Privacy Policy

CLEOLink (the "Service," "we," "us," or "our") is operated by Echelon Innovative Commerce L.L.C, a limited liability company organized under the laws of the Commonwealth of Virginia, United States. This Privacy Policy explains what information we collect when you use cleolink.com, how we use it, who we share it with, and the rights you have over it.

By using CLEOLink you agree to the practices described below. If you do not agree, please do not use the Service.

1. Information We Collect

Information you provide directly:

• Account details — your name and email address
• Sourcing concierge requests, product searches, and supplier outreach drafts
• Payment information, processed and stored by Stripe — we never see or retain full card numbers
• Messages you send to support@cleolink.com or through our contact forms

Information collected automatically:

• Usage analytics via Google Analytics (pages visited, features used, session duration, referrer)
• Device and connection data — browser type, operating system, IP address, approximate region
• A lightweight browser fingerprint (a hashed signature derived from your browser configuration) used solely for anti-fraud and anti-spam protection on free-tier requests
• Cookies and similar technologies — see Section 6 and our Cookie Policy

Information from connected platforms:

• If you connect a Shopify, WooCommerce, or other commerce store, we read product, catalog, and order metadata strictly to deliver the features you requested

2. How We Use Your Information

We use the information we collect to:

• Provide AI-powered sourcing intelligence, demand validation, and supplier matching
• Send transactional emails (account confirmations, sourcing reports, billing receipts) via Resend
• Process subscription payments and manage billing through Stripe
• Detect, prevent, and respond to fraud, abuse, and spam — including using the browser fingerprint to rate-limit free-tier abuse
• Improve the platform, debug issues, and measure feature usage
• Comply with legal obligations and enforce our Terms of Service

We never sell user data to third parties. Ever.

3. Third Parties We Share Data With

CLEOLink is built on a stack of trusted third-party processors. Each is contractually bound to handle your data only to deliver their service to us:

• Anthropic — AI processing. Your sourcing requests and product queries are sent to Anthropic's Claude API to generate verdicts, supplier suggestions, and outreach drafts.
• Stripe — payment processing, subscription management, and card-level fraud protection.
• Supabase — primary database and authentication. Data is stored in the US East region.
• Resend — transactional email delivery (sourcing reports, account notifications, receipts).
• Vercel — application hosting and edge delivery.
• Google Analytics — anonymized usage analytics.

We may also disclose information when required by law, valid legal process, or governmental request, or in connection with a merger, acquisition, or sale of assets — in which case the acquirer would be bound by this Privacy Policy with respect to your data.

4. AI Processing

Sourcing requests, demand-validation queries, and outreach prompts are sent to Anthropic's Claude API to generate the responses you see in the product. Anthropic does not use this content to train its models when accessed through the API.

We do not feed your personal information into AI prompts beyond what is necessary to fulfill a specific request you have made.

5. Data Storage and Security

User accounts, sourcing requests, and billing references are stored in our Supabase database in the US East region. All data is encrypted in transit (TLS) and at rest. Passwords are hashed; payment cards are never stored on our servers.

No system is perfectly secure, but we maintain industry-standard administrative, technical, and physical safeguards. In the event of a data breach affecting your personal information we will notify you in line with applicable law.

6. Cookies and Tracking

CLEOLink uses a small number of cookies, including:

• Supabase authentication session cookie — required to keep you logged in
• Google Analytics cookies (_ga, _gid) — used to understand how the platform is used
• Stripe fraud-prevention cookies — used during checkout to protect against payment fraud

For full details and opt-out instructions, see our Cookie Policy.

7. Your Rights — Access, Deletion, and Export

You may request to access, delete, or export your personal data at any time by emailing support@cleolink.com. We will respond within 30 days. Subject to legal retention requirements (for example, billing records), we will delete or anonymize your data on request.

You may also unsubscribe from marketing email at any time using the link at the bottom of any such email, and cancel your subscription from inside your account in two clicks.

8. GDPR (EU/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have specific rights under the General Data Protection Regulation, including the right of access, rectification, erasure, restriction of processing, data portability, and objection. The legal bases on which we process your data are: performance of a contract (delivering the Service you signed up for), our legitimate interests (preventing fraud, improving the product), legal obligation, and your consent (where required, e.g. non-essential cookies).

Echelon Innovative Commerce L.L.C is the data controller for the personal information processed via CLEOLink. To exercise your rights or lodge a complaint, contact support@cleolink.com. You also have the right to complain to your local data protection authority.

9. CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act gives you the right to know what personal information we collect about you, the right to delete it, the right to correct inaccurate information, and the right to opt out of the "sale" or "sharing" of personal information. CLEOLink does not sell your personal information and does not share it for cross-context behavioral advertising. You will not be discriminated against for exercising any of these rights. Submit requests to support@cleolink.com.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion, we remove or anonymize personal information within 30 days, except where retention is required by law (for example, tax and billing records).

11. Children's Privacy

CLEOLink is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

12. International Users

CLEOLink is operated from the United States and data is stored in the US East region. By using the Service from outside the United States, you consent to your information being transferred to and processed in the United States, where data-protection laws may differ from those in your country.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice on the platform. The "Last updated" date at the top of this page will always reflect the current version.