Privacy Policy

Home
Privacy Policy

Privacy Policy

Last Updated: February 6, 2025

Clipo, Inc. (“Clipo,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the SiteAgent service. SiteAgent is an AI-powered virtual assistant that website owners (our Subscribers) can integrate into their websites to interact with website visitors (End Users).

This Privacy Policy applies to two categories of individuals:

Subscribers: Individuals or organizations who sign up for and use SiteAgent on their websites, or otherwise interact with Clipo as customers (for example, by creating an account, configuring the AI assistant, or contacting us for support).
End Users: Individuals who visit a Subscriber’s website and interact with the SiteAgent virtual assistant on that site.

By using SiteAgent as a Subscriber or an End User, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree, please do not use the SiteAgent service. We encourage you to read this policy carefully, along with our Terms of Service, to understand how your information is handled.

Note for End Users: The Subscriber (website owner) may have its own privacy policy governing its website and use of SiteAgent. This Clipo Privacy Policy describes how Clipo handles your data via SiteAgent, but it does not cover the Subscriber’s own practices outside of our service. We act as a “service provider” or “processor” to the Subscriber for much of the End User data processed through SiteAgent, which means we handle that data on behalf of the Subscriber. End Users should also review the privacy policy of the website where they are interacting with SiteAgent.

1. Information We Collect

We may collect various types of information from and about Subscribers and End Users, including:

1.1 Information Provided by Subscribers

Account Registration Information: When a Subscriber signs up for SiteAgent or creates an account with Clipo, we collect personal information such as the Subscriber’s name, business name, email address, phone number, mailing address, and account login credentials. If the Subscriber contacts us or fills out a form (e.g., a demo request or support ticket), we will collect the information they provide (such as contact details and the content of the inquiry).
Billing Information: If the Service is paid, we (or our third-party payment processor) collect payment information from Subscribers, such as credit card numbers or billing addresses. Clipo itself generally does not store full payment card details; this is handled by a compliant payment processor.
Content and Configuration Data: Subscribers may provide content to Clipo to configure or improve the Service for their use. For example, a Subscriber might upload FAQs, documents, or other data for SiteAgent to use in responding to End Users, or set custom prompts and rules. This data may include personal information if the Subscriber chooses to include it. Any personal information in such content about third parties should only be provided if the Subscriber has the right to do so.
Communications with Us: If a Subscriber communicates with us (for instance, through email, support chat, or phone), we will collect the information in those communications, which may include personal contact information and any other details the Subscriber chooses to provide.

1.2 Information Collected from End Users (Website Visitors)

Interactions with SiteAgent: When an End User interacts with the SiteAgent assistant on a Subscriber’s site (for example, by typing or speaking a question), we collect the content of the interaction. This includes the End User’s questions, requests, and any information they choose to provide via the chat or interface. Such information could include personal data (e.g., name, email, or other details about themselves) if the End User voluntarily includes it in their queries or messages.
Usage Data: We may automatically collect certain technical information about the End User’s interaction with SiteAgent. This can include:
Device and Browser Information: Such as the End User’s IP address, browser type, device type (e.g., mobile or desktop), operating system, and configuration.
Log Data: Timestamps of interactions, pages or locations on the Subscriber’s site where SiteAgent was used, chat session IDs or tokens, and cookies or similar technologies that uniquely identify the conversation or user session.
Cookies and Similar Technologies: SiteAgent may use cookies, local storage, or similar technologies on the End User’s browser to remember conversation context or preferences (see “Cookies and Tracking Technologies” below for more detail). We do not use SiteAgent cookies for advertising purposes, but they may be used to ensure continuity of the conversation or to collect analytics on how End Users use the Service.
End User Contact Information (Optional): SiteAgent’s interface might give End Users the option to provide contact information for follow-up (for example, an email address to receive a transcript or further assistance). In such cases, if an End User chooses to provide it, we will collect that contact information and share it with the relevant Subscriber, and possibly use it to facilitate the requested follow-up.

