Privacy Policy

Latest update: June 24, 2026

Clomni ("We", "Us" or "Our"), operated by TANZ TECHNOLOGIES, respects your privacy and is committed to protecting it through compliance with this policy. Below you will find details of the information collected when you use our websites and the Clomni platform.

This policy applies to the Clomni platform operated by TANZ TECHNOLOGIES. The public marketing website is https://clomni.co. The following properties are also covered:

Users may be subject to different protection standards and broader standards may therefore apply to some. Where the GDPR or UK GDPR applies, additional rights and safeguards are described in Section B.3.

This document can be printed for reference by using the print command in the settings of any browser.

We may update this privacy policy from time to time to reflect new technologies and/or changes in the law. Any such changes will be brought to your attention in an appropriate manner (for example by updating the "Latest update" date and, where required, by notification).

For cookie and tracker technologies, see our separate Cookie Policy.

For contractual terms, see our Terms of Service.


A. Definitions

Personal data (Article 4 No. 1 GDPR)

Means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Processing (Article 4 No. 2 GDPR)

Means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

Usage data

Information collected automatically through Clomni (or third-party services employed inClomni), which can include IP addresses, URI addresses, time of request, browser and operating system characteristics, pages visited, session duration, and other technical parameters about the User's IT environment.

User

The natural person who uses Clomni (for example as an agent, administrator, or website visitor) or, where applicable, the business customer on whose behalf the Service is used.

Data subject

The natural person to whom the personal data refers.

Data Processor (Article 4 No. 8 GDPR)

The natural or legal person which processes personal data on behalf of the Controller, as described in this policy.

Data Controller (Article 4 No. 7 GDPR)

The natural or legal person which determines the purposes and means of the processing of personal data. Unless otherwise stated, the Controller for Clomni account and platform operations is TANZ TECHNOLOGIES.

Service

The omnichannel customer conversation platform provided by Clomni as described in the Terms of Service.

European Union (EU)

Unless otherwise specified, all references to the European Union include all current member states of the European Union and the European Economic Area (EEA).


B. General information on data processing

1. Data Controller

The controller under data protection law is the entity that decides on the purposes and means of the processing of personal data for the Clomni platform, except where We act as a processor on behalf of Our business customers (see Section C.8).

TANZ TECHNOLOGIES

Tax ID (VÖEN)0201780681
Registered addressAZ7000, Nakhchivan City, Nizami Street, building 46, apartment 42, Republic of Azerbaijan
Place of business (reference)Baku, Azerbaijan
Country of registrationRepublic of Azerbaijan
Company websitehttps://tanz.az
Product / marketing websitehttps://clomni.co

Contact:

Social media: Instagram — @clomni.co (and other channels linked on clomni.co).

Please do not hesitate to contact us if you have questions about this policy, the information We hold about you, or if you wish to exercise your privacy rights.

EU/UK representative: Not appointed at the time of this policy. If required, details will be published here.

2. Legal basis for processing

We process personal data only where We have a legal basis. Depending on the context, this may include:

  • Consent (Article 6(1)(a) GDPR) — e.g. optional cookies, marketing communications where applicable;
  • Contract (Article 6(1)(b) GDPR) — providing the Service, account registration, billing, support;
  • Legal obligation (Article 6(1)(c) GDPR) — tax, accounting, regulatory requests;
  • Legitimate interests (Article 6(1)(f) GDPR) — security, fraud prevention, service improvement, subject to your rights.

We specify the relevant basis in the sections below where practical.

3. Rights under the GDPR / UK GDPR

Where applicable, you may exercise the following rights free of charge:

  • Right to withdraw consent (Article 7(3) GDPR);
  • Right of access (Article 15 GDPR);
  • Right to rectification and erasure (Articles 16 and 17 GDPR);
  • Right to restriction of processing (Article 18 GDPR);
  • Right to data portability (Article 20 GDPR);
  • Right to object (Article 21 GDPR), including to processing based on legitimate interests;
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR).

To exercise your rights, contact privacy@clomni.co from the email address associated with your account so We can verify your identity.

Supervisory authorities (examples):

  • Azerbaijan: relevant authority under Azerbaijani law;
  • EU/EEA: authority in your country of residence or place of work;
  • UK: Information Commissioner's Office (ICO).

4. Third-country transfers

Personal data may be processed in Germany (Frankfurt am Main) and in Azerbaijan, as well as in other countries where Our subprocessors operate (for example the United States for certain cloud, AI, or security services).

Where data is transferred outside the EU/EEA or UK, We rely on appropriate safeguards where required by law, such as:

  • adequacy decisions;
  • EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum;
  • other lawful transfer mechanisms.

