C
Clutch

Privacy Policy

Last updated: November 29, 2025

1. Introduction

Clutch ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our membership management and customer retention platform for auto detailing shops.

By using Clutch, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, and billing information when you create an account.
  • Customer Data: Information about your customers that you input into the platform, including names, phone numbers, email addresses, vehicle information, and service history.
  • Communications: SMS messages sent through our platform, customer support inquiries, and feedback you provide.
  • Payment Information: Credit card details and billing addresses processed through our payment provider, Stripe.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our platform, including features used, pages visited, and actions taken.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies: We use essential cookies to maintain your session and preferences.

2.3 Information from Third Parties

  • Google Calendar: If you connect your Google Calendar, we access calendar events to sync booking availability.
  • Stripe: Payment confirmation and subscription status information.
  • Twilio: SMS delivery status and responses from your customers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send SMS messages on your behalf to your customers
  • Manage memberships and subscriptions
  • Sync with your Google Calendar for scheduling
  • Provide customer support and respond to inquiries
  • Send administrative notifications about your account
  • Analyze usage patterns to improve our platform
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. SMS Communications

Our platform sends SMS messages to your customers on your behalf. Important information about SMS:

  • Messages are sent during quiet hours (8 AM - 9 PM in the recipient's timezone) unless urgent
  • Recipients can opt out by replying STOP at any time
  • We maintain opt-out lists to ensure compliance
  • Message content is stored for your records and compliance purposes
  • You are responsible for ensuring you have consent to contact your customers

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Service Providers: Third-party vendors who perform services on our behalf (Stripe for payments, Twilio for SMS, Google for calendar sync, Supabase for data storage).
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • With Your Consent: When you explicitly authorize us to share information.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • All data is encrypted in transit using TLS/SSL
  • Data is stored in secure, SOC 2 compliant infrastructure
  • Access to customer data is restricted to authorized personnel
  • We use Row Level Security (RLS) to ensure data isolation between accounts
  • Regular security assessments and monitoring

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account termination:

  • Account data is retained for 30 days to allow for reactivation
  • After 30 days, personal data is deleted or anonymized
  • Some data may be retained longer for legal compliance or legitimate business purposes
  • You may request earlier deletion by contacting us

8. Your Rights and Choices

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications
  • Disconnect: Revoke access to connected services (Google Calendar)

To exercise these rights, please contact us at privacy@clutch.io.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell your data)
  • Right to equal service and price

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or through the platform.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@clutch.io
  • Address: Clutch, Inc.