Clerk Chat Clerk Chat
RCS Clerk Chat AI 👋 Ask a question... Open

Privacy Policy

Last Updated: December 1, 2025

Clerk Chat, Inc. (“Clerk Chat,” “we,” “us,” or “our”) is committed to protecting personal information and privacy. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website (clerk.chat), SaaS platform, APIs, mobile applications, and related services (collectively, the “Services”). Please read this policy carefully. If you do not agree, please discontinue use of our Services.

This policy is reviewed and updated on at least an annual basis. The current version number and Last Updated date are shown above. We will provide notice of material changes by email or in-app notification.

1. INFORMATION WE COLLECT

1(a). Information You Provide

  • Identity and Contact Data: Name, job title, company name, business email, business telephone number, and mailing address.
  • Account Credentials: Username, password, and two-factor authentication data.
  • Payment Data: Payment instrument details processed and stored by Stripe, Inc. We do not store full payment card numbers. See stripe.com/privacy.
  • Communications Data: Information provided in support tickets, feedback, or correspondence.
  • Consent Records: Records of consents provided by you or your end-users for messaging communications, including opt-in date, consent language, carrier/MNO identity at time of consent, and NRSC number reassignment scrubbing history (required by TCPA safe harbor, 47 C.F.R. § 64.1200(a)(3)(iv); retained for minimum 4 years).

1(b). Information Collected Automatically

  • Usage Data: Features accessed, actions taken, timestamps, session duration, error logs.
  • Device and Technical Data: IP address, browser type, operating system, device identifiers.
  • Log Data: Server logs, access logs, security event logs retained for 2 years.
  • Cookies and Tracking: See Section 4 below.

1(c). Information from Third-Party Platforms

If you connect the Services to third-party platforms (Microsoft Teams, Salesforce, Slack, HubSpot, etc.), we collect data necessary to provide the integration, subject to your authorization and the third party’s privacy policy.

1(d). End-User Data — CPRA Service Provider Status

Our business customers (“Operators”) may upload, transmit, or process personal data about their own end-users (“End-User Data”) through our platform. When Clerk Chat processes End-User Data on behalf of an Operator, Clerk Chat does so as a service provider under the CCPA as amended by CPRA (Cal. Civ. Code § 1798.140(ag)), subject to a written Data Processing Agreement containing CPRA-required restrictions. Clerk Chat does not use End-User Data for its own purposes outside the scope of providing the Services, except as described in Section 2 below.

CPRA Service Provider vs. Contractor Distinction: When processing personal information as a service provider, Clerk Chat is bound by contract to: (i) use the data only for specified business purposes; (ii) not sell or share the data; (iii) not retain, use, or disclose the data outside the direct business relationship; and (iv) provide the same level of privacy protection as required by CPRA. Where Clerk Chat uses aggregated, deidentified data for AI model development as described in Section 2, such data does not constitute personal information and does not create a “third party” relationship under CPRA. Clerk Chat provides audit rights to Operators subject to CPRA who request verification of Clerk Chat’s compliance with applicable service provider obligations, subject to reasonable confidentiality protections and scheduling.

For end-users of Clerk Chat Operators: questions about personal data processing should be directed to the Operator. To reach Clerk Chat directly about End-User Data, email privacy@clerk.chat.

1(e). Information We Do Not Collect

We do not knowingly collect: (i) Social Security or government-issued ID numbers; (ii) full financial account numbers (payment card data is handled by Stripe); (iii) Protected Health Information (PHI) as defined under HIPAA, 45 C.F.R. § 160.103, unless a Business Associate Agreement (BAA) is in place — contact legal@clerk.chat to request a BAA before transmitting any PHI; or (iv) personal information from individuals under 18 years of age.

2. HOW WE USE YOUR INFORMATION

  • Contract Performance: To provide, maintain, and improve the Services; process payments; communicate about your account; and provide customer support.
  • Legitimate Business Interests: To detect and prevent fraud, abuse, and security threats; analyze usage trends; develop new features; and protect Clerk Chat, our customers, and third parties.
  • Legal and Regulatory Obligations: To comply with applicable laws, FCC regulations (TCPA, TRACED Act, STIR/SHAKEN), TCR requirements, CCPA/CPRA, GDPR/UK GDPR, CASL, HIPAA (where a BAA is in place), and lawful governmental requests.
  • Marketing and Communications (Consent-Based): To send promotional communications where you have opted in. You may withdraw consent at any time.
  • AI and Product Development: We may use aggregated, deidentified Aggregate Data derived from use of the Services to develop, train, test, and improve our AI models and platform features. We do not use identifiable personal information for AI training without explicit consent. Aggregate Data is not personal information under applicable privacy law and this use does not create a ’third party’ relationship under CPRA.

We do not sell personal information to third parties for their own marketing purposes. We do not serve targeted advertising to our business customers within our platform.

3. HOW WE SHARE YOUR INFORMATION

  • Service Providers: We share data with third-party vendors (payment processors, cloud hosting, analytics, email/SMS delivery, customer support platforms) under contracts restricting use to specified purposes and prohibiting resale or independent use.
  • Telecommunications Partners and TCR: To transmit messages on your behalf, we share necessary data (phone numbers, campaign data) with carriers, aggregators, and TCR for 10DLC registration compliance. This includes sharing NRSC scrubbing data and campaign information required for FCC compliance.
  • Business Transfers: We may share data in connection with a merger, acquisition, or sale of assets. We will notify affected customers in advance.
  • Legal Requirements: We may disclose data as required by law, court order, valid governmental request, or to protect the rights and safety of Clerk Chat, our customers, or the public.
  • With Your Consent: We may share data for other purposes with your prior written consent.