1.3 Information Collected Automatically (Subscribers and End Users)

For both Subscribers and End Users, we (and our service providers) may use automated means to collect certain information about devices used to access our Service:

Cookies and Web Beacons: When Subscribers log into Clipo’s dashboard or website, or when End Users interact with SiteAgent, we may use cookies and invisible images (“web beacons”) to collect data. This can include IP address, browser type, the time spent on our pages or the chat widget, and the pages or features interacted with.
Analytics Information: We use analytics tools (such as Google Analytics or similar) to collect information about how Subscribers use our website or how End Users engage with SiteAgent. These tools may use cookies or device identifiers to help us understand usage patterns, diagnose technical issues, and improve our service. The information collected typically includes device identifiers, pages visited, time spent, and other aggregated usage metrics. Analytics data is generally viewed in aggregate form, but may include IP addresses or device identifiers that could be considered personal data in some jurisdictions.

1.4 Information from Third Parties

Third-Party Integrations: If a Subscriber chooses to integrate SiteAgent with third-party services or data sources, we may receive information from those third parties as needed for the integration. For example, if SiteAgent is integrated with a Subscriber’s customer support system or knowledge base, we might receive data from that system to help answer End User questions. Such data will be used in accordance with the Subscriber’s instructions and this Privacy Policy.
Single Sign-On and Authentication: If we offer the option for Subscribers to log in via third-party authentication providers (like Google OAuth or similar), we may receive basic account information from those providers (such as name, email) to facilitate login.
Marketing and Referrals: We might receive contact information of potential Subscribers from marketing partners, referral programs, or public sources. We use that information solely to reach out to those potential customers in compliance with applicable laws (for example, by sending one-time emails inviting them to try SiteAgent).
End User Data from Subscriber: In some cases, a Subscriber might proactively provide End User data to Clipo, for instance, by uploading a list of frequently asked questions that contain common customer names or details, or by using an API that sends End User data to SiteAgent. We treat any personal information about End Users provided by Subscribers in accordance with this Policy and our agreement with the Subscriber.

*We do not knowingly collect sensitive personal data* (such as social security numbers, credit card numbers directly from End Users, health or biometric data, etc.) through SiteAgent, unless specifically requested as part of a service feature with appropriate safeguards. We ask End Users not to provide sensitive personal information in the chat unless it is necessary for their interaction. If you believe sensitive data has been provided to us without proper basis, please contact us so we can address it.

2. How We Use Your Information

We use the collected information for various purposes, depending on whether you are a Subscriber or an End User, and as necessary to operate our business and provide the Service. The primary uses include:

2.1 Providing and Improving the Service

Operating the Service: We use information from Subscribers and End Users to provide SiteAgent’s functionality. For Subscribers, this means using your registration and configuration data to set up your account, enable the AI assistant on your site, and maintain your subscription. For End Users, this means processing your questions or messages through SiteAgent, generating AI responses, and delivering those responses back to you.
Personalization and Configuration: If a Subscriber has configured SiteAgent with certain data or rules, we use End User queries in conjunction with that Subscriber-provided data to generate appropriate responses. We also may customize the interaction (e.g., greeting returning users if we can identify repeat visits via cookies) to improve user experience.
Improving AI and Features: We analyze interactions (in aggregated and/or anonymized form where possible) to improve SiteAgent’s performance. This may involve training our AI models on de-identified conversation data, debugging issues in responses, or refining the Service’s algorithms. We also may use feedback (such as when End Users give a “thumbs up/down” on answers or when Subscribers provide correction feedback) to improve the accuracy and helpfulness of the assistant.
Developing New Features: Information about how Subscribers and End Users use SiteAgent helps us develop new tools, features, or integrations. For example, if we notice many Subscribers integrating with a certain type of service, we might build a more robust integration. Or if End Users commonly ask for a feature (like voice input), we might consider adding it.
Maintenance and Support: We use data to troubleshoot and fix issues. If a Subscriber reports a problem, we might look at their account data or relevant log files to diagnose the issue. Similarly, monitoring logs and usage patterns helps us ensure the Service is secure and performing well.

