1. Introduction
Indigo Wolf LLC ("we," "our," or "us") operates CloZett. This Privacy Policy explains the information we collect, how it is used, where it is processed, how long it is retained, and the choices available to you. We aim to collect and retain only the information reasonably necessary to operate, secure, support, and improve the Service and to comply with applicable law.
2. Data We Collect
We collect the minimum information reasonably necessary for the features you use:
- Account and authentication data: internal user ID, email address, authentication status, and necessary account settings. Authentication credentials are handled by the authentication provider.
- Content data: saved URLs, titles, notes, Shelf and Drawer structures, visibility, sharing, embed, Paid Access, and related metadata.
- Payment data: Stripe customer, subscription, purchase, payment, transfer, refund, and status identifiers needed to operate billing. We do not store full card numbers.
- Usage and device data: service events, security signals, logs, approximate location or region where necessary, browser information, and aggregated analytics.
- Support data: messages and information you submit to support or the Help assistant.
- Consent and audit data: plan-change confirmations, deletion requests, timestamps, policy versions, and records needed for fraud prevention, disputes, and compliance.
3. How We Use Information
We use information to authenticate users, save and organize links, generate metadata, provide sharing, public pages, embeds, Paid Access, billing, support, fraud prevention, safety controls, service monitoring, and legal compliance. We do not sell personal data to advertisers.
4. Service Providers and AI Processing
CloZett relies on service providers such as Supabase for authentication and database services, Stripe for payments, Vercel and Cloudflare for hosting and delivery, and selected automation, email, monitoring, and AI providers. When auto-categorization is used, necessary URL or metadata may be processed by an external AI provider for classification. Providers process data under their own terms and privacy obligations.
5. Private Content and Public Exposure
Saved Shelves and Drawers are private by default. Public, shared, embedded, paid, ranking, discovery, and advertising surfaces are separate choices and may expose selected content and metadata to other people. You are responsible for reviewing visibility settings before publishing or sharing a collection.
6. Account Deletion and Restoration
A deletion request places the account into Soft Delete immediately. Normal use and public exposure stop, while account data is normally retained for 30 days so the account can be restored after reauthentication. After the 30-day period, permanent deletion may begin and complete within the following 24 hours. Restoration is not guaranteed once permanent deletion begins.
7. Frozen Content and Plan Changes
If a downgrade or payment failure causes an account to exceed its plan limits, only the excess content may be moved into a Frozen Set. Frozen content is restricted from normal use and is retained for 30 days so you can delete, exchange, export, restore into available capacity, or upgrade again. Remaining Frozen content may be permanently deleted after that period.
8. Retention and Limited Records
We retain active account information while needed to provide the Service. Content subject to Soft Delete or Frozen retention is normally held for 30 days under the rules above. Limited billing, tax, consent, security, fraud-prevention, dispute, legal, and audit records may be retained longer where reasonably necessary or legally required. Backups and provider logs may be removed on their own technical cycles and are not used to restore ordinary deleted content unless required for security or disaster recovery.
9. International and Restricted Access
CloZett is operated from the United States and may process information in countries where our providers operate. Access may be restricted where required by sanctions, export controls, local law, security, or provider availability. Where required, we use appropriate safeguards for international transfers.
10. Security
We use reasonable administrative, technical, and organizational safeguards. Authentication data is managed through the authentication provider, and payment details are processed through Stripe. No system is completely secure, so users should protect account credentials and avoid entering passwords, payment details, private collection links, or sensitive personal information into support or AI-assistant fields.
11. Your Privacy Rights
Depending on where you live, you may have rights to access, correct, export, erase, restrict, or object to processing of personal data, and to withdraw consent where consent is the legal basis. You may also have the right to complain to a data-protection authority. To submit a request, contact support@clozett.app.
12. Contact Us
For privacy questions or requests, email support@clozett.app.