Privacy Policy
Latest update: June 24, 2026
Clomni ("We", "Us" or "Our"), operated by TANZ TECHNOLOGIES, respects your privacy and is committed to protecting it through compliance with this policy. Below you will find details of the information collected when you use our websites and the Clomni platform.
This policy applies to the Clomni platform operated by TANZ TECHNOLOGIES. The public marketing website is https://clomni.co. The following properties are also covered:
- https://clomni.co (marketing website)
- https://my.clomni.co (agent workspace)
- https://sso.clomni.co (registration and SSO)
- https://docs.clomni.co (documentation)
- https://onboarding.clomni.co (onboarding, where used)
- The Clomni website widget embedded on customer websites
- Related subdomains operated by Us
Users may be subject to different protection standards and broader standards may therefore apply to some. Where the GDPR or UK GDPR applies, additional rights and safeguards are described in Section B.3.
This document can be printed for reference by using the print command in the settings of any browser.
We may update this privacy policy from time to time to reflect new technologies and/or changes in the law. Any such changes will be brought to your attention in an appropriate manner (for example by updating the "Latest update" date and, where required, by notification).
For cookie and tracker technologies, see our separate Cookie Policy.
For contractual terms, see our Terms of Service.
A. Definitions
Personal data (Article 4 No. 1 GDPR)
Means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Processing (Article 4 No. 2 GDPR)
Means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
Usage data
Information collected automatically through Clomni (or third-party services employed inClomni), which can include IP addresses, URI addresses, time of request, browser and operating system characteristics, pages visited, session duration, and other technical parameters about the User's IT environment.
User
The natural person who uses Clomni (for example as an agent, administrator, or website visitor) or, where applicable, the business customer on whose behalf the Service is used.
Data subject
The natural person to whom the personal data refers.
Data Processor (Article 4 No. 8 GDPR)
The natural or legal person which processes personal data on behalf of the Controller, as described in this policy.
Data Controller (Article 4 No. 7 GDPR)
The natural or legal person which determines the purposes and means of the processing of personal data. Unless otherwise stated, the Controller for Clomni account and platform operations is TANZ TECHNOLOGIES.
Service
The omnichannel customer conversation platform provided by Clomni as described in the Terms of Service.
European Union (EU)
Unless otherwise specified, all references to the European Union include all current member states of the European Union and the European Economic Area (EEA).
B. General information on data processing
1. Data Controller
The controller under data protection law is the entity that decides on the purposes and means of the processing of personal data for the Clomni platform, except where We act as a processor on behalf of Our business customers (see Section C.8).
TANZ TECHNOLOGIES
| Tax ID (VÖEN) | 0201780681 |
| Registered address | AZ7000, Nakhchivan City, Nizami Street, building 46, apartment 42, Republic of Azerbaijan |
| Place of business (reference) | Baku, Azerbaijan |
| Country of registration | Republic of Azerbaijan |
| Company website | https://tanz.az |
| Product / marketing website | https://clomni.co |
Contact:
| Purpose | Phone | |
|---|---|---|
| Legal / company inquiries | legal@clomni.co | +994 99 777 76 05 |
| Privacy / GDPR | privacy@clomni.co | +994 99 777 76 05 |
| Support | support@clomni.co | +994 99 777 30 12 |
| Billing | billing@clomni.co | +994 99 777 76 05 |
| Sales & marketing | support@clomni.co | +994 10 241 64 88 |
| Account deletion / complaints | report@clomni.co | +994 99 777 30 12 |
Social media: Instagram — @clomni.co (and other channels linked on clomni.co).
Please do not hesitate to contact us if you have questions about this policy, the information We hold about you, or if you wish to exercise your privacy rights.
EU/UK representative: Not appointed at the time of this policy. If required, details will be published here.