2.2 Communication

Account and Service Communication (Subscribers): We use Subscriber contact information to send important notices. This includes sending confirmations when you sign up, invoices or receipts for payments, alerts about important changes or updates to the Service, security or support notifications, and responses to communications you send us.
Customer Support: Whether you are a Subscriber or End User, if you reach out to us with a question or request, we will use your contact information and any details you provide to respond. For example, if an End User emailed us about a privacy inquiry, we would use their email to reply and address their concern.
Marketing Communications (Subscribers): We may use a Subscriber’s email or contact info to send newsletters, product announcements, or promotional offers related to SiteAgent or other Clipo services. You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us. (We do not send marketing communications to End Users of our Subscribers, only to our direct customers or those who have expressed interest in our services.)
Feedback Requests: We might ask Subscribers to provide feedback or complete surveys about SiteAgent to improve our offerings. Participation in surveys is optional.

2.3 Compliance and Protection

Legal Obligations: We may process personal information where necessary to comply with legal obligations, such as fulfilling lawful requests by public authorities, responding to subpoenas or court orders, or meeting record-keeping and tax obligations.
Enforcing Terms and Policies: Information is used to monitor for and investigate violations of our Terms of Service or other misuse of the Service (e.g., using the assistant to spread malware or illegal content). If necessary, we will use personal data to prevent abuse, resolve disputes, enforce our agreements, and protect our rights and the rights of our users or others.
Safety and Security: We may use information (like IP addresses or user behavior patterns) to detect and prevent fraud, spam, or security issues. For instance, unusual activity might trigger a closer review or certain IPs might be blocked if known to be malicious. In some cases, we might share relevant information with Subscribers (e.g., alerting a Subscriber of a suspicious query pattern on their SiteAgent implementation).

2.4 Other Purposes (With Notice or Consent)

If we intend to use your personal information for a purpose not described in this Privacy Policy, we will seek your consent or provide you with the opportunity to opt-out as required by law. For example:

If we ever plan to use End User conversation data for any external marketing purpose or to publicly display testimonials, we would obtain permission from the involved parties.
If a Subscriber wants us to process data in a way that is outside the scope of our standard services, we would do so only under appropriate contractual terms and with any required consent.

2.5 Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under the GDPR for processing your personal data:

Performance of a Contract: We process personal data to provide the Service according to our contract with you (Terms of Service) or with the Subscriber. For example, we need to process a Subscriber’s account info to provide access to SiteAgent, or process an End User’s query to provide a response.
Legitimate Interests: We process certain data as necessary for our (or others’) legitimate interests, such as improving our services, securing our platform, communicating with you about relevant products, and preventing fraud. When we rely on this basis, we ensure that our interests are not overridden by individuals’ data protection rights.
Consent: In some cases, we may rely on your consent, for instance for optional cookies or for sending marketing emails. Where consent is our basis, you have the right to withdraw it at any time.
Legal Obligation: We process data when necessary to comply with legal obligations, such as retaining transaction records for financial regulations or responding to legal process.

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and analyze our Service:

What are Cookies: Cookies are small text files that websites place on your device to store information about you or your device. For example, a cookie might assign a unique ID to your browser to remember your preferences or identify you when you return.
SiteAgent Cookies: When an End User interacts with SiteAgent, we may place a cookie or use local storage in the browser to keep track of the conversation state (so the assistant can remember prior context during that session) and to recognize if the user has interacted with the assistant before. These cookies are generally session cookies (which expire when you close your browser) or have a limited lifespan. They are used for functionality (not advertising).
Clipo Website Cookies: For Subscribers logging into our dashboard or website, we use cookies to manage your login session (so you remain logged in as you navigate) and to remember your preferences (such as language or other settings). We may also use cookies to gather analytics about how our site and Service are used (via third-party analytics services as noted below).
Analytics: We use third-party analytics tools like Google Analytics. These providers may set their own cookies or use your IP address and browser information to help us analyze user traffic. This information helps us understand aggregate usage patterns (e.g., number of visitors, popular pages) and does not identify you by name. Google Analytics may set cookies to identify returning visitors or to provide other features. You can learn how Google Analytics uses data and how to opt out by visiting Google’s site on “How Google uses information from sites or apps that use our services”.
Opt-Out & Choices: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse certain cookies or to alert you when cookies are being sent. However, please note that if you disable cookies, some features of SiteAgent (especially maintaining conversation context for End Users, or staying logged in as a Subscriber) may not function properly. For End Users in the EU, Subscribers may implement a cookie consent banner on their sites; if you opt out of cookies there, SiteAgent will comply with such preferences for non-essential cookies.
Do-Not-Track Signals: Currently, our Service does not respond to “Do Not Track” browser signals. We treat all users equally and use cookies as described above regardless of a DNT signal. If standards emerge for DNT, we will reassess how to respond to them.

4. How We Share and Disclose Information

We understand the importance of keeping your personal information private. We do not sell your personal information to third parties. We only share information in the following circumstances, to the extent necessary for business operations and as permitted by law:

4.1 Sharing with the Subscriber (for End User Data)

If you are an End User interacting with SiteAgent on a website, the content of your interactions (including any personal information you provide in the chat) will be shared with the Subscriber (the website owner who has deployed SiteAgent). For example, the Subscriber may have access to conversation transcripts, analytics about chat usage, or may receive an email summary of chats. The Subscriber uses this information for their own purposes (such as improving their services or following up on customer inquiries) under their own privacy policy. Clipo facilitates this sharing as part of our service to the Subscriber.

4.2 Service Providers and Partners

Clipo uses trusted third-party service providers to perform certain functions in support of our Service. We share information with these providers only to the extent necessary for them to carry out their work, and we require them to protect it and use it only as directed by us. Key examples include:

Hosting and Infrastructure: We use cloud hosting providers and data center services to store and process data (including chat data and account information). These providers may have access to personal data for storage, backup, and retrieval purposes.
Payment Processors: If you are a Subscriber making payments, your payment details may be handled by a payment processing company (e.g., Stripe, PayPal, or similar). They receive the necessary billing information to process transactions and are responsible for securing that information.
Analytics and Performance Monitoring: We share some data with analytics services (like Google Analytics, as described above) to understand usage patterns. These analytics providers act on our behalf to analyze data about how the Service is used.
Email and Communications: We may use services to send emails or notifications (such as a mailing service to send account verification or marketing emails, or a customer support platform to manage inquiries). These services will process contact information and message content as needed to send our communications to you.
Professional Advisors: In some cases, we might share necessary information with our auditors, attorneys, or insurers for compliance, legal, or financial advice purposes. These parties are bound by confidentiality obligations.

Our service providers are contractually obligated to safeguard personal information and only use it for the purposes we specify. We strive to choose providers with strong security and privacy track records.

4.3 Third-Party Integrations (at Subscriber’s Request)

If a Subscriber chooses to connect SiteAgent with a third-party integration or service, Clipo will share data with that third party as needed to facilitate the integration only with the Subscriber’s authorization. For instance:

If SiteAgent is connected to a third-party knowledge base or CRM, we might send an End User’s query to that service to retrieve an answer, or log the conversation in the Subscriber’s CRM.
If a Subscriber enables a feature to escalate a chat to a human agent through an external system, we will transfer the conversation data to that system.

In such cases, the third-party’s use of the information is governed by the agreement between the Subscriber and that third party (and their privacy policy). While Clipo will take steps to facilitate secure integration, we are not responsible for the third party’s handling of the data once it is transferred to them. We recommend Subscribers only enable integrations with trusted third parties and review their privacy practices.

4.4 Business Transfers

If Clipo is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction. We will ensure that any acquiring entity honors the commitments of this Privacy Policy or provides notice and obtains consent if required by law for any material changes in handling personal information.