Some U.S. providers may participate in the EU–US Data Privacy Framework. Details are available at https://www.dataprivacyframework.gov/.

An updated list of key subprocessors is set out in Section C and may be provided on request.

5. Recipients and subprocessors

Data may be accessible to authorised internal staff (administration, support, billing, legal, IT) and to external parties that process data on Our instructions, including:

  • hosting and infrastructure providers;
  • CDN and security services;
  • email delivery providers;
  • payment processors;
  • error monitoring and product analytics (where enabled);
  • AI API providers (where Clomni AI features are used);
  • channel providers (Meta, Google, TikTok, Twilio, etc.) when you connect integrations;
  • professional advisers and public authorities where legally required.

Processors are bound by contractual data processing terms and must not use data for their own unrelated purposes.

Key subprocessors (indicative list):

ProviderService
Hostinger Operations UABHosting, local storage (Frankfurt)
Amazon Web Services (CloudFront, S3)CDN and asset delivery
Cloudflare, Inc.Security, CDN, traffic filtering
Google WorkspaceBusiness email (@clomni.co)
OpenRouterAI inference (GPT-4)
Intuition Machines (hCaptcha)Spam protection
ePointPayment processing (Azerbaijan)
Functional Software (Sentry)Error monitoring (when enabled)
Amplitude, Inc.Product analytics (when enabled)

6. Data security

We use technical and organisational measures to protect personal data against accidental or unauthorised access, loss, or alteration. These include access controls, encryption in transit (TLS), infrastructure hardening, and regular updates.

No method of transmission or storage is 100% secure. You are responsible for keeping your account credentials confidential.

7. Children

Clomni is a B2B service for users aged 18 and over. We do not knowingly collect personal information from children under 18 for account registration. If you believe a child has provided Us with personal data, contact privacy@clomni.co.

Business customers may process their own end-customers' data through Clomni (including minors in customer support contexts). Those customers are responsible for lawful collection and for obtaining any required parental consent.

8. Automated decision-making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects concerning you.

Clomni AI features may generate suggested replies or classifications. These are assistive tools; human agents remain responsible for communications sent to end customers unless you configure automation otherwise.

9. Retention periods

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.

Data categoryTypical retention
Active account and workspace dataDuration of subscription + limited backup period
Server / security logsUp to 30 days unless needed for incident investigation
Billing and invoice recordsRetained permanently for accounting, tax, and legal compliance
Deactivated account dataDeleted within 1 month of deactivation (see Terms of Service)
Support correspondenceAs long as needed to resolve the request, then deleted or archived per policy

When data is no longer needed, We delete or anonymise it in accordance with Articles 17 and 18 GDPR where applicable.


C. Data collection and processing

Data is collected directly from you, automatically when you useClomni, from your organisation's administrators, from integrated channels, or from visitors interacting with the Clomni widget on customer websites.

C.1 Website and technical access data

When you visit Our websites or use the platform, We or Our infrastructure providers may process:

  • date and time of access;
  • browser type and settings;
  • operating system;
  • referring URL;
  • pages viewed and actions taken;
  • data transfer volume and HTTP status;
  • IP address (which may be truncated or processed for security).

Legal basis: legitimate interest in providing, securing, and operating the Service (Article 6(1)(f) GDPR); contract performance where you are a registered user (Article 6(1)(b) GDPR).

Hosting

Production application data is stored on servers located in Germany, Frankfurt am Main, operated by Hostinger Operations UAB (and related Hostinger infrastructure), using local storage on those servers.

CDN and delivery

Static assets and media may be distributed via Amazon Web Services — including Amazon CloudFront (CDN) and related AWS storage services — in addition to or alongside Cloudflare (Cloudflare, Inc.) for security and performance. See the Cookie Policy.

C.2 Account registration and authentication

When you create or access a Clomni account (including via sso.clomni.co), We may process:

  • first and last name;
  • work email address;
  • password (stored in hashed form);
  • company / organisation name;
  • phone number (if provided);
  • locale and account preferences;
  • authentication logs and session identifiers.

Spam protection: hCaptcha may process challenge and device signals on signup and verification forms when enabled.

Social / OAuth login: Where enabled (e.g. Google), We receive profile information such as name and email from the provider. We do not receive your provider password.

Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in security (Article 6(1)(f) GDPR); consent for optional captcha where required (Article 6(1)(a) GDPR).