2. Legal basis for processing
We process personal data only where We have a legal basis. Depending on the context, this may include:
- Consent (Article 6(1)(a) GDPR) — e.g. optional cookies, marketing communications where applicable;
- Contract (Article 6(1)(b) GDPR) — providing the Service, account registration, billing, support;
- Legal obligation (Article 6(1)(c) GDPR) — tax, accounting, regulatory requests;
- Legitimate interests (Article 6(1)(f) GDPR) — security, fraud prevention, service improvement, subject to your rights.
We specify the relevant basis in the sections below where practical.
3. Rights under the GDPR / UK GDPR
Where applicable, you may exercise the following rights free of charge:
- Right to withdraw consent (Article 7(3) GDPR);
- Right of access (Article 15 GDPR);
- Right to rectification and erasure (Articles 16 and 17 GDPR);
- Right to restriction of processing (Article 18 GDPR);
- Right to data portability (Article 20 GDPR);
- Right to object (Article 21 GDPR), including to processing based on legitimate interests;
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR).
To exercise your rights, contact privacy@clomni.co from the email address associated with your account so We can verify your identity.
Supervisory authorities (examples):
- Azerbaijan: relevant authority under Azerbaijani law;
- EU/EEA: authority in your country of residence or place of work;
- UK: Information Commissioner's Office (ICO).
4. Third-country transfers
Personal data may be processed in Germany (Frankfurt am Main) and in Azerbaijan, as well as in other countries where Our subprocessors operate (for example the United States for certain cloud, AI, or security services).
Where data is transferred outside the EU/EEA or UK, We rely on appropriate safeguards where required by law, such as:
- adequacy decisions;
- EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum;
- other lawful transfer mechanisms.
Some U.S. providers may participate in the EU–US Data Privacy Framework. Details are available at https://www.dataprivacyframework.gov/.
An updated list of key subprocessors is set out in Section C and may be provided on request.
5. Recipients and subprocessors
Data may be accessible to authorised internal staff (administration, support, billing, legal, IT) and to external parties that process data on Our instructions, including:
- hosting and infrastructure providers;
- CDN and security services;
- email delivery providers;
- payment processors;
- error monitoring and product analytics (where enabled);
- AI API providers (where Clomni AI features are used);
- channel providers (Meta, Google, TikTok, Twilio, etc.) when you connect integrations;
- professional advisers and public authorities where legally required.
Processors are bound by contractual data processing terms and must not use data for their own unrelated purposes.
Key subprocessors (indicative list):
| Provider | Service |
|---|---|
| Hostinger Operations UAB | Hosting, local storage (Frankfurt) |
| Amazon Web Services (CloudFront, S3) | CDN and asset delivery |
| Cloudflare, Inc. | Security, CDN, traffic filtering |
| Google Workspace | Business email (@clomni.co) |
| OpenRouter | AI inference (GPT-4) |
| Intuition Machines (hCaptcha) | Spam protection |
| ePoint | Payment processing (Azerbaijan) |
| Functional Software (Sentry) | Error monitoring (when enabled) |
| Amplitude, Inc. | Product analytics (when enabled) |
6. Data security
We use technical and organisational measures to protect personal data against accidental or unauthorised access, loss, or alteration. These include access controls, encryption in transit (TLS), infrastructure hardening, and regular updates.
No method of transmission or storage is 100% secure. You are responsible for keeping your account credentials confidential.
7. Children
Clomni is a B2B service for users aged 18 and over. We do not knowingly collect personal information from children under 18 for account registration. If you believe a child has provided Us with personal data, contact privacy@clomni.co.
Business customers may process their own end-customers' data through Clomni (including minors in customer support contexts). Those customers are responsible for lawful collection and for obtaining any required parental consent.
8. Automated decision-making
We do not make decisions based solely on automated processing that produce legal or similarly significant effects concerning you.
Clomni AI features may generate suggested replies or classifications. These are assistive tools; human agents remain responsible for communications sent to end customers unless you configure automation otherwise.