We do not share personal information with third-party advertisers for targeting advertising.

4. COOKIES AND TRACKING TECHNOLOGIES

  • Essential Cookies: Required for platform function (authentication, session management). These cannot be disabled without impairing core functionality.
  • Performance / Analytics Cookies: Help us understand how users interact with our website and platform.
  • Functional Cookies: Enable features such as remembered preferences and interface customizations.

You can control non-essential cookies through your browser settings or our cookie preference center. Our website does not currently respond to “Do Not Track” (DNT) browser signals, as no uniform technical standard has been established. California residents may opt out of certain tracking by contacting privacy@clerk.chat.

5. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including legal obligations, dispute resolution, and contract enforcement:

  • Account data: Duration of relationship plus three (3) years;
  • Messaging logs and consent records (including NRSC scrubbing logs): Four (4) years from the date of last activity, consistent with TCPA safe harbor documentation requirements (47 C.F.R. § 64.1200(a)(3)(iv));
  • Payment records: Seven (7) years;
  • Security logs: Two (2) years;
  • Internal DNC lists: Five (5) years, consistent with TCPA requirements.

When data is no longer required, we delete or anonymize it using industry-standard secure deletion methods.

6. DATA SECURITY

We implement administrative, technical, and physical security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction, including: AES-256 encryption of data at rest; TLS 1.2+ encryption in transit; role-based access controls; regular penetration testing and vulnerability assessments; vendor security vetting; and incident response procedures.

SOC 2 Type II Certification: Clerk Chat maintains SOC 2 Type II certification (current certification and trust documentation available at trust.clerk.chat). Clerk Chat will notify customers within thirty (30) days if its SOC 2 Type II certification is suspended, revoked, or not renewed at the next annual audit cycle. This notification commitment applies to all current Clerk Chat customers with active subscriptions.

No transmission over the internet is 100% secure. If you suspect unauthorized access to your account, contact security@clerk.chat immediately.

7. CHILDREN’S PRIVACY

The Services are intended for businesses and are not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If we become aware of such collection, we will delete it promptly. Contact support@clerk.chat with concerns.

8. YOUR PRIVACY RIGHTS

8(a). General Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal information, and to withdraw consent where processing is consent-based. Contact privacy@clerk.chat to exercise any of these rights.

8(b). California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under CPRA (Cal. Civ. Code § 1798.100 et seq.):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and categories of third parties with whom we share.
  • Right to Delete: Request deletion of personal information, subject to exceptions (legal obligations, security, etc.).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: Clerk Chat does not sell or share personal information for cross-context behavioral advertising. A “Do Not Sell or Share My Personal Information” link will be provided if this practice changes.
  • Right to Limit Use of Sensitive Personal Information: Request that we limit processing of sensitive personal information to purposes necessary to provide the Services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising CPRA rights.
  • Right to Audit Service Provider Compliance: Operators subject to CPRA may request verification of Clerk Chat’s service provider compliance obligations. Clerk Chat will respond to reasonable audit requests subject to confidentiality protections and scheduling requirements.

To submit a CPRA request: privacy@clerk.chat or 888-572-5375. We will verify your identity before processing. You may designate an authorized agent by providing written authorization.

California “Shine the Light” law (Civ. Code § 1798.83): Clerk Chat does not disclose personal information to third parties for their direct marketing purposes.

8(c). EEA and UK Residents (GDPR / UK GDPR)

If you are in the EEA or UK, you have rights under GDPR/UK GDPR including access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your local supervisory authority.

Where we act as a data controller, legal bases for processing are described in Section 2. Where we act as a data processor, processing is governed by the applicable Data Processing Agreement. For transfers from the EEA or UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. A copy of our DPA and SCCs is available at privacy@clerk.chat.

8(d). Canadian Residents (PIPEDA / CASL)

Canadian residents have rights under PIPEDA to access and correct their personal information. Clerk Chat complies with CASL for electronic communications to Canadian recipients. Regarding CASL consent: express consent has no expiration; implied consent from an existing business relationship expires after 24 months from the last transaction; implied consent from an inquiry expires after 6 months. Contact privacy@clerk.chat for PIPEDA requests.

8(e). Account Information

To review or update account information, log in at app.clerk.chat or contact support@clerk.chat. Upon a deletion request, we will deactivate your account and delete data per our retention schedule, except as required by law.

9. DATA PROCESSING AGREEMENTS AND BAAs

Clerk Chat enters into Data Processing Agreements (DPAs) with Operator customers subject to GDPR, CPRA, HIPAA, or other data protection laws requiring formal processor agreements. Standard Contractual Clauses are available as a DPA addendum for EEA/UK transfers. Contact privacy@clerk.chat to request a DPA.

HIPAA Business Associate Agreements (BAAs): Operators who must transmit PHI through the Subscription Services are required to execute a BAA with Clerk Chat before doing so. Transmitting PHI without an executed BAA is a material breach of the Terms of Service. Contact legal@clerk.chat to request a BAA.

Our Services may contain links to third-party websites. This Privacy Policy does not apply to those services. We are not responsible for the privacy practices of third parties.

11. UPDATES TO THIS POLICY

We review and update this Privacy Policy on at least an annual basis. The “Last Updated” date and version number at the top of this page indicate when the policy was last revised. Material changes will be communicated by prominent website notice or direct notification to your account email address at least 30 days before the change takes effect.

12. CONTACT US

Clerk Chat, Inc. | 575 Market St, Suite 2080, San Francisco, CA 94105 | 888-572-5375 | support@clerk.chat | legal@clerk.chat