Privacy Policy
Last updated: 8 February 2026
1. Who We Are
ClientCut is operated by H3llo H3llo Ltd, a company registered in England and Wales. We are the data controller for the personal data we process through the ClientCut platform.
Contact: darius@h3lloh3llo.co.uk
2. Data We Collect
We collect the following categories of personal data:
Account Information
- Name, email address, business name
- Password (stored as a secure hash, never in plain text)
- Billing information (processed by Stripe; we do not store card details)
Client Data You Store
- Your clients' names, emails, phone numbers, addresses
- Project details, proposals, contracts, invoices
- Notes, communications, and file attachments
Usage Data
- Feature usage statistics and interaction data
- Log data (IP address, browser type, access times)
- Device information and approximate location (country level)
3. How We Use Your Data
We process your data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service | Contract performance |
| Processing payments and subscriptions | Contract performance |
| AI-assisted content generation | Contract performance |
| Sending service-related communications | Legitimate interest |
| Improving and developing the Service | Legitimate interest |
| Preventing fraud and ensuring security | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. AI and Your Data
ClientCut uses third-party AI services (such as OpenAI) to power AI-assisted features. When you use AI features:
- Relevant context from your account (client names, project details) may be sent to the AI provider to generate responses.
- We minimise the data sent and only include what is necessary for the feature.
- AI providers process data according to their own privacy policies and data processing agreements.
- We do not use your data to train AI models.
5. Data Sharing
We share your data with the following categories of recipients:
- Supabase — Database hosting and authentication (EU/US)
- Stripe — Payment processing (US, with EU data protection)
- Railway — Application hosting (US)
- Netlify — Frontend hosting (US)
- OpenAI — AI content generation (US, with DPA)
- Google — OAuth sign-in and Gmail integration (when authorised by you)
- Resend — Transactional email delivery (US)
We do not sell your personal data to third parties. We only share data as necessary to provide the Service or comply with legal obligations.
6. International Data Transfers
Some of our service providers are located outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), or reliance on providers' UK-adequate data protection certifications.
7. Data Retention
We retain your data as follows:
- Active accounts: Data is retained for as long as your account is active.
- After cancellation: Account data is retained for 30 days, then permanently deleted.
- Billing records: Retained for 7 years as required by UK tax law (HMRC).
- Server logs: Retained for 90 days for security and debugging purposes.
8. Your Rights (UK GDPR)
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:
- Right of access — Request a copy of your personal data.
- Right to rectification — Request correction of inaccurate data.
- Right to erasure — Request deletion of your personal data.
- Right to restrict processing — Request limitation of how we use your data.
- Right to data portability — Request your data in a structured, machine-readable format.
- Right to object — Object to processing based on legitimate interests.
- Rights related to automated decision-making — We do not make solely automated decisions that have legal effects on you.
To exercise any of these rights, contact us at darius@h3lloh3llo.co.uk. We will respond within 30 days.
9. Security
We take the security of your data seriously and implement appropriate technical and organisational measures, including encryption at rest and in transit, row-level security for tenant data isolation, regular security audits, and secure credential storage. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Cookies
We use the following cookies:
- Essential cookies: Required for authentication and security (CSRF tokens, session management). These cannot be disabled.
- Functional cookies: Remember your preferences and settings.
We do not use advertising or tracking cookies. We do not use Google Analytics or similar third-party analytics services.
11. Children
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The “Last updated” date at the top indicates when this policy was last revised.
13. Complaints
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
14. Contact Us
For any privacy-related questions or requests: darius@h3lloh3llo.co.uk
H3llo H3llo Ltd
United Kingdom