Legal

Privacy Policy

Last Updated: 01 May 2025

This policy applies to www.getclientell.com, app.clientell.ai, and related domains owned by Tower22, Inc., a Delaware corporation and its affiliates (“Clientell,” “we,” “us,” “our”).

The Platform provides “AI-powered revenue intelligence, analytics, and Salesforce metadata analysis, documentation, and assistance with the development and maintenance of Salesforce tasks.”

1. Scope of This Policy

Clientell commits to collecting and processing Personal Information carefully, only for described purposes and within legal regulations. The policy describes types of information collected, usage purposes, third-party sharing, security measures, and contact information for privacy inquiries.

The policy may be amended with updates effective upon posting. Continued use implies acceptance of updates.

2. Types of Information Collected

Personal Information: Name, company name, email, job title, employer details, address, credentials, and other directly-provided information.

Information from Salesforce and Other Integrations: Customer names, contact details, opportunity records, activities, sales stages, pipelines, revenue figures, workflow data, and metadata. Note: “Clientell does not store Salesforce data permanently. Accessed data is processed temporarily to deliver specific functionality and is deleted after its purpose is served.”

Payment and Transaction Information: Credit/debit card numbers, billing address, transaction history processed through third-party payment processors.

Non-Personal Information: Browser type, ISP, operating system, IP address, device location, usage statistics.

Usage Information: System administrative data, statistical data, click-stream data, pages accessed, time spent, error logs.

Communications Information: Messages, emails, customer service inquiries, feedback, attachments.

3. Consent

By accepting the policy, users expressly consent to data collection, access, processing, and disclosure per policy terms.

Single Sign-On (SSO) through Salesforce provides login credentials including name, email, and profile details. Users authorize access per the Privacy Policy and Salesforce's practices.

Users should not share login credentials, and instructions using credentials are considered authorized.

4. Children

Services are not designed for children under 16. Clientell does not knowingly collect Personal Information from children and will attempt to prohibit such use and delete any collected information. Parents/guardians should contact help@getclientell.com.

5. Data Processing Addendum

A Data Processing Addendum (DPA) applies when processing Personal Information subject to data protection laws like CCPA, GDPR, or equivalents. The DPA forms an integral part of the agreement.

6. Collection of Information

Information is collected when users:

  • Create profiles/accounts
  • Engage with Services
  • Participate in campaigns, contests, surveys, webinars, events, promotions
  • Contact support or provide feedback
  • Make payments

All information is provided voluntarily without undue influence.

Cookies monitor usage and deliver relevant content (see Cookie Policy). Non-Personal and Usage Information is collected based on browsing activity.

Users may use the Platform without providing information, but may not access certain Services.

7. Use of Information

The Company uses Information to:

  • Provide, operate, and improve the Platform and Services
  • Create and manage accounts and workspaces
  • Facilitate AI-generated insights, reporting, and analytics
  • Personalize user experience
  • Provide technical support and customer service
  • Fulfill contractual obligations and billing
  • Communicate product updates and policy changes
  • Conduct research and analysis
  • Detect fraud and security incidents
  • Deliver onboarding and training services

Information is monitored for auditing, maintenance, diagnostics, and compliance.

Personal Information is used to comply with laws, legal processes, and governmental requests; protect Company rights and user safety.

Information is used for security audits, policy enforcement, and fraud investigation.

De-identified data may be aggregated for service improvement, AI training, analytics, and partner sharing.

Non-Personal and Usage Information supports analytics and algorithm improvement.

Marketing communications inform users about products, features, webinars (users may opt out).

Communications Information responds to user requests and future communications.

8. Information Sharing and Disclosure

The Company does not sell Personal Information for monetary consideration but may share with third parties per policy and law.

Third-party service providers and vendors include cloud hosting, payment processors, customer support platforms, analytics providers, communication services, and integration partners. Third parties access information only as necessary and are contractually obligated to maintain confidentiality.

When connecting Salesforce or other CRM systems, data is processed per user settings and permissions. CRM-derived data is not shared externally except as directed, necessary for operation, or legally required.

Information is disclosed to courts, law enforcement, regulatory authorities, and government agencies to comply with legal obligations, subpoenas, court orders, or lawful requests; enforce rights and agreements; and protect Company, user, or third-party safety.

