cluppr

Privacy Policy

Effective July 2, 2026

1. Who We Are

cluppr is a client management platform operated by CinnTech Ltd. ("CinnTech," "we," "us"), a managed service provider based in Eastern Ontario, Canada. This policy describes how we collect, use, and protect information within the Platform, accessible at app.cluppr.io.

2. Information We Collect

  • Account information: name, email, hashed password, MFA configuration, and assigned role.
  • Business data entered by users: client records, quotes, invoices, assessment results, and related operational data.
  • Integration data: data synced from services you connect, including billing and payment data (Stripe), accounting data (QuickBooks Online), directory and mailbox data (Microsoft 365), and device/security data (Action1, SuperOps, Huntress, ControlD, Hudu).
  • Usage and log data: authentication events, audit logs, and diagnostic information needed to operate and secure the Platform.

We do not collect or store raw payment card data — all card processing is handled directly by Stripe under its own PCI-compliant infrastructure.

3. How We Use Information

Information is used solely to operate the Platform: to authenticate users, display and reconcile client data, generate quotes and invoices, run security assessments, sync with connected integrations, and produce internal reporting. We do not use Platform data for advertising and do not sell data to third parties.

4. Data Storage & Security

  • Data is stored in a PostgreSQL database hosted with a third-party data center provider (OVH, Canada).
  • All traffic to and from the Platform is encrypted in transit via HTTPS/TLS.
  • Integration credentials (API keys, OAuth tokens) are encrypted at rest using authenticated symmetric encryption (Fernet) before storage.
  • Multi-factor authentication is mandatory for every account, and access is scoped by role.
  • All Stripe webhook and OAuth callback endpoints verify request signatures before processing.

5. Third-Party Integrations & Sharing

The Platform is a single-tenant, private application operated by CinnTech for its own business use — it is not distributed or listed on any app marketplace. When you connect a third-party service (e.g., QuickBooks Online, Microsoft 365, Stripe), we exchange only the data necessary to provide that integration's functionality, under the permissions you grant during that service's own authorization flow. Each connected provider's use of shared data is governed by its own privacy policy.

6. Data Retention

We retain data for as long as it is needed to operate the Platform and support CinnTech's business and legal obligations. If an integration is disconnected, cached data from that integration is retained only as needed for historical reporting, and access credentials for the disconnected integration are invalidated.

7. Your Rights

You may request access to, correction of, or deletion of personal information held about you by contacting us at the address below. We will respond to verified requests within a reasonable time, subject to any data we are required to retain for legal or accounting purposes.

8. Cookies & Analytics

Our public marketing site (cluppr.io) uses Google Analytics to understand aggregate visitor behavior. The Platform itself (app.cluppr.io) does not use third-party advertising or tracking cookies — only the session cookies required for authentication.

9. Children's Privacy

The Platform is a business tool intended for use by adult employees and contractors of CinnTech. It is not directed at, and we do not knowingly collect information from, individuals under the age of 18.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by an updated effective date at the top of this page.

11. Contact

Questions about this policy or requests regarding your data can be sent to [email protected].