Clentra
Sign inCreate account

Privacy Policy

Last updated: 23 May 2026

This policy describes how Clentra handles personal data when you use Clentra. If you need advice for your jurisdiction, consult a qualified lawyer or privacy professional.

1. Who operates Clentra

Clentra ("we", "us", or "our") operates Clentra. For privacy questions or requests, contact hello@clentra.com.

2. Data we collect

Depending on how you use the service, we may process:

  • Account data: email address and authentication identifiers when you sign up or sign in.
  • Profile data: name, business details, logo URL, currency, address, and payment terms you provide in settings.
  • Subscription data: Stripe customer and subscription identifiers and billing status (payment card details are handled by Stripe, not stored by us).
  • Workspace data: clients, projects, tasks, invoices, proposals, templates, and related records you enter.
  • Client portal data: portal tokens and the information you choose to expose to clients through secret links.
  • Usage and analytics: if PostHog is enabled in your deployment, event data about how features are used (for example signups or invoice actions).
  • Error and diagnostic data: technical logs and error reports via Sentry when something fails.
  • Cookies and session data: essential cookies for authentication and security; optional analytics cookies when PostHog is enabled and you consent where required.

3. How we use data

We use personal data to:

  • provide, maintain, and secure the Clentra workspace;
  • process subscriptions and billing through Stripe;
  • send transactional emails such as invoice delivery and reminders through Resend;
  • respond to support requests and enforce our terms;
  • measure product usage and improve features when analytics are enabled;
  • detect, prevent, and address abuse, fraud, and technical issues.

4. Legal bases (GDPR)

If you are in the European Economic Area, UK, or Switzerland, we rely on:

  • Contract: processing needed to provide the service you signed up for.
  • Legitimate interests: security, service improvement, and fraud prevention, balanced against your rights.
  • Consent: non-essential cookies and analytics where required by law, which you can manage through cookie notices where shown.
  • Legal obligation: where we must retain or disclose data to comply with law.

5. Processors and subprocessors

We use trusted providers to run Clentra. They process data on our instructions and under appropriate agreements, including:

  • Supabase — hosting, authentication, and database;
  • Stripe — subscription billing;
  • Resend — transactional email;
  • PostHog — product analytics (optional, when enabled);
  • Sentry — error monitoring;
  • Vercel — application hosting.

6. International transfers

Your data may be processed in countries other than where you live. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses approved by relevant authorities, in addition to technical and organizational measures.

7. Retention

We keep personal data while your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, enforce agreements, and maintain backups. You may request deletion subject to exceptions described in section 8.

8. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability. You may also withdraw consent where processing is consent-based, and lodge a complaint with your local data protection supervisor. To exercise rights, email hello@clentra.com. We may need to verify your identity before responding.

9. Cookies

We use essential cookies and similar technologies for authentication and session management. When PostHog is enabled, we may use analytics cookies or similar technologies; where required, we ask for consent through a cookie notice. You can control non-essential cookies through that notice or your browser settings, though some features may not work without essential cookies.

10. Client portal

If you share a client portal link, anyone with that link can view the information you chose to expose (for example invoice status or project updates). You control what is shared and who receives links. Treat portal URLs as confidential.

11. Security

We implement technical and organizational measures designed to protect personal data, including access controls and encryption in transit. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Children

Clentra is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date shown on this page (23 May 2026 at last revision) and may provide additional notice for material changes. Continued use after an update means you acknowledge the revised policy.

14. Contact

Privacy questions or requests: hello@clentra.com. See also our Terms of Service.