4.5 Legal Compliance and Protection of Rights

We may disclose personal information to third parties (such as courts, law enforcement agencies, regulators, or legal counsel) when we believe, in good faith, that such disclosure is necessary to:

Comply with a legal obligation or respond to valid legal process (e.g., a subpoena, warrant, or court order).
Protect our rights, property, or safety, or the rights, property, or safety of our Subscribers, End Users, or others.
Investigate and defend ourselves against any third-party claims or allegations.
Detect, prevent, or otherwise address criminal, illegal, or fraudulent activity (including cybersecurity threats, or misuse of our Service).

We will endeavor to notify Subscribers (and End Users, if applicable) of any legal demands for their personal data, unless we are prohibited by law or court order from doing so, or unless the situation is an emergency.

4.6 With Your Consent

In cases other than those outlined above, we will seek your consent before sharing your personal information with third parties. For example, if we wanted to feature a Subscriber’s logo or story on our website as a testimonial, we would obtain permission. Or if an End User asked us to coordinate with another company to handle a request, we would do so with their consent.

5. International Data Transfers

Clipo is based in the United States and the Service is primarily operated from the U.S. If you are located outside the United States, be aware that any information you provide through SiteAgent will likely be transferred to and processed in the United States or other jurisdictions where our service providers are located. The data protection laws in these jurisdictions may not be as stringent as those in your home country.

However, we take steps to ensure that your personal information receives an adequate level of protection consistent with applicable law. If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) for transferring personal data outside of the EEA/UK. These contractual clauses are designed to ensure that your data is protected to EU standards even when processed in countries that have not been deemed to have adequate data protection laws.

By using SiteAgent or providing us with information, you consent to the transfer, processing, and storage of your information in the United States and other countries as set forth in this Privacy Policy. We will use and protect your personal information as described herein, regardless of where it is processed.

If you have questions about our international data transfers or need more information about the safeguards we have in place, you can contact us using the information in the Contact section below.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

Subscriber Account Information: We keep Subscriber account data for as long as the account is active. If a Subscriber’s account is terminated or expires, we may retain certain data (such as transaction records or contact details) for a period of time to settle any obligations (like outstanding fees), enforce our agreements, or as required by law (for example, financial records for tax purposes). We may also retain backup copies for a limited period or as part of our routine archiving practices.
End User Data: We retain End User interaction data (chat logs and related information) on behalf of the Subscriber to provide the Service and for analysis and improvement purposes. The retention of specific End User data may be determined by the Subscriber’s settings (if we offer a way for Subscribers to delete conversation logs or set retention limits). If an End User requests deletion of their personal data, we will delete or anonymize the data in our possession within a reasonable timeframe, provided we can locate the data and are not required by law to keep it. We also periodically review and purge End User data that is no longer necessary for our business purposes; for example, we might delete or anonymize detailed conversation logs after a certain number of months, while retaining aggregated usage statistics.
Communications: If you contact us via support or email, we may retain those communications and our responses for records and to help improve our support services. These may be kept for a period of time after the inquiry is resolved, unless you request deletion and we have no legal obligation to keep them.
Analytics Data: Aggregated or anonymized data that does not identify a user may be retained indefinitely for analytics and service improvement.

When we no longer have a legitimate need to retain your personal information, we will securely delete or anonymize it. If deletion or anonymization is not feasible (for example, because the data is stored in backup archives), then we will securely store the data and isolate it from further processing until deletion is possible.

7. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to honoring applicable data rights and providing individuals with access and control over their information.

