LogoCleon

Policy

Privacy Policy (GDPR)

OMOC INC (Cleon) is committed to protecting your personal data under the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect personal data when you use our AI platform for customer onboarding and data migrations.

1. Data We Process

We process personal data as a controller (for our users) and processor (for customer data), including:

  • Customer Data Migrations: Names, emails, addresses, job roles, or other personal data in customer files (e.g., Excel) for schema transformation.
  • User Accounts: Usernames, emails, hashed passwords, login history.
  • Employee Data: Names, addresses, bank details, job roles for internal HR (small team).

2. Legal Bases (GDPR Art. 6, 9)

  • Contract (Art. 6(1)(b)): To fulfill onboarding and migration services (customer/employee data) and provide platform access (user accounts).
  • Consent (Art. 6(1)(a), Art. 9(2)(a)): For user account registration and any special category data (e.g., in customer files, explicit consent, revocable).

We stop processing if no legal basis applies.

3. How We Use Your Data

  • Automate customer file transformations and onboarding.
  • Manage user accounts and platform access.
  • Handle HR for our small team.

4. Data Sharing and Transfers

  • Recipients: Internal team; vendors (e.g., AWS, OpenAI, VAPI, Stytch, Rippling) for processing.
  • International Transfers: Data may transfer to the US (vendors). We use Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), and prefer EU-hosted servers (e.g., AWS EU) to ensure GDPR compliance.
  • Safeguards: AES-256 encryption, data minimization, vendor audits.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5. Data Retention

  • Customer data: Until migration complete + 1 year or upon request.
  • User data: Until account deletion or 2 years inactivity.
  • Employee data: 7 years (legal obligations).

6. Your GDPR Rights

You have the right to:

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion (e.g., when consent is withdrawn).
  • Restriction: Limit processing temporarily.
  • Portability: Receive data in a structured format (e.g., JSON).
  • Objection: Object to processing (e.g., marketing).
  • Automated Decisions: Request human review for AI-driven decisions.

To exercise your rights, email support@getcleon.ai. We respond within 30 days, with no fee unless requests are excessive.

7. Data Security

We use AES-256 encryption, multi-factor authentication (MFA), access controls, and audit logs to protect your data.

8. Contact Us

For questions or GDPR requests, email: support@getcleon.ai.

9. Supervisory Authority

You may lodge complaints with an EU supervisory authority.