Clanner Back to home
Legal

Privacy Policy

Last updated · April 18, 2026

Your privacy matters. This policy explains what we collect, why we collect it, and what we don't do with it (spoiler: we don't sell it, and we don't train AI on it). We've aligned this policy with the EU GDPR and India's DPDP Act, 2023 — even if you're not covered by either, you get the same protections.

The short version We collect the minimum data needed to run Clanner. We don't sell it, share it with advertisers, or use it to train AI models. You can export it or delete it at any time, from your dashboard or by emailing privacy@clanner.com.

Who this policy covers

This policy applies to everyone who visits clanner.com, starts a free trial, or uses the Clanner dashboard (app.clanner.com) and any associated services.

It does not cover third-party platforms you connect (Instagram, LinkedIn, X, etc.). Each of those platforms has its own privacy policy governing what they do with your data when we publish on your behalf.

Data controller

The data controller is:

Galific Solutions Pvt Ltd (parent company of Clanner)
Noida, Uttar Pradesh, India
Email — privacy@clanner.com

Information we collect

1. Information you provide directly

  • Account data — name, email, password hash, company (if any)
  • Billing data — tier, billing address, tax ID. Payment card details are handled by our payment processor (Stripe / Razorpay) and never touch our servers.
  • Brand data — brand voice samples, topic preferences, influencer lists, blacklist, domain, product info — whatever you feed into the Clanner dashboard
  • Support communications — emails, chat messages, form submissions

2. Information we collect automatically

  • Usage data — which pages you visit, which features you use, timestamps. Used to improve the product.
  • Device data — browser type, OS, screen size, IP address (truncated after 24 hours)
  • Cookies & local storage — see our Cookie Policy

3. Information from connected platforms

When you connect an Instagram, LinkedIn, YouTube, Twitter or similar account, Clanner receives only the data necessary to perform the service — typically your authenticated user ID, permission scopes you granted, and engagement metrics for content we publish on your behalf. We don't harvest your private messages, contacts, or follower lists.

4. Publicly-available signals

The Harvester module reads publicly-available content from platforms (posts, headlines, comments, engagement counts) to extract trends. This data is tied to your brand's research context — not to any individual user profile beyond what is already public.

How we use information

  • Run the service — log you in, generate drafts, design assets, schedule posts
  • Billing — charge your plan, issue invoices, handle refunds
  • Improve the product — aggregate usage analytics to see what features help and what doesn't
  • Communicate — product updates, security notifications, occasional newsletters (you can unsubscribe from non-essential emails with one click)
  • Security — detect fraud, abuse, and unauthorized access
  • Comply with law — respond to valid legal requests, enforce our terms

That's it. We don't build advertising profiles. We don't sell data. Full stop.

Sharing & sub-processors

We share data only with sub-processors that help us run Clanner. We keep the list tight:

Sub-processorPurposeRegion
Google Cloud (Gemini API)Content generationUS / EU
Turso (libSQL)Database hostingGlobal edge
AWSCompute & storageMumbai (ap-south-1)
CloudflareCDN, DDoS protectionGlobal edge
Stripe / RazorpayPayment processingUS / India
PostmarkTransactional emailUS
Plausible / PostHogPrivacy-respecting analyticsEU

The current list of sub-processors and their DPAs lives at clanner.com/security#subprocessors. When we add or remove one, we update that page and notify existing customers by email.

We never share your data with advertisers, data brokers, or any third party for marketing purposes.

AI processing & training

Clanner uses large language models (currently Google Gemini) to generate drafts, extract signals, and review brand alignment. When a draft is generated, the relevant prompt and context is sent to Gemini. Google's terms for our API tier explicitly prohibit training on customer prompts, and we verify that contractually.

We do not use your content, drafts, engagement data, brand voice samples, or any user data to train our own models.

Data retention

  • Active account data — kept while your account is active
  • Cancelled account — kept for 90 days after cancellation, then permanently deleted. You can request immediate deletion via privacy@clanner.com.
  • Billing records — kept for 7 years for tax and audit compliance
  • Usage & security logs — kept for 12 months, then aggregated or deleted
  • Support communications — kept for 24 months

Your rights

Under GDPR and the DPDP Act, you have the right to:

  • Access — get a copy of the personal data we hold about you
  • Rectification — correct data that's inaccurate or incomplete
  • Erasure — ask us to delete your data (the “right to be forgotten”)
  • Restriction — ask us to pause processing in certain circumstances
  • Portability — receive your data in a machine-readable format (Markdown + CSV + JSON)
  • Object — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time
  • Complain — lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@clanner.com. We'll respond within 30 days. Most requests — export, deletion — can also be triggered from your account dashboard in a single click.

International transfers

Clanner is operated from India. We process and store data primarily in India (AWS Mumbai), with CDN edge nodes and some sub-processors outside India.

When personal data leaves the EU/UK, we rely on EU Standard Contractual Clauses (2021) with our sub-processors and equivalent safeguards to ensure an adequate level of protection.

Children

Clanner is not intended for anyone under 18. We don't knowingly collect personal data from children. If you believe a child has created an account, contact us and we'll delete it immediately.

Security

We protect your data with encryption at rest (AES-256), encryption in transit (TLS 1.3), role-based access controls, audit logging, and regular third-party penetration testing.

Full security practices are documented at clanner.com/security. If you discover a vulnerability, please report it to security@clanner.com — we have a responsible disclosure program.

Changes to this policy

When we make material changes, we'll email you at least 30 days before they take effect and update the “Last updated” date. Minor edits (clarifications, typos) take effect immediately.

Contact & Data Protection Officer

For anything privacy-related, write to us:

EU residents can also contact their local supervisory authority. UK residents can contact the ICO at ico.org.uk.