Privacy Policy

Last updated: December 28, 2025

Introduction

CleanBiz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents.

Information We Collect

Information You Provide

  • Account Information: Name, email address, phone number, business name, and address when you create an account.
  • Customer Data: Information about your customers that you enter into CleanBiz, including names, addresses, phone numbers, and appointment details.
  • Payment Information: Billing details processed through our payment providers (we do not store full payment card numbers).
  • Communications: Messages you send through our contact forms or support channels.
  • Waitlist Information: Email address and referral source when you join our waitlist.

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on pages, and actions taken within the application.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Location Data: General geographic location based on IP address (not precise GPS location).
  • Cookies and Similar Technologies: See our Cookie section below.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Send promotional communications (with your consent)
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

Legal Basis for Processing (GDPR)

If you are in the European Economic Area, our legal basis for collecting and using your information includes:

  • Contract: Processing necessary to perform our contract with you (providing our services).
  • Consent: Where you have given consent for specific processing activities (e.g., marketing emails).
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and preventing fraud.
  • Legal Obligation: Processing necessary to comply with applicable laws.

Data Sharing and Disclosure

We may share your information with:

Service Providers

  • Convex: Our backend database provider that stores your account and business data (USA-based).
  • PostHog: Analytics provider that helps us understand how users interact with our services.
  • Cloudflare: Hosting and security provider for our website.
  • Payment Processors: To process payments securely.
  • SMS Providers: To send appointment reminders to your customers.

Other Disclosures

We may also disclose your information:

  • To comply with legal obligations or respond to lawful requests
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets
  • With your consent or at your direction

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Understand how you use our services (analytics)
  • Improve our website and services

Analytics (PostHog)

We use PostHog for analytics to understand how users interact with our website and application. PostHog collects information such as pages visited, clicks, and session duration. This data is used to improve our services.

You can opt out of analytics tracking by enabling "Do Not Track" in your browser or by contacting us.

Your Rights

Rights for All Users

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data.
  • Opt-out: Unsubscribe from marketing communications.

Additional Rights for EEA Residents (GDPR)

  • Data Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Lodge Complaint: File a complaint with your local data protection authority.

Additional Rights for California Residents (CCPA)

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: Opt out of the sale of your personal information (we do not sell personal information).
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active and for up to 30 days after deletion request.
  • Customer Data: Retained while your account is active. Deleted upon account deletion.
  • Analytics Data: Retained for up to 2 years.
  • Waitlist Data: Retained until you unsubscribe or we launch (whichever comes first).
  • Legal Records: Retained as required by law (e.g., tax records for 7 years).

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (HTTPS), secure data storage, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

Your information may be transferred to and processed in the United States, where our service providers are located. If you are in the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data during transfer.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (such as email notification).

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

For GDPR inquiries, you may also contact your local Data Protection Authority.