clout

we built clout to make forms actually enjoyable. privacy is part of that promise. this page explains what we collect, why, the choices you have, and how to reach us.

tl;dr

  • we only collect what we need to run your account and forms.
  • we don’t sell personal data and only share with vetted processors.
  • analytics and marketing are off by default and require your consent.
  • you can export your data or delete your account any time in settings.

who we are

clout, lda. ("clout", "we", "us"). contact: privacy@clout.pt.

what data we collect

  • account data: name, email, profile image, and preferences.
  • product data: forms and polls you create; responses submitted to your forms (you are usually the controller for your respondents).
  • support: messages you send us and related metadata.
  • usage (optional): device type, screen size, timezone, coarse usage events (only with consent).
  • payment/billing: if applicable, high-level billing metadata handled by our payment processor (we don’t store full card numbers).

we do not intentionally collect special categories of data unless you submit them via your own forms. avoid collecting sensitive data unless necessary and ensure you have a lawful basis.

where data comes from

  • you: when you create an account, build forms, or contact support.
  • your respondents: people who fill your forms (you are typically the controller for their data; we act as your processor).
  • third parties: authentication providers or anti‑abuse tools. we use google reCAPTCHA v3 to help detect abuse on some surfaces; its use is subject to google’s privacy policy and terms.

how we use data

  • provide, operate, and secure clout.
  • personalize and improve features.
  • communicate important updates about your account.
  • run optional analytics to improve ux (only with consent).
  • comply with legal obligations and enforce our terms.

gdpr specifics

this section summarizes disclosures relevant to the eea/uk general data protection regulation.

  • roles: for your account and workspace data, we are a controller. for respondent data submitted to your forms, you are typically the controller and we act as your processor.
  • data subject requests: submit requests via settings (export/delete) or email privacy@clout.pt. we respond within 30 days (extendable where allowed). we may verify identity before fulfilling a request.
  • automated decisions: we do not make decisions based solely on automated processing that produce legal or similarly significant effects.
  • representative: we are established in the eu (portugal), so an eu article 27 representative is not required. we do not currently appoint a uk article 27 representative; uk users can contact us directly at privacy@clout.pt.
  • dpa: we provide a standard data processing addendum upon request for customers acting as controllers. contact us to receive and execute our dpa.

purposes and legal bases (overview)

  • provide & operate the service: contract; data: account, product.
  • security & abuse prevention: legitimate interests; data: account, usage, logs.
  • analytics: consent; data: usage (aggregated, non‑sensitive).
  • marketing: consent; data: account (email), engagement.
  • compliance: legal obligation; data: billing/tax records where applicable.

cookies & analytics

we use necessary cookies to make the site work. analytics and marketing are off by default and require your consent. manage your choices any time via the cookie banner or settings.

  • necessary: session/auth, security, preferences.
  • analytics (optional): high-level usage (no sensitive content).
  • marketing (optional): product tips and updates (you can opt-in or out).

cookie lifetimes vary by type and purpose (e.g., session vs. persistent). your browser settings also let you block or delete cookies.

sharing & processors

we don’t sell personal data. we use vetted processors to run clout, under data processing agreements:

  • hosting & storage: cloud infrastructure and object storage (e.g., aws).
  • email delivery: transactional emails (e.g., resend).
  • payments (if enabled): payment processing and billing.
  • optional analytics: only if you consent.

we only share what’s necessary to provide the service, and require processors to implement appropriate security.

international transfers

your data may be processed in your region and other countries where our processors operate. when transferring personal data internationally, we rely on appropriate safeguards such as standard contractual clauses where applicable.

retention

we keep personal data only as long as needed for the purposes described above, to comply with legal obligations, resolve disputes, and enforce agreements. account data is kept while your account is active. you can delete your account in settings to permanently remove associated data. backups are rotated within a reasonable period.

security

  • encryption in transit.
  • role-based access controls.
  • principle of least privilege and audit logging.

if you discover a vulnerability, please contact us at privacy@clout.pt.

your rights

  • access, rectification, and portability.
  • erasure and restriction.
  • object to processing.
  • withdraw consent for analytics/marketing.

exercise your rights via settings (export/delete), or email privacy@clout.pt.

children

clout is not directed to children under 13. if you believe a child provided personal data, contact us and we will take appropriate steps to remove it.

changes

we may update this policy to reflect changes to our practices or for legal reasons. we will update the “last updated” date and, where appropriate, notify you in the product or by email.

complaints

if you are in the eea/uk, you can lodge a complaint with your local supervisory authority. we would appreciate the chance to address your concerns first at privacy@clout.pt. in portugal, the authority is cnpd.

contact

privacy questions? reach us at privacy@clout.pt.

back to top