← Back

Privacy Policy

Last updated: May 16, 2026

1. Who We Are

ClositAI ("we", "us", "our") provides an AI-powered sales objection coaching service. ClositAI is the seller of the service and the data controller for personal data processed through ClositAI accounts, product usage, support, and communications.

2. Personal Data We Collect

  • Account data: name if provided, email address, hashed password or OAuth identifier, profile details, and authentication session data.
  • Usage data: practice attempts, custom objections, AI prompts and responses, saved preferences, plan entitlements, daily usage counters, and feature activity.
  • Technical data: IP address, browser and device information, approximate location derived from IP address, timestamps, security logs, and error logs.
  • Support data: messages, attachments, and contact information you send when requesting support.
  • Billing relationship data: Paddle customer ID, subscription ID, plan, subscription status, renewal date, cancellation status, and transaction references. Full payment card details are collected and processed by Paddle, not ClositAI.

3. Why We Process Data and Legal Bases

  • Account creation and authentication: to create, secure, and maintain your account — contract performance.
  • Providing the service: to generate AI coaching, save your objections, enforce plan limits, and provide subscribed features — contract performance.
  • Payment and subscription administration: to activate entitlements, record renewals, handle cancellations, and support billing questions — contract performance and legal obligation.
  • Security and fraud prevention: to detect abuse, rate-limit misuse, investigate incidents, and protect ClositAI and users — legitimate interests.
  • Product improvement: to debug, measure reliability, improve features, and understand aggregate usage — legitimate interests.
  • Customer support: to respond to requests and keep support records — contract performance and legitimate interests.
  • Marketing communications: only where permitted by law or with your consent; you can opt out at any time — consent or legitimate interests as applicable.

4. AI Processing

When you use AI features, your prompts, selected sales context, and generated outputs may be sent through our AI gateway to model providers so the service can return coaching responses. We use this data to provide and improve ClositAI, but we do not sell your prompts or outputs.

5. Paddle as Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all ClositAI orders. Paddle processes payment details, invoices, taxes, chargebacks, subscription billing, and refunds. Paddle may act as an independent controller for payment and tax data. Review Paddle's Privacy Policy for how Paddle handles buyer information.

6. Who We Share Data With

  • Paddle: for product sale, payment processing, subscription management, tax compliance, invoices, customer billing support, and refunds.
  • Service providers and subprocessors: hosting, database, authentication, AI gateway, email delivery, analytics, security, and error monitoring providers that help us operate ClositAI.
  • Professional advisers: lawyers, accountants, auditors, insurers, and similar advisers where needed.
  • Authorities or third parties: where required by law, to enforce our terms, or to protect rights, safety, security, and prevent fraud.

7. International Transfers

Some providers may process personal data outside your country, including outside the UK or EEA. Where required, we rely on safeguards such as adequacy decisions, Standard Contractual Clauses, or equivalent contractual protections.

8. Data Retention

We keep account and usage data while your account is active. After account deletion, we delete or anonymise personal data within 90 days unless a longer period is needed for security, dispute resolution, legal compliance, or legitimate business records. Subscription, invoice, tax, and payment records may be retained by Paddle as Merchant of Record for legally required periods.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent, or complain to a data protection authority. To exercise rights, email simsekby@gmail.com. We will respond within the timeframe required by applicable law, generally within one month for UK/EEA requests.

10. Security

We use appropriate technical and organisational measures designed to protect personal data, including encryption in transit, hashed credentials, access controls, authentication protections, logging, and database row-level access controls. No system is perfectly secure, so please report suspected vulnerabilities to us promptly.

11. Cookies and Local Storage

We use essential cookies and local storage for authentication, security, session persistence, and preferences. We may use analytics technologies to understand product usage and reliability. We do not use advertising cookies. You can manage cookies in your browser, but disabling essential storage may prevent sign-in or core features from working.

12. Contact and Changes

For privacy questions, email simsekby@gmail.com. We may update this policy from time to time. Material changes will be notified in-product, by email, or by updating this page. See also our Terms of Service.