Privacy Policy

Last updated: July 8, 2026

1. Introduction

Clianta ("we", "us", "our") operates the Clianta CRM platform at clianta.online. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information: When you register, we collect your name, email address, and password (hashed).

Workspace Data: Contacts, companies, deals, emails, sequences, workflows, and other CRM data you create within your workspace.

Email Integration Data: When you connect Microsoft 365 (OAuth) or a custom SMTP/IMAP mailbox (including Gmail via an app password), we access email metadata (sender, recipient, subject, date) and message content to provide inbox sync, reply detection, and contact enrichment features. We do not request Gmail API access or any Google email scopes. We store OAuth tokens and IMAP/SMTP credentials in encrypted form.

Calendar Data: When you connect Google Calendar, we access event data to power scheduling features.

Usage Data: We collect server logs, IP addresses, browser type, and feature usage analytics to improve the platform.

Payment Information: Billing is processed by Razorpay. We do not store credit card numbers directly.

3. Consent and Legal Basis

Explicit Consent at Signup:When you create a Clianta account, whether via email registration, Google OAuth, or Microsoft OAuth, you are required to explicitly consent to this Privacy Policy and our Terms of Service by checking the "I agree to the Terms and Privacy Policy" checkbox before proceeding.

What We Record: Upon your consent, we record the following information on our servers:

  • Your consent status (agreedToTerms: true/false)
  • The exact date and time you gave consent (termsAgreementTimestamp)
  • Your authentication method (email, Google, or Microsoft) used at the time of consent

Legal Basis: Your explicit, informed consent serves as the legal basis for processing your personal data under the Digital Personal Data Protection Act, 2023 (India) and applicable data protection regulations. You cannot create an account without providing this consent.

Withdrawal of Consent: You may withdraw your consent at any time by deleting your account from the account settings page or by contacting us at privacy@clianta.online. Please note that withdrawing consent will result in the termination of your account and deletion of your data as described in the Data Retention section below.

4. How We Use Your Information

  • Provide, maintain, and improve the CRM platform
  • Sync emails and detect replies for your campaigns and sequences
  • Auto-extract contacts from your connected email accounts
  • Send transactional emails (verification, password reset, notifications)
  • Process payments and manage subscriptions
  • Provide AI-powered features (email generation, lead scoring, copilot)
  • Monitor and prevent abuse, fraud, and security threats

5. Third-Party Services

We integrate with the following third-party services:

  • Google APIs: Google Calendar (OAuth 2.0). Subject to the Google API Services User Data Policy, including the Limited Use requirements.
  • Microsoft Graph / Outlook: Email and calendar access via OAuth 2.0.
  • Notion: When you connect Notion, we access database schemas, page metadata, and page content via OAuth 2.0 to sync meeting notes, retrieve content for your AI Co-Pilot, and execute workflow actions (creating, updating, or querying pages) on your behalf. We store your Notion OAuth tokens in encrypted form, and we do not modify your Notion workspace settings.
  • Meta (WhatsApp Business Platform): When you connect WhatsApp, we access your WhatsApp Business Account to send messages on your behalf via the Meta Cloud API. We store your access token and phone number ID in encrypted form. We do not read or store incoming WhatsApp messages.
  • Razorpay: Payment processing.
  • Google Cloud (Vertex AI): AI features (email generation, scoring). Your data is not used to train models.
  • Sentry: Error tracking and performance monitoring.

6. Google API Disclosure

Clianta's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We request only the minimum scopes necessary: calendar.readonly and calendar.events (read and create calendar events for scheduling and meeting sync), and userinfo.email / userinfo.profile (identify your account at sign-in).
  • We only use Google user data to provide and improve CRM features you explicitly enabled (calendar sync, meeting scheduling).
  • We do not use Google user data for advertising purposes.
  • We do not sell Google user data to third parties.
  • We do not use Google user data to train AI/ML models.
  • Human access to Google user data is limited to investigating bugs or security issues, with your consent, or as required by law.

7. How We Share, Transfer, and Disclose Your Data

We do not sell your personal data, and we do not sell, rent, or trade Google user data. We share, transfer, or disclose data only in the limited circumstances below, and only to the extent necessary:

  • Infrastructure and hosting providers (sub-processors): We store and process all workspace data — including data obtained from Google APIs, such as Google Calendar events — on Google Cloud Platform (application hosting) and MongoDB Atlas (database hosting). These providers process data solely on our behalf under confidentiality and data-processing obligations.
  • AI processing (Google Cloud Vertex AI): Content you explicitly submit to AI features (for example, email drafting and lead scoring) is processed by Vertex AI to return a result. This data is not used to train Google's models, and Google user data is never used to train any AI/ML model.
  • Payment processor (Razorpay): Receives only the billing information needed to process your subscription. It never receives Google user data or your CRM content.
  • Error and performance monitoring (Sentry): Receives diagnostic and log data so we can detect and fix issues. It is configured to exclude message content and credentials.
  • Transactional email delivery: Our email delivery provider receives the recipient address and message needed to send system emails (verification, password reset, notifications).
  • Integrations you connect: When you connect Microsoft 365, Notion, or Meta (WhatsApp), we transmit only the data required for that integration, and only while it remains connected.
  • Legal and safety: We may disclose data to law enforcement, regulators, or other parties when required by law, court order, or to protect the rights, property, or safety of our users and the public.
  • Business transfers: If Clianta is involved in a merger, acquisition, or sale of assets, data may be transferred to the successor entity under the same privacy commitments, and we will notify you before your data becomes subject to a different policy.

We do not share Google user data with any third party except the infrastructure sub-processors named above that are required to operate the features you enabled. We never share Google user data for advertising, and we never disclose it to third parties for their own independent use.

8. Data Storage and Security

Your data is stored in MongoDB databases. Sensitive credentials (OAuth tokens, SMTP/IMAP passwords, MCP integration keys) are encrypted using AES-256 at rest. All data in transit is encrypted via TLS. We implement rate limiting, input validation, and role-based access controls to protect your data.

9. Data Retention

We retain your workspace data for as long as your account is active. When you delete your account or workspace, we delete all associated data within 30 days, except where retention is required by law or for legitimate business purposes (e.g. billing records).

10. Your Rights

You have the right to:

  • Access and export your data
  • Correct inaccurate information
  • Delete your account and all associated data
  • Disconnect third-party integrations at any time
  • Revoke OAuth access from your Google or Microsoft account settings

11. Cookies

We use essential cookies for authentication (JWT session token) and preferences. We do not use third-party advertising cookies or tracking pixels on our platform.

12. Children's Privacy

Clianta is a business tool and is not directed at children under 16. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification at least 14 days before they take effect.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: privacy@clianta.online