ClyOps Privacy Policy
Version 1.0 — last updated 2026-04-22.
This policy explains how ClyOps Group Ltd ("ClyOps", "we", "us") handles personal data collected when you interact with a ClyOps proposal site, review a proposal, or become a ClyOps client.
For questions, contact rajiv@clyops.com.
1. Who we are
ClyOps Group Ltd is the data controller for personal data collected through:
- Proposal sites we build for prospects (pre-sale demos)
- This website (clyops.com) and related marketing sites
- Client onboarding + service delivery communications
- The Stripe Checkout flow used to enrol clients
Registered in England & Wales. Contact for privacy queries: rajiv@clyops.com.
Note on client-site data: when ClyOps deploys a live site for a paying client (e.g. the client's public-facing business website), the *client* is the data controller for data collected through that site, and ClyOps acts as their data processor under a contract (see the Master Services Agreement). The privacy policy on each client's site describes how that client handles data.
2. What we collect (proposal stage)
When you receive a proposal link from ClyOps, we collect:
- Signed-link access — the JWT token used to access your proposal site, its expiry timestamp, and the IP + user-agent of the device that first opened it (for abuse prevention)
- Analytics events — page views, modal opens, tier selections, add-on toggles, checkout initiations, and checkout abandonments. Anonymised IP (truncated to /16), device class, referrer, approximate geo from IP
- Contact clicks — if you click a phone, email, or WhatsApp CTA on a proposal site, we log the channel (not the destination contents)
Analytics and marketing events only fire after explicit consent via the cookie banner.
3. What we collect (purchase + onboarding stage)
When you become a ClyOps client:
- Name, email, phone, business details — collected through Stripe Checkout, our onboarding form, and handover communications
- MSA acceptance evidence — timestamp, IP address (anonymised), user-agent, jurisdiction, and proposal ID at the moment you tick the Master Services Agreement box at Stripe Checkout
- Payment information — handled entirely by Stripe; ClyOps never sees or stores card details
- Service-delivery content — brand assets, copy, photos, and configuration you supply for us to build and maintain your site
4. Why we use it (lawful basis)
| Purpose | Lawful basis |
|---|---|
| Delivering the services you've bought | Performance of a contract (Art. 6(1)(b) UK GDPR) |
| Responding to sales enquiries | Legitimate interest (Art. 6(1)(f)) |
| Analytics + proposal telemetry | Consent (Art. 6(1)(a)) — via cookie banner |
| Fraud + chargeback prevention | Legitimate interest |
| Compliance with law | Legal obligation (Art. 6(1)(c)) |
5. Third-party processors
We use these service providers, each contractually bound by appropriate data-protection terms:
- Vercel — hosting infrastructure (servers in US/EU regions)
- Stripe — payment processing, subscription billing, and chargeback handling
- Mailgun — transactional email delivery (welcome, dunning, handover)
- GoHighLevel (GHL) — CRM and pipeline automation for clients who purchase the GHL bundle
- UptimeRobot — uptime monitoring on deployed client sites
- Cloudflare Turnstile — bot protection on forms
Subcontractors we engage for service delivery are bound by equivalent confidentiality and data-protection obligations.
6. How long we keep it
- Proposal analytics: 90 days, then aggregated
- MSA acceptance evidence: 7 years after the contract ends (chargeback + dispute window)
- Client configuration + brand assets: for the duration of the service contract + 90 days
- Form submissions (consultation, lead capture): 90 days on our storage; indefinite on client's onward systems if they've forwarded them
- Financial records: 7 years (UK statutory retention)
- Cancelled-account data: deleted 120 days after final billing failure (see Gap 40 dunning policy)
7. Your rights
Under UK GDPR you have the right to:
- Access the data we hold about you
- Have inaccurate data corrected
- Have your data deleted (subject to our retention obligations)
- Restrict how we use your data
- Receive a copy in a portable format
- Object to processing
EU residents: the same rights apply under EU GDPR. California residents: additional CCPA rights — right to know, right to delete, right to correct, right to opt out of sale/share (we do not sell or share personal information as defined by CCPA), right to non-discrimination. Australian residents: Australian Privacy Principles apply — right to access, correct, and complain without fearing service changes.
To exercise any of these rights, email rajiv@clyops.com. We respond within 30 days.
Complaints can be made to:
- UK: Information Commissioner's Office (ico.org.uk)
- EU: your national Data Protection Authority (edpb.europa.eu)
- US: California Attorney General (oag.ca.gov/privacy)
- AU: Office of the Australian Information Commissioner (oaic.gov.au)
8. Cookies
See the cookie banner on any ClyOps site + each client site's /cookies policy. Non-essential cookies only fire after explicit consent. You can revoke consent at any time via "Cookie preferences" in the footer.
9. Changes to this policy
This version: 1.0, dated 2026-04-22. Material changes will be posted here; substantive changes that affect existing clients will be emailed directly.
10. Contact
- General: rajiv@clyops.com
- Billing / data requests: billing@clyops.com
- Abuse / security: security@clyops.com
ClyOps Group Ltd · https://clyops.com