9. Retention periods
We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.
| Data category | Typical retention |
|---|---|
| Active account and workspace data | Duration of subscription + limited backup period |
| Server / security logs | Up to 30 days unless needed for incident investigation |
| Billing and invoice records | Retained permanently for accounting, tax, and legal compliance |
| Deactivated account data | Deleted within 1 month of deactivation (see Terms of Service) |
| Support correspondence | As long as needed to resolve the request, then deleted or archived per policy |
When data is no longer needed, We delete or anonymise it in accordance with Articles 17 and 18 GDPR where applicable.
C. Data collection and processing
Data is collected directly from you, automatically when you useClomni, from your organisation's administrators, from integrated channels, or from visitors interacting with the Clomni widget on customer websites.
C.1 Website and technical access data
When you visit Our websites or use the platform, We or Our infrastructure providers may process:
- date and time of access;
- browser type and settings;
- operating system;
- referring URL;
- pages viewed and actions taken;
- data transfer volume and HTTP status;
- IP address (which may be truncated or processed for security).
Legal basis: legitimate interest in providing, securing, and operating the Service (Article 6(1)(f) GDPR); contract performance where you are a registered user (Article 6(1)(b) GDPR).
Hosting
Production application data is stored on servers located in Germany, Frankfurt am Main, operated by Hostinger Operations UAB (and related Hostinger infrastructure), using local storage on those servers.
CDN and delivery
Static assets and media may be distributed via Amazon Web Services — including Amazon CloudFront (CDN) and related AWS storage services — in addition to or alongside Cloudflare (Cloudflare, Inc.) for security and performance. See the Cookie Policy.
C.2 Account registration and authentication
When you create or access a Clomni account (including via sso.clomni.co), We may process:
- first and last name;
- work email address;
- password (stored in hashed form);
- company / organisation name;
- phone number (if provided);
- locale and account preferences;
- authentication logs and session identifiers.
Spam protection: hCaptcha may process challenge and device signals on signup and verification forms when enabled.
Social / OAuth login: Where enabled (e.g. Google), We receive profile information such as name and email from the provider. We do not receive your provider password.
Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in security (Article 6(1)(f) GDPR); consent for optional captcha where required (Article 6(1)(a) GDPR).
C.3 Use of the Clomni workspace (my.clomni.co)
When you use the Service as an agent or administrator, We process data necessary to operate your workspace, including:
- agent profile and role information;
- conversations, messages, attachments, and metadata;
- contact and CRM records you create;
- labels, custom attributes, assignments, and team structure;
- automation rules, macros, and AI assistant configuration;
- API tokens and integration settings;
- usage and audit events within the platform.
Legal basis: contract (Article 6(1)(b) GDPR).
C.4 Clomni widget and end-customer data
When a business installs the Clomni widget on its website, end-customer personal data (messages, email, name, phone, IP address, pages visited, files uploaded, etc.) is processed to provide the messaging service.
Role allocation:
- The business customer (your organisation) is generally the Data Controller for its end customers' personal data;
- TANZ TECHNOLOGIES acts as a Data Processor for that data, processing it on the business customer's instructions as part of the Service.
Business customers must provide their own privacy notice to their website visitors and ensure a lawful basis for processing.
Widget session cookies on host websites are described in the Cookie Policy.
C.5 Connected channels and integrations
If you connect third-party channels or integrations, data flows between Clomni and those providers according to your configuration, for example:
| Provider type | Examples | Data involved |
|---|---|---|
| Messaging / social | Meta (Facebook, Instagram, WhatsApp), TikTok | Messages, profile IDs, media |
| SMTP, Microsoft, inbound email | Email content, headers, addresses | |
| Voice | Twilio | Call metadata, recordings (if enabled) |
| CRM / productivity | Notion, Linear, webhooks | Contact and event data you configure |
| AI | OpenRouter (GPT-4 and compatible models) | Conversation content and documents sent to AI features |
Each provider's privacy policy applies to their processing. You choose which integrations to enable.
