Privacy Policy

What we collect, why, how long we hang onto it, and how to make us delete it. If anything here reads like lawyer-speak, mail us and we'll fix the wording.

01Who we are

Claver is a field-service software platform. When this page says "we" or "us", that's us. Our office is 200 SE 1st St, Suite 500, Miami, FL 33131, USA. We're a U.S. company; we don't have a registered presence in the EEA or UK yet, so the GDPR Article 27 representative section below is not currently appointed.

02Scope & controller / processor roles

This policy covers goclaver.com and the app at app.goclaver.com. Third-party sites we link to have their own policies; go read those there.

Two relationships are running in parallel:

You and your team. We're the controller of the data you give us at signup and the data we collect from you while you use the app.
Your customers. You're the controller of the homeowner and business data you put into Claver. We're your processor under the. We follow your instructions; we don't use that data for our own purposes.

03What we collect

What's needed to run the service, bill you, keep the platform safe, and follow the law. Nothing extra.

Category	Examples	Source
Identity & account	Name, work email, password hash, phone, role	You, at signup
Business profile	Company name, address, trade, employee count, plan	You
Customer records (your data)	Customer names, addresses, phone, email, job/quote/invoice history, photos, notes, signatures, GPS arrival/departure timestamps	Created by you in the app
Payment data	Tokenized card or bank info, last 4 digits, brand. Full card numbers never touch our servers; they go to Stripe.	Stripe
Communications	Two-way SMS bodies, email bodies, call recordings (when you turn recording on with consent)	You + your customers via Twilio/SendGrid
Device & usage	IP address, user-agent, pages visited, feature events, error reports, approximate location from IP	Auto-collected
Precise location	GPS coordinates of dispatched technicians (only when GPS consent is granted in the app)	Tech device, with consent
Cookies & storage	Authentication cookie, theme/preferences, analytics IDs	Auto-set, see Cookie Policy

We don't intentionally collect special-category data (race, religion, health, sexual orientation, union membership, biometrics). Don't put any of that into customer notes either.

04How we use it

Run the service. Dispatch, quotes, payments, SMS, maps, file storage.
Account & billing. Log you in, charge your card, send receipts, catch fraud.
Support. Answer questions, debug crashes, restore data when you ask.
Improve the product. Aggregated, de-identified usage stats. We don't train AI on your customer data. Not now, not later.
Security. Detect abuse, brute-force attempts, scraping, account takeover.
Legal. Respond to lawful requests, enforce our Terms, follow tax and accounting rules.

05Legal bases (GDPR / UK GDPR)

For people in the EEA, UK, or Switzerland, here's how each piece of processing fits Article 6 GDPR:

Contract (Art. 6(1)(b)). Running the service you signed up for.
Legitimate interest (Art. 6(1)(f)). Keeping the platform secure, preventing fraud, improving the product. You can object any time (Section 10).
Legal obligation (Art. 6(1)(c)). Tax, accounting, sanctions screening.
Consent (Art. 6(1)(a)). Marketing emails and non-essential cookies. Withdraw any time without affecting what came before.

We don't sell your data. The only people who see it:

Sub-processors. Vendors who run parts of the platform: hosting, payments, SMS, email, analytics, error tracking. Current list at /sub-processors. We give 30 days' notice before adding a new one.
Integrations you connect. When you turn on an integration, we send the data that integration needs to do its job. If you connect QuickBooks Online (Intuit), we share your customer, invoice, and payment records so your books stay in sync. If you connect Zapier, we share the records your Zaps act on. You control these connections and can disconnect any of them at any time, which stops the sharing going forward. Each provider handles that data under its own privacy policy.
Your authorized users. Employees and contractors you let into your workspace.
Professional advisors. Auditors, lawyers, accountants, all under NDA.
Acquirers. In a merger or asset sale, where this policy continues to apply.
Authorities. When the law requires it. We push back where we lawfully can, and notify you unless we're legally gagged.

07International transfers

We're a U.S. company. If you reach us from elsewhere, your data lands in the U.S. and any other country where our sub-processors run. Transfers out of the EEA, UK, or Switzerland use the EU Standard Contractual Clauses (2021/914/EU) plus the UK Addendum, with the technical and organizational measures listed in our DPA.

08Retention & deletion

Data	Retention
Account & workspace data	For the life of your subscription, plus 30 days for recovery, then permanent deletion within 90 days.
Billing records	7 years after the last invoice (tax/accounting).
Customer-facing SMS & email logs	18 months, then anonymized.
Server logs & security events	180 days.
Backups	Encrypted; rotated out within 35 days.

You can export your data as CSV at any time from Settings → Data Export, or request a JSON dump from [email protected].

09Security

We use TLS 1.2+ in transit, AES-256 at rest, hashed passwords (bcrypt/argon2), least-privilege internal access, mandatory MFA for our team, and continuous monitoring. Full write-up at /security.

10Your rights

Some of these only apply where you live. We honor them globally anyway:

Access. Get a copy of what we have on you.
Correction. Fix anything that's wrong.
Deletion. Ask us to erase it.
Portability. Get a machine-readable copy.
Restriction. Pause processing while a dispute is open.
Objection. Object to legitimate-interest processing or direct marketing.
Withdraw consent. Whenever something runs on consent.
Complain. File with your data-protection authority.

Email [email protected] to use any of these. We answer within 30 days (45 in CCPA territory if a request is unusually complex). We may ask you to verify identity first; that's not a stalling tactic, it's how we make sure we don't hand your data to someone pretending to be you.

11California (CCPA / CPRA)

California residents get a few rights on top of the ones above:

Right to know what we collect, use, disclose, and (if it ever happens) sell.
Right to delete what we have.
Right to correct anything inaccurate.
Right to opt out of "sale" or "sharing" for cross-context behavioral advertising. We don't sell or share your personal information.
Right to limit use of sensitive personal information. We only use sensitive PI to run the service.
Right to non-discrimination. Using any of these rights doesn't change your price or service.

The categories of PI we collect, where it comes from, what we use it for, and who gets it are in Sections 3 and 6. Verifiable consumer requests go to [email protected] or to the mailing address in Section 15.

12Children & minors

Claver isn't aimed at anyone under 16. We don't knowingly collect data on minors. If you think we have, tell us and we'll delete it.

13Cookies & tracking

The full breakdown is at /cookies. Strictly necessary cookies (your login session, CSRF protection) can't be turned off without breaking the app.

14Changes to this policy

Material changes get posted here and emailed to account admins at least 30 days before they take effect. Typos and rewording don't reset that clock.

15Contact & complaints

Email: [email protected]
Mail: Claver, Attn: Privacy, 200 SE 1st St, Suite 500, Miami, FL 33131, USA

Not happy with our response? You can complain to your data-protection authority. EU residents: find yours here. UK: the ICO. California: the CA AG or the CPPA.

Plain English: we collect what we need to run the service. We don't sell your data. We don't train AI on your customers. Export or delete it any time. Email [email protected] if anything here doesn't read straight.