Privacy Policy
WHO WE ARE
The company behind CLEO
CLEO is operated by Regenerative AI ("RegenAI", "we", "us"). This policy explains what personal data we process, why, and the rights you have.
SCOPE
What this policy covers
This policy covers personal data processed through the CLEO platform and the regencleo.ai website. For most client data we process, our client is the data controller and CLEO acts as a data processor under our agreement with them; for website visitors and account holders, we act as the controller.
DATA WE PROCESS
What we collect and why
Account data: name, email, and identity subject. We hold no password; sign-in is delegated to a specialist identity provider.
Connected credentials: CMS, search/analytics, and social publishing tokens, stored encrypted, used only to perform the tasks you authorise.
Content & analytics: website and CMS content, search and analytics data, generated drafts, and brand-visibility metrics. Where analytics we read contains personal data (e.g. about your site visitors), it is access-controlled and is never sent to content-generation providers.
Billing & consent: subscription and billing events (no card data, handled by our PCI-certified payments provider) and an append-only record of terms acceptance.
Usage & telemetry: operational logs and telemetry, scrubbed of personal data before it leaves our service.
LAWFUL BASIS
The purpose behind processing
We process personal data to provide and secure the platform, to publish and analyse content on your instruction, to manage your account and billing, to communicate with you, and to meet legal obligations.
AI PROCESSING
Your content and third-party models
We do not allow your content to train third-party AI models. AI providers are used only on paid, commercial API terms under which client inputs and outputs are not used for model training; we do not use free tiers that would permit it.
We do not train our own models on your campaigns without your explicit opt-in. If we ever offer this, you will be asked first and may decline while continuing to use CLEO in full.
SHARING & SUBPROCESSORS
Who else sees your data
We share personal data only with the subprocessors needed to run the service: our cloud provider, managed data store, identity provider, payments provider, AI content providers, search-data vendors, and telemetry/monitoring, each bound by a data-processing agreement. We do not sell personal data.
TRANSFERS & RESIDENCY
Where your data lives
Production data is hosted in the cloud region agreed with each client; available regions include the United States of America (New York), Australia (Sydney), the United Kingdom (London), and India (Mumbai). Where data is processed outside your jurisdiction, each recipient is bound by a data-processing agreement holding it to equivalent standards, designed to support cross-border obligations under regimes such as the UK/EU GDPR and the Australian Privacy Principles.
RETENTION
How long we keep it
We keep personal data for as long as needed to provide the service and to meet legal, accounting, and security obligations, after which it is deleted or anonymised. Project deletion cascades across our system of record.
YOUR RIGHTS
What you can ask us to do
Depending on your jurisdiction, you may have the right to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent. To exercise any of these, contact us at the address below and we will respond within the time required by law.
SECURITY
How we protect it
We protect personal data with delegated identity, application-layer encryption of sensitive credentials, encryption in transit and at rest, controlled egress, and tenant isolation. See our Security page for detail.
CHILDREN
Who this platform is for
CLEO is a business platform and is not directed at children. We do not knowingly collect personal data from children.
CHANGES TO THIS POLICY
When this policy updates
We will post any changes here and update the effective date. Material changes will be communicated to account holders.
This policy was last updated on June 8, 2026.