Aggregated, de-identified data may be shared for industry research, benchmarking, analytics, marketing, and product development.

Information is shared when users provide consent or direct disclosure, including through integrations.

Limited Personal Information (emails, hashed identifiers) may be shared with marketing partners for relevant promotional content, with opt-out options available.

The Platform contains links to third-party websites governed by their privacy policies.

9. International Data Transfers

Information may be transferred, stored, or processed outside the United States in countries with different data protection laws. The Company takes steps to ensure secure treatment per applicable laws.

Users outside the USA acknowledge policy terms and data practices, may have rights under local laws, and should familiarize themselves with applicable regulations and associated risks.

10. Third Party Service Providers

The Company engages third-party vendors for support services including software maintenance, advertising, marketing, and web hosting. Third parties have limited access and cannot use information beyond authorized tasks or legal requirements.

The Platform contains links and interactive functionality with third-party websites. The Company is not responsible for their actions, privacy policies, or content and recommends reviewing their terms and conditions before engagement.

11. Disclosure to Acquirers

In merger, acquisition, financing, reorganization, bankruptcy, asset sale, or service transition, Information may be disclosed, transferred, or sold as part of the transaction per applicable law. Successor entities are bound by this policy or equally protective terms.

12. Your Rights

Users have rights per applicable law, including CCPA:

  • Access/Update: Request Personal Information records upon identity verification
  • Review/Correct: Fix inaccurate Personal Information
  • Withdraw Consent: Withdraw permission in writing at any time
  • Opt-out Communications: Unsubscribe from marketing via email links or direct contact (other communications may continue)
  • Delete/Close Account: Remove content or close accounts via contact request

Requests should be sent to help@getclientell.com. Rights may be restricted by legal retention requirements, potentially affecting Service availability.

Withdrawing consent may restrict Platform access or Service fulfillment.

The Company reserves identity verification rights and may deny access requests if they violate others' rights or legal requirements.

13. Term of Storage of Information

Personal Information is retained as long as necessary for Platform provision, legitimate business purposes, compliance, and dispute resolution, for the duration of user status and per legal requirements.

Users must not submit false, illegal, or damaging content. The Company reserves termination rights for such submissions or other concerns.

Salesforce Data: “Clientell does not permanently store data retrieved from your Salesforce CRM or other connected systems. Such data is accessed temporarily and processed solely for the purpose of delivering and optimizing our Services. Once the processing is complete, the Salesforce data is either deleted automatically or not retained on our servers.”

Essential metadata for auditing, analytics, or error resolution may be retained in anonymized or aggregated form.

Chat Data: Chat interactions, including queries, responses, feedback, and exchanges, may be stored securely for necessary purposes or legal requirements. Chat data is encrypted in transit and at rest, accessible only to users, and not used for other purposes. Users may request deletion of specific chat history.

14. Protection of Information

The Company uses industry-standard physical, technical, and administrative security measures to protect Information from loss, misuse, unauthorized access, alteration, or destruction.

While striving for protection, the Company cannot guarantee absolute security during internet transmission. The Company evaluates retention necessity considering privacy, relationships, and applicable legislation annually.

The Company is not liable for information loss, theft, or unauthorized device access attributable to users. It is not responsible for breaches beyond reasonable control, including government acts, hacking, unauthorized access, crashes, encryption breaches, poor internet/telephone service, etc.

15. Limitation of Liability

The Company is not liable for lost profits, anticipated savings, goodwill, reputation, business opportunities, or direct/indirect, incidental, economic, compensatory, punitive, exemplary, or consequential losses from performance or non-performance.

The Company is not responsible for third-party actions or inactions.

Except per policy, the Company is not responsible for loss, damage, or misuse from Force Majeure Events or third parties. “Force Majeure Event” includes events beyond reasonable control: sabotage, fire, flood, explosions, acts of God, civil commotion, strikes, riots, insurrection, war, government acts, hacking, civil disturbances, unauthorized computer access, crashes, encryption breaches, epidemics, pandemics, lockdowns, or similar uncontrollable events.

16. Changes to This Policy

The Company reserves update, change, and modification rights effective upon posting. Regular review is recommended. Continued use implies unconditional acceptance of updates.

17. Governing Law

This policy is governed by Delaware law without regard to conflict of laws principles.

Legal actions arise exclusively in USA Delaware courts, and users consent to such jurisdiction.