← Back to homeCleo

Privacy Policy

Last updated: 29 March 2026

Cleo ("we", "us", "our") provides an AI-assisted business management service that connects to tools you already use and communicates with you via WhatsApp and related channels. This policy explains how we handle personal data for customers in the United Kingdom, United States, and elsewhere where we operate.

Who we are

The data controller for your information is the entity operating Cleo that contracts with you for the service. For questions about this policy or your data, contact us using the details provided when you onboard or book a demo.

What we collect

We may process:

  • Account and contact data: name, business name, email, phone number (including WhatsApp), billing details, and records of your communications with us.
  • Service and integration data: content and metadata from connected third-party tools (for example CRM, email, calendar, accounting, or messaging platforms) that you authorise us to access, to the extent needed to provide briefings, follow-ups, reporting, and related features you request.
  • Usage and technical data: logs, diagnostics, device or browser information, and analytics that help us run, secure, and improve the service.

How we use your data

We use personal data to:

  • Provide, configure, and support the Cleo service
  • Communicate with you about onboarding, billing, and service updates
  • Maintain security, prevent abuse, and comply with legal obligations
  • Improve our product where we have a legitimate interest, in line with applicable law

We do not sell your personal data. We may use subprocessors (for example cloud hosting, analytics, or messaging infrastructure) under agreements that require appropriate protection of data.

Legal bases (UK / EEA)

Where UK or EU GDPR applies, we rely on bases such as: performance of a contract; legitimate interests (for example securing our systems and improving the product, balanced against your rights); and consent where required (for example certain marketing or non-essential cookies).

International transfers

Your data may be processed in the UK, US, or other countries. Where we transfer personal data from the UK or EEA to countries not deemed adequate, we use appropriate safeguards such as standard contractual clauses or the UK extension to the EU-US Data Privacy Framework, as applicable.

Retention

We keep data only as long as needed for the purposes above, including legal, accounting, and dispute resolution requirements. Retention periods depend on the type of data and your relationship with us.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data, to object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority. To exercise rights, contact us using the details we provide in your agreement or onboarding materials.

Cookies and similar technologies

Our marketing site may use cookies or similar technologies for essential operation, preferences, or analytics. Where required, we will obtain consent before non-essential cookies are set.

Third-party services

Scheduling (for example Calendly), payment providers, and your own connected tools have their own privacy policies. We encourage you to review them. We are not responsible for how third parties handle data outside what we control.

Children

Cleo is not directed at children. We do not knowingly collect personal data from anyone under 16 (or the age required in your jurisdiction).

Changes

We may update this policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or through the service.

Contact

For privacy-related requests, use the contact method shared during sales or onboarding, or the address supplied in your service agreement.