru Ltd ("we", "us", or "our"). This Privacy Policy explains how we collect, use, safeguard, and disclose information when you use our website, platform, and embedded AI agents (the "Service").

Our Service includes:

• The Clevaa platform
• AI-powered web widgets deployed on customer websites
• Associated dashboards, analytics, and integrations

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy and our Terms of Service.

2. Definitions

• Service, the Clevaa platform, including web widgets and associated tools
• Personal Data, information that identifies or can identify an individual
• Usage Data, data collected automatically from interaction with the Service
• Cookies, small data files stored on your device
• Data Controller, the entity determining how data is processed
• Data Processor, a third party processing data on behalf of a controller
• User, any individual interacting with our Service or AI agents

3. Information we collect

3.1 Information provided by users

When interacting with Clevaa or a Clevaa-powered widget, users may provide:

• Name, email address, phone number
• Business information
• Messages, queries, and conversational inputs
• Any information voluntarily submitted through the AI agent

3.2 Automatically collected data

We may collect:

• IP address and approximate location (e.g. city-level)
• Browser type and device information
• Interaction data (pages visited, time on page, widget engagement)
• Conversation metadata (timestamps, outcomes, actions triggered)

This is commonly referred to as Usage Data.

3.3 Data from customers (businesses using Clevaa)

Our customers may configure the platform to collect:

• Lead data (e.g. contact details)
• Customer enquiries and requests
• Task-related data (e.g. bookings, follow-ups)

Clevaa acts as a Data Processor in these cases.

4. How we use data

We use collected data to:

• Provide and operate the Service
• Facilitate conversations via AI agents
• Capture and deliver leads, tasks, and insights
• Improve system performance and reliability
• Monitor usage and prevent misuse
• Comply with legal obligations

Where permitted, we may also use data to:

• Improve our models and systems
• Enhance user experience and product features

We follow core principles such as purpose limitation and data minimisation.

5. Legal basis for processing (UK GDPR)

For users in the United Kingdom and European Economic Area (EEA), we process personal data under the UK GDPR and the Data Protection Act 2018 on the following lawful bases:

• Consent, when users provide information voluntarily. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Contractual necessity, to deliver our services
• Legitimate interests, improving our platform, ensuring security, and preventing misuse, balanced against the rights and freedoms of data subjects
• Legal obligations, compliance with applicable UK and EU laws

6. Data sharing and disclosure

We do not sell personal data.

We may share data with:

• Service providers (hosting, analytics, infrastructure)
• Integration partners (CRM systems, messaging platforms)
• Legal authorities, if required by law

All third parties are required to handle data securely and in accordance with applicable regulations. The full list of sub-processors we may engage is published in section 7 below. Customers receive a Data Processing Agreement (DPA) on signing covering UK GDPR Article 28 obligations.

7. Sub-processors

We may engage the following sub-processors to deliver parts of the service. Engagement of any specific sub-processor depends on the customer's plan and configuration. Each sub-processor is bound by data-protection obligations equivalent to those we owe to our customers.

Sub-processor	Link	Nature	Location
Cartesia	cartesia.ai	Audio TTS provider (if used)	US
Inworld	inworld.ai	Audio TTS provider (if used)	US
Deepgram	deepgram.com	STT transcriber (if used)	EU
OpenAI	openai.com	LLM (if used)	US
Anthropic	www.anthropic.com	LLM (if used)	US
Supabase	supabase.com	Database	EU
LiveKit	livekit.com	Voice synthesis	US
Google	google.com	Hosting and communication data	EU
Amazon AWS	aws.amazon.com	Hosting (if used)	EU
Cloudflare	dash.cloudflare.com	DNS (if used)	US

This list may change as the platform evolves. Material changes are reflected in the Trust Center change log and notified to customers per the DPA.

8. Data retention

We retain data only as long as necessary to:

• Provide our services
• Fulfil contractual obligations
• Meet legal and regulatory requirements

Customers can request deletion of their data or configure retention policies within the platform.

9. Data security

We implement appropriate technical and organisational measures, including:

• Encryption in transit and at rest
• Access controls and authentication
• Monitoring and logging systems
• Regular security reviews

Our approach aligns with industry practices for protecting sensitive data.

10. Your data rights

Under the UK GDPR and Data Protection Act 2018 (and equivalent EU GDPR rights for EEA residents), you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion ("right to be forgotten")
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time, where processing is based on consent
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see section 12 below)

To exercise these rights, contact us at [email protected]. We will respond within one month of receiving your request.

Right to lodge a complaint: You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data has been mishandled. Reach the ICO at ico.org.uk, by phone on 0303 123 1113, or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. EEA residents may also contact their national data protection authority.

11. Cookies and tracking

The Clevaa marketing site uses only strictly necessary cookies for site functionality (session integrity, infrastructure security via our CDN). Strictly necessary cookies are exempt from consent requirements under the Privacy and Electronic Communications Regulations 2003 (PECR) and equivalent EU law.

We do not use Google Analytics, advertising trackers, or third-party marketing cookies on the marketing site. If we add any non-essential cookies (analytics, personalisation, marketing) in the future, we will introduce an opt-in consent banner before any such cookie is set, in line with PECR and the UK GDPR.

The Clevaa platform itself (the AI agent dashboard at app.clevaa.com) may set additional cookies necessary for authenticated session management. Customers can configure cookie behaviour for any Clevaa widget embedded on their own site through the platform settings.

You can manage or block cookies through your browser settings, though doing so may affect site functionality.

12. AI and automated processing

Clevaa uses AI systems to:

• Process conversations
• Generate responses
• Extract structured data (e.g. leads, tasks)

Important:

• AI outputs may be automated
• Businesses using Clevaa are responsible for reviewing outcomes where required
• We provide visibility into interactions for transparency and accountability

UK GDPR Article 22 rights: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly affects you. Where automated processing is used, you may request human intervention, express your point of view, and contest the decision. To exercise this right, contact [email protected].

13. International data transfers

Customer data is hosted in the EEA (Hetzner Germany). Where any data leaves the UK or EEA, we ensure appropriate safeguards, such as:

• Standard contractual clauses
• UK GDPR-compliant frameworks
• Secure infrastructure providers

14. Children's privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children.

15. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

16. Contact us

If you have questions about this Privacy Policy or your data:

Download PDF version