Legal basis: contract (Article 6(1)(b) GDPR); your instructions as controller for end-customer data.
C.6 Clomni AI features
When you enable Clomni AI (documents, suggested replies, tasks, RAG, etc.), relevant content (conversation excerpts, uploaded knowledge-base files, prompts) is transmitted to OpenRouter using GPT-4 (and compatible models configured for your workspace).
- Provider: OpenRouter; models include GPT-4 class models as configured in the Service.
- Place of processing: United States and other locations per OpenRouter infrastructure.
- Privacy Policy: https://openrouter.ai/privacy
Do not submit special categories of data or unnecessary personal data to AI features unless you have a lawful basis. AI output may be inaccurate; human review is recommended.
Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in providing AI-assisted support tools (Article 6(1)(f) GDPR) where applicable.
C.7 Contact, support, and email
When you contact Us or receive system emails (verification, password reset, billing, notifications), We process your contact details and message content.
Business and transactional email is operated through Google Workspace (@clomni.co addresses). Google processes email metadata and content as part of providing this service.
Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in responding to enquiries (Article 6(1)(f) GDPR); consent where required for non-essential marketing.
Marketing communications, where sent, are based on consent with unsubscribe options.
C.8 Cookies and analytics
Cookies and similar technologies are described in the Cookie Policy. Summary:
| Service | Purpose |
|---|---|
| First-party cookies | Authentication, widget session |
| Cloudflare | Security and performance |
| hCaptcha | Spam protection |
| Amplitude | Product analytics (when enabled) |
| Sentry | Error monitoring (when enabled) |
Non-essential trackers require consent where mandated by law.
C.9 Payment processing
When you purchase a subscription, payment data is processed by ePoint and/or other payment service providers in Azerbaijan. We may receive transaction status, billing identifiers, and limited payment metadata — not full card details stored on Clomni servers when processing is delegated to the payment provider.
Legal basis: contract (Article 6(1)(b) GDPR); legal obligation for invoicing and tax (Article 6(1)(c) GDPR).
Billing inquiries: billing@clomni.co
C.10 File storage and attachments
Messages, avatars, and uploaded files are stored using local storage on Our Hostinger-hosted infrastructure in Germany. Public or cached delivery of attachments and static assets may use Amazon CloudFront and related AWS services as a CDN.
Legal basis: contract (Article 6(1)(b) GDPR).
C.11 Push notifications
If you enable browser or mobile push notifications, We process device subscription tokens and notification content through Web Push (VAPID) and/or Firebase Cloud Messaging where configured.
Legal basis: consent or legitimate interest depending on configuration and applicable law.
C.12 Account deletion and data subject requests
- Active subscribers generally cannot fully delete their workspace until the subscription period ends (see Terms of Service).
- Deactivation after non-payment may result in full deletion within one month.
- For GDPR requests (access, erasure, etc.) contact privacy@clomni.co or report@clomni.co.
- End customers of Our business users should contact the business that operates the widget first; We will assist the business customer as processor where applicable.
C.13 Meta Platform Data (Facebook, Instagram, Messenger, WhatsApp)
Clomni integrates with Meta Platforms Technologies when you connect Facebook Pages, Instagram messaging, Messenger, or WhatsApp Business features. This section describes how Meta Platform Data is handled in compliance with Meta Platform Terms and applicable Developer Policies.
What Meta data We may process
Depending on your configuration and permissions granted, Clomni may receive and store:
| Data type | Examples | Purpose |
|---|---|---|
| User identifiers | Page-scoped ID (PSID), Instagram-scoped ID, WhatsApp user ID | Route messages to the correct conversation |
| Profile information | Name, profile picture URL | Display in agent inbox |
| Message content | Text, attachments, media, story replies | Customer support and conversation history |
| Metadata | Timestamps, delivery/read status, thread IDs | Operate messaging features |
| Page / business identifiers | Page ID, WABA ID, phone number ID | Channel configuration and webhooks |
We do not use Meta Platform Data to build advertising profiles, sell data to third parties, or for purposes unrelated to providing the Clomni Service.