7.1 Rights Under the GDPR (EU/EEA/UK)

If you are in the European Union, European Economic Area, or United Kingdom, you have the following rights with respect to your personal data:

Right to Access: You can request confirmation of whether we are processing your personal data and, if so, request access to that data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you.
Right to Rectification: You have the right to request correction of any incomplete or inaccurate data we hold about you.
Right to Erasure: You can ask us to delete or remove personal data where there is no good reason for us to continue processing it. This is also known as the “right to be forgotten.” Note that this right is not absolute – we may need to retain certain information for legal or legitimate business purposes.
Right to Restrict Processing: You can ask us to suspend the processing of your personal data in certain scenarios, for example if you want us to establish its accuracy or the reason for processing it.
Right to Data Portability: You have the right to request that we provide you or a third party you specify with a copy of your personal data in a structured, commonly used, machine-readable format, where the processing is based on consent or contract and is carried out by automated means.
Right to Object: You can object to our processing of your personal data where we are relying on legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing. You also have the right to object if we process personal data for direct marketing purposes.
Right Not to be Subject to Automated Decisions: SiteAgent does not make decisions producing legal or similarly significant effects solely by automated means without human involvement. However, to the extent this right may apply, you can request human review of a decision made by automation if you believe your rights are impacted.

To exercise any of these rights, please contact us using the information in the Contact section below. We may ask you to verify your identity to help us respond efficiently to your request. We will respond to your request within the timeframes required by law (typically within one month for GDPR requests, with the possibility to extend by two further months in certain circumstances).

Note for End Users: In many cases, Clipo acts as a data processor for End User personal data on behalf of a Subscriber (the data controller). If you are an End User seeking to exercise GDPR rights regarding data that was collected via SiteAgent on a Subscriber’s site, we recommend you first contact the website owner (the Subscriber). They may have the most direct ability to fulfill your request (for example, deleting a conversation from their records). We will cooperate with our Subscribers to support them in responding to such requests. If you contact Clipo directly with such a request, we may need to verify with the Subscriber before taking action, or we may direct you to contact the Subscriber when appropriate.

You also have the right to lodge a complaint with a supervisory authority in the EU/EEA or the UK if you believe we have infringed your data protection rights. We kindly request that you contact us first so we can address your concerns directly.

7.2 Rights Under the CCPA (California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information:

Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell (note: Clipo does not sell personal information, as explained below). You may request the specific pieces of personal information we have collected about you, as well as the categories of information, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You can request that we delete personal information we have collected from you, subject to certain exceptions (for example, we may retain information to complete a transaction, to detect security incidents, for legal compliance, etc.).
Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising. However, Clipo does not sell personal information to third parties and does not share it for behavioral advertising purposes. We use personal information only for the purposes described in this Policy (which are consistent with what the CCPA considers “business purposes” and “service provider” activities).
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means, for example, we will not deny you service or provide a different quality of service just because you made a privacy request. If you are a Subscriber, please note that deletion of certain data (such as your account information) might prevent us from providing the Service, but we will inform you if that is the case and allow you to proceed with deletion if you wish.

To exercise your CCPA rights, you (or your authorized agent) can contact us via the methods described in the Contact section below. We may need to verify your identity (or the authority of your agent) before fulfilling your request. Verification may involve confirming information we already have on file (such as your email address or phone number).

Disclosure About CCPA Categories: In the past 12 months, we may have collected the following categories of personal information (as defined by CCPA) from Subscribers and End Users: identifiers (e.g., name, email, IP address); customer records information (e.g., phone number, billing info for Subscribers); internet or other electronic network activity information (e.g., interaction logs with SiteAgent); and inferences drawn from any of the above (for example, preferences or potential interests inferred from interaction patterns). All such information is collected for the business purposes described in this Policy, including providing and improving our services, and not for commercial sale.

Service Provider Designation: When Clipo processes End User data on behalf of a Subscriber (who may be a “business” under CCPA), we do so as a “service provider.” We do not use End User personal information we process on behalf of our Subscribers for our own independent purposes, except as allowed under CCPA (such as to maintain or improve the quality of our service, or to detect security incidents). We do not “sell” such End User personal information. If we receive a CCPA request from an End User of a Subscriber, we may forward the request to the Subscriber or inform the End User to submit the request directly to the Subscriber, as required by CCPA.

7.3 Other State or Country Privacy Rights

Residents of certain other states or countries may have similar rights under local laws (e.g., the right to access or delete personal information). For example, some U.S. states (like Virginia, Colorado, Connecticut, Utah) have their own privacy laws that grant rights to access, delete, or opt-out of certain data uses. Clipo will honor valid requests under those laws as well.

