Cleeny.

Legal

Privacy Policy

Last updated: 21 May 2026

Cleeny (“we”, “us”, “our”) operates the Cleeny platform at cleeny.co.uk. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what data we collect, why we collect it, how we use it, and your rights. If you have questions, contact us at hellocleeny@gmail.com.

1. Who we are

The data controller is Cleeny Ltd, a company registered in England and Wales. Our registered contact address for data matters is hellocleeny@gmail.com. We do not currently require a Data Protection Officer but will appoint one if our processing activities require it.

2. Data we collect

We collect the following categories of personal data:

  • Account data: your name, email address, and password (stored as a hashed value) when you create an account.
  • Business data: contract details, staff cost rates, and other operational figures you enter into the platform. This data belongs to you and is used solely to provide the service.
  • Usage data: pages visited, features used, and timestamps, collected to improve the product.
  • Payment data: billing name, email, and card last-four digits. Full card details are handled by our payment processor (Stripe) and never stored on our servers.
  • Communications: emails you send us, support requests, and feedback.
  • Technical data: IP address, browser type, and device information collected automatically when you use the service.

3. How and why we use your data

PurposeLegal basis (UK GDPR)
Providing the Cleeny servicePerformance of a contract (Art. 6(1)(b))
Processing subscription paymentsPerformance of a contract (Art. 6(1)(b))
Sending transactional emails (receipts, password reset)Performance of a contract (Art. 6(1)(b))
Improving the product and fixing bugsLegitimate interests (Art. 6(1)(f))
Preventing fraud and ensuring securityLegitimate interests (Art. 6(1)(f))
Sending product updates and marketing emailsConsent (Art. 6(1)(a)) — you can withdraw at any time
Complying with legal obligationsLegal obligation (Art. 6(1)(c))

4. Who we share your data with

We do not sell your data. We share it only with trusted processors who help us operate the service:

  • Vercel — hosting and infrastructure (servers located in the EU/UK).
  • Supabase — database and authentication.
  • Stripe — payment processing. Stripe is PCI-DSS compliant.
  • Postmark / Resend — transactional email delivery.

All processors are contractually bound to process data only on our instructions and to maintain appropriate security measures. We may also disclose data where required by law or to protect our legal rights.

5. Cookies

We use a small number of cookies:

  • Strictly necessary cookies — session tokens required to keep you logged in. These cannot be disabled.
  • Analytics cookies — used to understand how the product is used. We use privacy-friendly analytics that do not fingerprint individual users. You can opt out at any time.

We do not use advertising or third-party tracking cookies.

6. How long we keep your data

We retain your account and business data for as long as your account is active, plus 90 days after deletion to allow recovery if you change your mind. After that period, data is permanently deleted from our systems. Payment records are retained for 7 years to comply with financial regulations. Anonymised, aggregated usage data may be retained indefinitely.

7. International transfers

We process most data within the UK and EU. Where data is transferred outside these regions (for example, to US-based service providers), we ensure appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses.

8. Your rights

Under UK GDPR, you have the right to:

  • Accessrequest a copy of the personal data we hold about you.
  • Rectificationask us to correct inaccurate or incomplete data.
  • Erasureask us to delete your data ('right to be forgotten'), subject to legal obligations.
  • Restrictionask us to limit how we process your data in certain circumstances.
  • Portabilityreceive your data in a machine-readable format.
  • Objectobject to processing based on legitimate interests or for direct marketing.
  • Withdraw consentwithdraw any consent you have given at any time, without affecting prior processing.

To exercise any right, email hellocleeny@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. No method of transmission over the internet is 100% secure, but we take all reasonable steps to protect your data.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before they take effect. The “last updated” date at the top will always reflect the current version.

11. Contact

For any data-related queries, email us at hellocleeny@gmail.com. We aim to respond within 2 business days.

Terms of Service·Back to Cleeny