C.3 Use of the Clomni workspace (my.clomni.co)

When you use the Service as an agent or administrator, We process data necessary to operate your workspace, including:

  • agent profile and role information;
  • conversations, messages, attachments, and metadata;
  • contact and CRM records you create;
  • labels, custom attributes, assignments, and team structure;
  • automation rules, macros, and AI assistant configuration;
  • API tokens and integration settings;
  • usage and audit events within the platform.

Legal basis: contract (Article 6(1)(b) GDPR).

C.4 Clomni widget and end-customer data

When a business installs the Clomni widget on its website, end-customer personal data (messages, email, name, phone, IP address, pages visited, files uploaded, etc.) is processed to provide the messaging service.

Role allocation:

  • The business customer (your organisation) is generally the Data Controller for its end customers' personal data;
  • TANZ TECHNOLOGIES acts as a Data Processor for that data, processing it on the business customer's instructions as part of the Service.

Business customers must provide their own privacy notice to their website visitors and ensure a lawful basis for processing.

Widget session cookies on host websites are described in the Cookie Policy.

C.5 Connected channels and integrations

If you connect third-party channels or integrations, data flows between Clomni and those providers according to your configuration, for example:

Provider typeExamplesData involved
Messaging / socialMeta (Facebook, Instagram, WhatsApp), TikTokMessages, profile IDs, media
EmailSMTP, Microsoft, inbound emailEmail content, headers, addresses
VoiceTwilioCall metadata, recordings (if enabled)
CRM / productivityNotion, Linear, webhooksContact and event data you configure
AIOpenRouter (GPT-4 and compatible models)Conversation content and documents sent to AI features

Each provider's privacy policy applies to their processing. You choose which integrations to enable.

Legal basis: contract (Article 6(1)(b) GDPR); your instructions as controller for end-customer data.

C.6 Clomni AI features

When you enable Clomni AI (documents, suggested replies, tasks, RAG, etc.), relevant content (conversation excerpts, uploaded knowledge-base files, prompts) is transmitted to OpenRouter using GPT-4 (and compatible models configured for your workspace).

  • Provider: OpenRouter; models include GPT-4 class models as configured in the Service.
  • Place of processing: United States and other locations per OpenRouter infrastructure.
  • Privacy Policy: https://openrouter.ai/privacy

Do not submit special categories of data or unnecessary personal data to AI features unless you have a lawful basis. AI output may be inaccurate; human review is recommended.

Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in providing AI-assisted support tools (Article 6(1)(f) GDPR) where applicable.

C.7 Contact, support, and email

When you contact Us or receive system emails (verification, password reset, billing, notifications), We process your contact details and message content.

Business and transactional email is operated through Google Workspace (@clomni.co addresses). Google processes email metadata and content as part of providing this service.

Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in responding to enquiries (Article 6(1)(f) GDPR); consent where required for non-essential marketing.

Marketing communications, where sent, are based on consent with unsubscribe options.

C.8 Cookies and analytics

Cookies and similar technologies are described in the Cookie Policy. Summary:

ServicePurpose
First-party cookiesAuthentication, widget session
CloudflareSecurity and performance
hCaptchaSpam protection
AmplitudeProduct analytics (when enabled)
SentryError monitoring (when enabled)

Non-essential trackers require consent where mandated by law.

C.9 Payment processing

When you purchase a subscription, payment data is processed by ePoint and/or other payment service providers in Azerbaijan. We may receive transaction status, billing identifiers, and limited payment metadata — not full card details stored on Clomni servers when processing is delegated to the payment provider.

Legal basis: contract (Article 6(1)(b) GDPR); legal obligation for invoicing and tax (Article 6(1)(c) GDPR).

Billing inquiries: billing@clomni.co

C.10 File storage and attachments

Messages, avatars, and uploaded files are stored using local storage on Our Hostinger-hosted infrastructure in Germany. Public or cached delivery of attachments and static assets may use Amazon CloudFront and related AWS services as a CDN.

Legal basis: contract (Article 6(1)(b) GDPR).

C.11 Push notifications

If you enable browser or mobile push notifications, We process device subscription tokens and notification content through Web Push (VAPID) and/or Firebase Cloud Messaging where configured.

Legal basis: consent or legitimate interest depending on configuration and applicable law.

C.12 Account deletion and data subject requests

  • Active subscribers generally cannot fully delete their workspace until the subscription period ends (see Terms of Service).
  • Deactivation after non-payment may result in full deletion within one month.
  • For GDPR requests (access, erasure, etc.) contact privacy@clomni.co or report@clomni.co.
  • End customers of Our business users should contact the business that operates the widget first; We will assist the business customer as processor where applicable.