If you are in a jurisdiction not specifically mentioned above but you have a legal right to request information, access, correction, or deletion of your personal data, please contact us and we will respond in accordance with applicable law.

7.4 Managing Communication Preferences

Opting Out of Marketing: If you are a Subscriber and no longer wish to receive marketing or promotional emails from us, you may opt out at any time by clicking the “unsubscribe” link at the bottom of those emails or by contacting us directly. Please note that you will still receive transactional messages from us (such as account notifications or customer service communications) even if you opt out of marketing.
Blocking Cookies: As discussed in the Cookies section, you can control cookies through your browser settings. Blocking cookies may impact SiteAgent’s functionality.
Do Not Sell/Share (California): As noted, we do not sell personal data. If you have any questions or want to ensure we understand your preferences, you can contact us with “Do Not Sell My Info” in the subject.

8. Security Measures

Clipo takes reasonable and appropriate measures to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption: We use encryption in transit (HTTPS/TLS) for data transmitted between your device and our servers. We also encrypt sensitive data at rest, where appropriate, especially any sensitive personal information or credentials.
Access Controls: We limit access to personal data to employees, contractors, and agents who need such access to operate and improve the Service. Those who have access are subject to strict confidentiality obligations. Subscriber accounts are protected by authentication measures, and we encourage Subscribers to use strong passwords and, if available, two-factor authentication.
Monitoring: Our systems are monitored for security vulnerabilities and potential intrusions. We use firewalls, intrusion detection systems, and regular security testing to maintain the integrity of our platform.
Training and Policies: Our staff are trained on data protection best practices, and we maintain internal policies to safeguard data.
Incident Response: We have an incident response plan for handling data breaches or security incidents. In the event of a data breach affecting personal information, we will notify affected Subscribers (and End Users, if applicable) and the relevant authorities as required by law.

Please note that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. You should also take care with how you handle and disclose your personal information and avoid sending sensitive information through insecure channels.

9. Children’s Privacy

SiteAgent and Clipo’s services are not intended for use by children under the age of 13 (or under the age of 16 in certain jurisdictions where 16 is the age of consent for data processing, such as some countries in the EU, in which case we treat those under 16 as children). We do not knowingly collect personal information from children in these age groups without verifiable parental consent.

Subscribers’ Responsibility: If a Subscriber’s website is directed toward children or likely to be used by children under 13, the Subscriber is responsible for complying with the U.S. Children’s Online Privacy Protection Act (COPPA) and similar laws, which may include obtaining parental consent before allowing a child to use SiteAgent. Clipo expects Subscribers to appropriately limit the use of SiteAgent in such contexts or obtain necessary consents. If you are a Subscriber and need a child-directed version of our service or have specific requirements, please contact us to discuss possible accommodations.
No Intentional Collection: We do not design SiteAgent to solicit personal information from children. While children might innocently interact with the AI assistant, we urge parents and guardians to instruct children not to provide personal information (like name, address, or contact details) in the chat. If you are a parent or guardian and believe your child under 13 (or under 16, as applicable) has provided personal information to us without consent, please contact us immediately.
Removal of Child Data: If we become aware that we have inadvertently collected personal information from a child under 13 (or under 16, as relevant) without proper consent, we will take steps to delete that information promptly. End Users can alert us at [email protected] if they suspect we have any such information, so we can investigate and remove it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the policy, we will revise the “Last Updated” date at the top of this page. If the changes are significant, we will provide a more prominent notice (such as by posting a notice on our website or sending an email notification to Subscribers).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of SiteAgent or our services after any update to this Privacy Policy will constitute your acknowledgment of the changes and agreement to be bound by the revised policy.

If you do not agree with the changes to the Privacy Policy, you should discontinue use of the SiteAgent service and may contact us to have your data removed, subject to our data retention and deletion practices.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Clipo, Inc.

[email protected]