Roles
- Business customer (Clomni subscriber): generally the Data Controller for its end customers' Meta Platform Data.
- TANZ TECHNOLOGIES: acts as Data Processor on the business customer's instructions when storing and displaying Meta-sourced conversations inClomni.
Retention and deletion
- Meta Platform Data is retained while your Clomni subscription is active and the channel remains connected.
- When a workspace is deactivated, data is deleted within one (1) month (see Section B.9).
- When you disconnect a Meta channel, associated tokens are removed and new messages cease.
Data deletion requests from Meta users
If you remove the Clomni app from your Facebook settings and request data deletion, Meta sends a signed callback to:
https://my.clomni.co/facebook/delete
We process the request, redact or delete associated personal data (including contact profile fields and message content linked to your Meta user ID), and provide a confirmation status URL:
https://my.clomni.co/facebook/confirm/{confirmation_code}
If you deauthorize the Clomni app without requesting full deletion, Meta may notify us at:
https://my.clomni.co/facebook/deauthorize
You may also request deletion by emailing privacy@clomni.co or report@clomni.co with your Facebook user ID or business account details.
App Dashboard configuration (reference)
| Setting | URL |
|---|---|
| Privacy Policy URL | https://clomni.co/privacy-policy |
| Terms of Service URL | https://clomni.co/terms-of-service |
| Data Deletion Request URL | https://my.clomni.co/facebook/delete |
| Deauthorize Callback URL | https://my.clomni.co/facebook/deauthorize |
These pages are also available on https://my.clomni.co for verification.
Legal basis: contract (Article 6(1)(b) GDPR); legitimate interest in secure messaging operations (Article 6(1)(f) GDPR); compliance with Meta Platform Terms.
D. Services not currently used on coreClomni
The following are commonly listed in other SaaS privacy policies but are not used on the core Clomni application at the time of this policy, unless separately added to a specific property and disclosed:
- Google Analytics, Google Ads, Meta Pixel, Microsoft Clarity
- HubSpot CRM, Customer.io newsletters
- Brevo / Sendinblue (transactional email uses Google Workspace)
- Stripe (payments are via ePoint in Azerbaijan)
- Webflow, jsDelivr advertising, PartnerStack
If the marketing website (clomni.co) adds analytics or consent tools, this policy and the Cookie Policy will be updated.
E. International users
Azerbaijan
Processing of personal data in Azerbaijan is governed by the Law of the Republic of Azerbaijan on Personal Data ("Şəxsi məlumatlar haqqında" Qanunu) and related regulations.
Under Azerbaijani law, you may have rights including:
- to be informed about the processing of your personal data;
- to access your personal data;
- to request correction of inaccurate or incomplete data;
- to request deletion where processing is unlawful or no longer necessary;
- to object to processing in cases provided by law;
- to withdraw consent where processing is based on consent.
To exercise these rights, contact privacy@clomni.co or call +994 99 777 76 05. You may also lodge a complaint with the competent authority of the Republic of Azerbaijan.
European Economic Area and United Kingdom
Sections B.3 and B.4 above apply. Where Clomni processes end-customer data on behalf of EU/UK business customers, the Terms of Service and this Privacy Policy govern the processing relationship. A separate Data Processing Agreement (DPA) is not provided; EU/UK customers rely on these documents and applicable law.
F. Changes to this policy
We may update this Privacy Policy to reflect changes in Our practices or legal requirements. The "Latest update" date at the bottom will be revised accordingly. Material changes may be communicated by email or in-product notice where appropriate.
G. Related documents
This privacy policy relates solely to Clomni operated by TANZ TECHNOLOGIES, unless stated otherwise within this document.
Latest update: June 24, 2026