(legal) PRIVACY POLICY

Privacy, plainly.

Last updated: April 14, 2026

At Cleom, we treat your data and your creative work with the same care we'd want. This policy explains what we collect, why, and what you can do about it — in plain English. No dark patterns, no small print.

(01) INFORMATION WE COLLECT

What we collect

When you create a Cleom account, we store:

  • Your email address and display name
  • Your encrypted password (we never see it in plain text)
  • Your generation history — prompts, settings, and output URLs
  • Your credit balance and purchase history
  • Technical metadata: browser, timestamp, session info

We don't collect anything we don't need to run your account and your generations. That's the whole list.

(02) HOW WE USE IT

What we do with it

Your data is used for exactly three things:

  • Running your generations. Sending prompts to models, storing outputs, tracking credit usage.
  • Keeping your account secure. Auth sessions, password resets, fraud detection.
  • Improving the product. Anonymous aggregate data on which features get used and where things break.

We don't sell data. We don't share it with advertisers. We don't train external models on your work.

(03) YOUR OUTPUTS

Your work is yours

Everything you generate on Cleom — clips, sequences, edits — belongs to you. You get full commercial rights on every plan. We don't claim a license. We don't use your outputs to train models.

Plain version: you own it, you can commercialize it, we stay out of the way.

(04) COOKIES & ANALYTICS

Cookies and tracking

We use two types of cookies:

  • Essential cookies for authentication and session management — these can't be disabled without breaking sign-in.
  • Privacy-friendly analytics to see which features are used. No cross-site tracking, no ad networks, no fingerprinting.

You'll see a cookie banner on your first visit. Decline if you like — everything still works.

(05) DATA RETENTION

How long we keep it

We retain your account data for as long as your account is active. Generations stay in your history until you delete them or delete your account.

When you delete your account, everything goes: profile, generations, credit logs. It's permanent and usually takes under a minute. Some backups may persist for up to 30 days for disaster recovery, then get wiped automatically.

(06) YOUR RIGHTS

What you can do

You have the right to:

  • Access everything we store about you
  • Export your data in a readable format
  • Correct anything that's wrong
  • Delete your account completely
  • Opt out of analytics (already the default if you decline cookies)

Email us and we'll handle any of these within 7 days. No forms, no hoops.

(07) SECURITY

How we keep it safe

We use industry-standard encryption in transit (TLS) and at rest. Passwords are hashed with bcrypt. Authentication runs on Firebase Auth. Generations and user data live in Firestore with strict access rules so only your account can read your own data.

No system is perfectly secure. If we ever have a breach, we'll tell you — fast, direct, and without PR spin.

(08) CHANGES

When this changes

If we update this policy in a way that materially affects how your data is handled, we'll email you before the change takes effect. Small wording fixes get updated silently, with the "Last updated" date at the top.

Questions? Reach us.

We answer every privacy email personally, usually within a day.

hello@cleomai.com