Home Projects Pricing Contact Privacy Policy
Legal

Privacy
Policy

How Clevex collects, uses, and protects your personal information — in plain language and in full.

Effective Date 24 May 2026
Last Updated 24 May 2026
Version 1.0
01

Introduction

Clevex ("we", "us", or "our") is a technology and software solutions company. This Privacy Policy explains how we collect, use, store, and share personal information when you use our products, services, websites, and applications (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please discontinue use of our Services.

Google API Services Our application may access certain Google user data through Google API Services. The use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
02

Data We Collect

We may collect the following categories of personal data when you use or interact with our products and services:

Category Examples Source
Identity dataFull name, username, profile pictureProvided directly by you
Contact dataEmail address, phone number, postal addressProvided directly by you
Account dataLogin credentials (hashed), account settings, preferencesCreated during registration
Usage dataPages visited, features used, time spent, click eventsAutomatically collected
Device & technical dataIP address, browser type, operating system, device identifiersAutomatically collected
Communication dataSupport tickets, feedback forms, email correspondenceProvided directly by you
Google user dataData accessed via Google OAuth scopes (see Section 4)Google API Services
Payment dataBilling name, address (card numbers handled by PCI-compliant processors)Provided at checkout

We do not knowingly collect personal data from children under the age of 13 (or equivalent minimum digital age of consent in your jurisdiction). If you believe a child has provided us with personal data, please contact us immediately.

03

How We Use Your Data

We use personal data only to provide you with the services you requested. Specifically, we use personal data for the following purposes:

  • To create and manage your account and authenticate your identity.
  • To deliver, maintain, and improve our software products and services.
  • To process transactions and send related notices (receipts, invoices, renewal reminders).
  • To respond to support requests, queries, and feedback.
  • To send you service updates, security alerts, and administrative messages.
  • To analyse usage patterns in aggregate form to enhance user experience and product quality.
  • To detect, investigate, and prevent fraudulent, unauthorised, or illegal activity.
  • To comply with applicable legal obligations and enforce our Terms of Service.

We will not use your personal data for purposes incompatible with those listed above without obtaining your prior consent.

04

Google User Data

When you connect a Google account to our application, we may request access to certain Google user data through OAuth 2.0 scopes. The specific scopes requested are disclosed on the consent screen at the time of authorisation.

Limited Use Commitment Our use of data obtained through Google APIs is limited to providing or improving user-facing features that are visible and useful to the user. We do not use Google user data for any secondary purposes, including but not limited to: targeted advertising, selling to data brokers, information reselling, determining creditworthiness, training AI or machine learning models, or creating user profiles for purposes unrelated to the core service.

The types of Google user data we may access include:

  • Basic profile information (name, email address, profile photo) — used to pre-fill your account profile and for authentication.

Google user data is:

  • Never sold to third parties.
  • Never used for advertising purposes of any kind.
  • Never shared with third parties except as necessary to provide the requested service (e.g. infrastructure providers), under strict confidentiality obligations.
  • Retained only for as long as necessary to provide the service, after which it is deleted or de-identified.
05

Data Sharing & Disclosure

We do not transfer or disclose your personal information to third parties for purposes other than those described in this policy. We may share your data only in the following circumstances:

  • Service providers: We engage trusted third-party vendors (e.g. cloud hosting, payment processors, analytics) who process data on our behalf under strict data processing agreements and confidentiality obligations.
  • Legal compliance: Where required by applicable law, court order, or governmental authority, or to protect the rights, property, or safety of our company, users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to the same privacy protections.
  • With your consent: For any other purpose, only where you have given explicit prior consent.

We will not sell, rent, or trade your personal data or Google user data to any third party.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law (e.g. Standard Contractual Clauses under GDPR, POPIA requirements for transfers outside South Africa).

06

Data Protection & Security

We take the security of your personal data seriously. Our measures include:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Sensitive data stored on our systems is encrypted using industry-standard algorithms (AES-256 or equivalent).
  • Access controls: Access to personal data is restricted to authorised personnel on a strict need-to-know basis, enforced by role-based access controls and multi-factor authentication.
  • Regular security assessments: We conduct periodic vulnerability assessments and penetration tests of our systems.
  • Incident response: We maintain a data breach response plan and will notify affected users and relevant authorities within legally required timeframes.
  • Vendor due diligence: Third-party service providers are assessed for their security practices before engagement.

While we implement robust security measures, no system is entirely immune to risk. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorised access to your account.

07

Data Retention & Deletion

We store your personal information for a period consistent with our business and legal purposes. Specifically:

  • We retain your personal information for as long as needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
  • Account data is retained for the duration of your active account, plus 90 days after account closure to allow for recovery and dispute resolution.
  • Financial and transaction records are retained for 5–7 years as required by applicable tax and accounting laws.
  • When the retention period expires, we will securely delete or irreversibly anonymise the data.
Requesting Deletion You may request deletion of your personal data at any time by contacting us at contact@clevex.co.za. We will process your request within 30 days, subject to any legal obligations requiring us to retain certain data.
08

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data (subject to legal retention obligations).
  • Right to restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the details in Section 12. We will respond within the timeframe required by applicable law.

09

Cookies & Tracking

Our Services use cookies and similar tracking technologies to enhance your experience, analyse usage, and ensure security. We use:

  • Strictly necessary cookies: Essential for the operation of the Service (session management, authentication). These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with our Services (e.g. Google Analytics). Collected data is aggregated and anonymised.
  • Preference cookies: Remember your settings and preferences across sessions.

You can control non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

10

Third-Party Services

Our Services may contain links to, or integrations with, third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you interact with.

Third-party service providers we may use include (non-exhaustive):

  • Cloud Hosting (AWS / Google Cloud / Azure) — infrastructure and storage.
  • Payment Processing (Stripe / PayFast) — payment processing (PCI-DSS compliant).
  • Analytics (Google Analytics) — aggregated usage analytics.
  • Email Delivery (SendGrid / Mailgun) — transactional email delivery.

All service providers are contractually obligated to process data only on our instructions and in accordance with this policy.

11

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting the updated policy on this page with a new "Last Updated" date.
  • Sending an email notification to the address associated with your account.
  • Displaying a prominent notice within our application upon your next login.

We encourage you to review this policy periodically. Your continued use of our Services after any changes constitutes acceptance of the updated policy.

12

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

Clevex — Privacy Team

Email: contact@clevex.co.za

Response time: within 30 days of receipt

If you are located in the European Economic Area and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. South African users may direct complaints to the Information Regulator of South Africa at inforegulator.org.za.