Legal

Privacy Policy

Effective date: April 4, 2026

This Privacy Policy describes how MINDRORA LLC ("Clyero," "we," "us," or "our") collects, uses, and shares information when you use the Clyero platform at https://clyero.com ("Service"). By using the Service, you agree to the practices described in this Policy. Questions? Email us at legal@clyero.com.

Contents

Who We Are Data We Collect How We Use Data Legal Bases Data Sharing Third-Party Integrations Data Retention Security International Transfers Your Rights Children's Privacy Policy Changes Contact

1Who We Are

Clyero is an AI-powered content creation and publishing platform operated by MINDRORA LLC, a company incorporated in Albuquerque, New Mexico, USA. Clyero enables brands, businesses, and content creators to generate, manage, and publish AI-assisted images, videos, and text across social media platforms and other channels.

For all privacy inquiries: legal@clyero.com

2Information We Collect

We collect information you provide directly, information generated through your use of the Service, and technical information from your devices and browsers.

2.1 Account & Profile Information

Name (first and last)
Email address
Password (stored using bcrypt hashing — we never store plaintext passwords)
Profile preferences and account settings
How you heard about Clyero (optional, at signup)
Record of policy acceptance, including timestamp

2.2 Authentication Data

If you sign in via Google OAuth, we receive your name, email address, and profile photo from Google as permitted by the OAuth scopes you approve. We do not receive or store your Google password.

2.3 Connected Social Platform Data

When you connect social media accounts (such as LinkedIn, X, Instagram, Facebook, or Pinterest) for content publishing:

OAuth access tokens and refresh tokens are stored encrypted at rest using AES-256 encryption.
We store your platform username, display name, avatar URL, and platform user ID.
We access your social accounts only to perform actions you explicitly authorize (e.g., publishing posts, scheduling content).
We do not read private messages or access data beyond what is necessary for the features you have enabled.

2.4 Generated Content & Uploaded Media

AI-generated images, videos, and text you create via the Service are stored in our cloud infrastructure (Supabase Storage).
Files you upload for use with our tools are stored in our cloud infrastructure.
Metadata about your generated content (e.g., prompts, model used, job status, timestamps) is stored in our database.

2.5 Payment & Billing Information

Payment transactions are processed by Stripe, Inc. We do not collect or store your full credit card number or CVV. We receive and retain:

Billing contact name and email
Subscription status and plan tier
A Stripe customer ID and subscription ID for account management purposes

Your full payment details are governed by Stripe's Privacy Policy.

2.6 Usage Analytics

We collect usage data to understand how the Service is used, identify bugs, and improve features. This includes:

Features accessed and actions performed within the platform
Job creation and completion events (anonymized)
Session duration, frequency, and feature adoption
Errors, crashes, and performance metrics

Analytics are processed by PostHog (hosted in the EU) and Sentry.

2.7 Device & Technical Information

IP address
Browser type and version
Operating system
Referring URLs
Request timestamps

2.8 Cookies & Local Storage

We use session cookies for authentication and localStorage for user preferences such as theme and language settings. We do not serve advertising cookies or third-party tracking pixels.

3How We Use Your Information

We use the information we collect to:

Create and manage your account
Provide the Service, including AI content generation, publishing, and scheduling
Process payments and manage subscriptions
Authenticate access to third-party platforms you connect
Monitor, maintain, and improve the reliability and features of the Service
Detect and prevent fraud, abuse, and security incidents
Send transactional emails (e.g., account verification, billing receipts, important notices)
Respond to your support requests and communications
Comply with applicable legal obligations

We do not sell your personal information to third parties. We do not use your generated content or uploaded media to train AI models.

4Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, we process personal data under the following legal bases:

Purpose	Legal Basis
Account creation and service delivery	Contract performance
Payment processing	Contract performance
Service improvement and debugging	Legitimate interests
Usage analytics and error monitoring	Legitimate interests
Marketing communications	Consent
Legal and regulatory compliance	Legal obligation

5Data Sharing & Service Providers

We share data with third-party service providers ("subprocessors") only as necessary to operate the Service. All subprocessors are contractually obligated to handle data securely and solely for the purposes we specify. We do not authorize subprocessors to use your data for their own marketing or AI training purposes.

Provider	Purpose	Location
Railway	Cloud hosting and infrastructure	USA
Supabase	File storage and CDN	USA / EU
Stripe	Payment processing	USA
PostHog	Usage analytics	EU
Sentry	Error monitoring and performance	USA
Resend	Transactional email delivery	USA
OpenAI	AI image and text generation (platform key)	USA
Anthropic	AI text generation (platform key)	USA
Google (Gemini)	AI text generation (platform key)	USA
Replicate / FAL / Kling	AI video and image generation	USA

If you provide your own API keys for AI providers, your requests are sent directly from our servers to those providers using your key, and you are subject to each provider's own terms and privacy policy.

6Third-Party Integrations

The Service allows you to connect third-party social media and content platforms (including LinkedIn, X, Instagram, Facebook, Pinterest, and others). When you use these integrations:

Each connected platform is governed by its own terms of service and privacy policy. Clyero does not control how those platforms collect or use your data.
You are responsible for ensuring your use of third-party platforms through Clyero complies with each platform's policies.
We store only the access tokens and minimal profile data necessary to operate your selected integrations. Tokens are encrypted at rest.
Tokens are permanently deleted when you disconnect a platform from your account.

7Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service:

Account data: Retained for the lifetime of your account, plus 90 days after deletion to allow for recovery.
Generated content and media: Retained until you delete it, plus 30 days for recovery purposes.
Payment records: Retained for up to 7 years as required for tax and accounting compliance.
Usage logs and analytics: Retained for up to 24 months in anonymized form.
Social platform tokens: Deleted immediately when you disconnect an account.

You may request deletion of your data at any time by contacting legal@clyero.com.

8Data Security

We implement industry-standard security measures, including:

AES-256 encryption for stored API keys and social platform tokens
HTTPS/TLS for all data in transit
Bcrypt hashing for user passwords
Access controls and least-privilege principles across our infrastructure
Rate limiting on authentication endpoints to prevent brute-force attacks
Regular dependency monitoring and security patching
Error monitoring and anomaly detection via Sentry

No system is fully immune to threats. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

9International Data Transfers

We are headquartered in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the United States or other countries where our subprocessors operate. We ensure such transfers comply with applicable law — for example, through standard contractual clauses where required by GDPR.

10Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request erasure of your personal data ("right to be forgotten").
Portability: Request your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Restriction: Request that we limit processing of your data in certain circumstances.
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at legal@clyero.com. We will respond within 30 days. You may also file a complaint with your local data protection authority.

California residents may have additional rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of sale. We do not sell personal information.

11Children's Privacy

The Service is not directed at individuals under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at legal@clyero.com and we will delete it promptly.

12Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" at the top of this page and, for significant changes, notify you by email or an in-app notice. Your continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

13Contact Us

For questions, concerns, or data requests related to this Privacy Policy, contact us at:

MINDRORA LLC

Email: legal@clyero.com

Website: https://clyero.com