C.13 Meta Platform Data (Facebook, Instagram, Messenger, WhatsApp)

Clomni integrates with Meta Platforms Technologies when you connect Facebook Pages, Instagram messaging, Messenger, or WhatsApp Business features. This section describes how Meta Platform Data is handled in compliance with Meta Platform Terms and applicable Developer Policies.

What Meta data We may process

Depending on your configuration and permissions granted, Clomni may receive and store:

Data typeExamplesPurpose
User identifiersPage-scoped ID (PSID), Instagram-scoped ID, WhatsApp user IDRoute messages to the correct conversation
Profile informationName, profile picture URLDisplay in agent inbox
Message contentText, attachments, media, story repliesCustomer support and conversation history
MetadataTimestamps, delivery/read status, thread IDsOperate messaging features
Page / business identifiersPage ID, WABA ID, phone number IDChannel configuration and webhooks

We do not use Meta Platform Data to build advertising profiles, sell data to third parties, or for purposes unrelated to providing the Clomni Service.

Roles

  • Business customer (Clomni subscriber): generally the Data Controller for its end customers' Meta Platform Data.
  • TANZ TECHNOLOGIES: acts as Data Processor on the business customer's instructions when storing and displaying Meta-sourced conversations inClomni.

Retention and deletion

  • Meta Platform Data is retained while your Clomni subscription is active and the channel remains connected.
  • When a workspace is deactivated, data is deleted within one (1) month (see Section B.9).
  • When you disconnect a Meta channel, associated tokens are removed and new messages cease.

Data deletion requests from Meta users

If you remove the Clomni app from your Facebook settings and request data deletion, Meta sends a signed callback to:

https://my.clomni.co/facebook/delete

We process the request, redact or delete associated personal data (including contact profile fields and message content linked to your Meta user ID), and provide a confirmation status URL:

https://my.clomni.co/facebook/confirm/{confirmation_code}

If you deauthorize the Clomni app without requesting full deletion, Meta may notify us at:

https://my.clomni.co/facebook/deauthorize

You may also request deletion by emailing privacy@clomni.co or report@clomni.co with your Facebook user ID or business account details.

App Dashboard configuration (reference)

SettingURL
Privacy Policy URLhttps://clomni.co/privacy-policy
Terms of Service URLhttps://clomni.co/terms-of-service
Data Deletion Request URLhttps://my.clomni.co/facebook/delete
Deauthorize Callback URLhttps://my.clomni.co/facebook/deauthorize

These pages are also available on https://my.clomni.co for verification.

Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in secure messaging operations (Article 6(1)(f) GDPR); compliance with Meta Platform Terms.


D. Services not currently used on coreClomni

The following are commonly listed in other SaaS privacy policies but are not used on the core Clomni application at the time of this policy, unless separately added to a specific property and disclosed:

  • Google Analytics, Google Ads, Meta Pixel, Microsoft Clarity
  • HubSpot CRM, Customer.io newsletters
  • Brevo / Sendinblue (transactional email uses Google Workspace)
  • Stripe (payments are via ePoint in Azerbaijan)
  • Webflow, jsDelivr advertising, PartnerStack

If the marketing website (clomni.co) adds analytics or consent tools, this policy and the Cookie Policy will be updated.


E. International users

Azerbaijan

Processing of personal data in Azerbaijan is governed by the Law of the Republic of Azerbaijan on Personal Data ("Şəxsi məlumatlar haqqında" Qanunu) and related regulations.

Under Azerbaijani law, you may have rights including:

  • to be informed about the processing of your personal data;
  • to access your personal data;
  • to request correction of inaccurate or incomplete data;
  • to request deletion where processing is unlawful or no longer necessary;
  • to object to processing in cases provided by law;
  • to withdraw consent where processing is based on consent.

To exercise these rights, contact privacy@clomni.co or call +994 99 777 76 05. You may also lodge a complaint with the competent authority of the Republic of Azerbaijan.

European Economic Area and United Kingdom

Sections B.3 and B.4 above apply. Where Clomni processes end-customer data on behalf of EU/UK business customers, the Terms of Service and this Privacy Policy govern the processing relationship. A separate Data Processing Agreement (DPA) is not provided; EU/UK customers rely on these documents and applicable law.


F. Changes to this policy

We may update this Privacy Policy to reflect changes in Our practices or legal requirements. The "Latest update" date at the bottom will be revised accordingly. Material changes may be communicated by email or in-product notice where appropriate.


G. Related documents


This privacy policy relates solely to Clomni operated by TANZ TECHNOLOGIES, unless stated otherwise within this document.

Latest update: June 24, 2026