Privacy Policy

(Last updated March 2023)

At Clutch Holdings LLC (“Clutch”), our core mission is to transform the way businesses identify, understand and motivate their customers; and we provide a guarantee that you will know more about your customers than ever before, and you’ll be able to drive intelligent connections, profitable engagements and lifetime customers. A necessary part of that mission is to set a high standard for protecting the privacy of your information and your customers’ information. We want to be clear about how we collect, use, protect, and share information, including Personal Information about you, and the rights and choices you have about the ways in which you can help us protect your privacy.

This Privacy Statement explains:

  • What information we collect and why we collect it
  • How we use that information and when we disclose it
  • Your rights regarding your information, including how to access and update your information
  • How we maintain information and the steps we take to protect your information

Privacy Policy Scope: This Privacy Statement applies to the information that we obtain through your use of Clutch products and services, including our website (www.clutch.com) and your interactions and communications through our website, our portal, virtual terminal, hosted sites, social media, mobileand web-based tools (collectively, our “Services”).

This Privacy Statement does not apply to Personal Information arising from Clutch employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Statement also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.

Geography: Clutch is a United States (“U.S.”) based company that offers its Services to domestic and international business customers. As a result, Personal Information may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third-party service providers in the U.S. and in other countries to the extent necessary to support Clutch’s business activities, and we may access Personal Information collected by our customers to support the Services that we provide to our customers. Thus, Personal Information may be transferred to and stored on servers located in the U.S. and in countries different from the country in which that information was initially collected. Similarly, the information we collect may be accessed by Clutch and our third-party service providers and business partners from countries other than the ones in which the information is stored.

We understand that we have users from different countries and regions with different privacy expectations, and we endeavor to meet those expectations even when the U.S. imposes lesser obligations. Stated differently, we work hard to adhere to applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.

For those of you in the UK, please see our Notice to UK Residents:

Notice to UK Residents

Cross-border data transfers

Clutch complies with the Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the United Kingdom (“UK”) to the U.S. Clutch has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework.

If there is any conflict between the terms of the Privacy Statement and the DPF , the DPF shall govern. To learn more about the Data Privacy Framework, and to view our certification, visit the Data Privacy Framework website.

Dispute resolution process

For residents in which GDPR applies, in the unlikely event that a dispute arises between you and Clutch regarding our handling of your Personal Information, we will do our best to resolve the matter with you.

UK GDPR Article 27 Representation

VeraSafe has been appointed as Clutch’s representative in the UK for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the UK, VeraSafe can be contacted in addition to or instead of [email protected] only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

As Clutch is an American company, we are subject to the jurisdiction of the U.S. Federal Trade Commission (FTC).

For those of you in the EU, please see our Notice to EU Residents:

Notice to EU Residents

Dispute resolution process

For residents of the European Union (“EU”), in the unlikely event that a dispute arises between you and Clutch regarding our handling of your Personal Information, we will do our best to resolve the matter with you. If we cannot, we have selected to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals. Please contact us if you would like us to direct you to your data protection authority contacts.

Additionally, if you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority.

EU GDPR Article 27 Representation

VeraSafe has been appointed as Clutch’s representative in the EU for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to [email protected] only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:

https://verasafe.com/public-resources/contact data-protection-representative or via telephone at: +420 228 881 031.  

Alternatively, VeraSafe can be contacted at:

VeraSafe Netherlands BV

Keizersgracht 555
1017 DR Amsterdam
Netherlands

As Clutch is an American company, we are subject to the jurisdiction of the U.S. Federal Trade Commission (FTC).

EU-US and Swiss-US Data Privacy Framework

Clutch complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Clutch has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Clutch has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. 

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-US Data Privacy Framework Principles, Clutch commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union and Swiss individuals with DPF inquiries or complaints should first contact Clutch at [email protected]

Clutch has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.

If your  DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

For those of you in Canada, please see our Notice to Canadian Residents:

Notice to Canadian Residents

Clutch complies with the Canadian Anti-Spam Law (“CASL”), which went into effect on July 1, 2014. Clutch has certified that it adheres to the CASL. The purpose of the CASL is to promote the efficiency of the Canadian economy by regulating commercial conduct that discourages the use of email to carry out commercial means and to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means to carry out commercial activities, because that conduct:

(a)   impairs the availability, reliability, efficiency and optimal use of electronic means to carry out commercial activities;

(b)   imposes additional costs on businesses and consumers;

(c)   compromises privacy and the security of confidential information; and

(d)   undermines the confidence of Canadians in the use of electronic means of communication to carry out their commercial activities in Canada and abroad.

In cases of a violation pursuant to CASL, Clutch is potentially liable. If there is any conflict between the policies in the Privacy Policy and the CASL, the CASL shall govern. To learn more about the CASL and Clutch’s compliance program, please visit fightspam.gc.ca. For any complaints in connection with any potential violation of the CASL, please first contact Clutch at [email protected].

For those of you in California, please see our Notice to California Residents:

Notice to California Residents

The California Consumer Privacy Act of 2018 (Cal. Civ. Code §1798.100 et seq., as amended, “CCPA”, or “CPRA”), gives California residents rights and control over their Personal Information. Clutch provides this statement to California residents in accordance with requirements under the CCPA/CPRA to make certain disclosures about the collection and processing of their Personal Information. This is Clutch’s California-specific description of consumers’ privacy rights under the CCPA/CPRA.

We Do Not Sell Your Personal Information

Under the CCPA/CPRA, a business that sells California residents’ Personal Information to others:

  • must give notice to California residents before selling their Personal Information to others; and
  • must provide the right to opt out of the sale of their Personal Information.

Clutch does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent.

Your Rights Under the CCPA/CPRA

1.      Right to know what Personal Information is being collected, for what purposes and with whom it is shared

California residents have the right to request from a business disclosure of the categories and specific pieces of Personal Information it has collected from them in the preceding 12 months, the categories of sources from which such Personal Information is collected, the business or commercial purpose for collecting or selling such Personal Information, and the categories of third parties with whom the business shares Personal Information.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information, free of charge, twice a year. The information may be delivered by mail or electronically and, if provided electronically, shall be in a portable and, to the extent technically feasible, readily usable format that allows the California resident to relatively easily transmit this information to another entity.

2.      Right to know whether your Personal Information is sold or disclosed for a business purpose and to whom

California residents have the right to request from a business that sells or discloses Personal Information for a business purpose separate lists of the categories of Personal Information collected, sold or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

3.      Right to say no to the sale of your Personal Information

As explained above, the CCPA/CPRA requires businesses that sell Personal Information to allow residents the ability to opt out of the selling of their information.

4.      Right to non-discrimination of service or price if you exercise your privacy rights

The CCPA/CPRA prohibits businesses from discriminating against a California resident for exercising any of their rights under the CCPA/CPRA, including by:

  • denying goods or services to the resident;
  • charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties;
  • providing a different level or quality of goods or services; or
  • suggesting that the person exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services.

5.      Right to deletion

California residents have the right to request that a business delete any of their Personal Information that the business collected from them, subject to the exceptions in CCPA §1798.105.

To Exercise Your CCPA/CPRA Rights

Contact us at 1(888)-541-6789

Click Here or go to www.account.clutch.com/ccpa

Clutch will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law.

If you have any questions specifically about CCPA/CPRA, you may reach out to us at [email protected].

For those of you in Colorado, please see our Notice to Colorado Residents:

Notice to Colorado Residents

Clutch complies with the Colorado Privacy Act (“CPA”), which goes into effect on July 1, 2023, and gives Colorado residents rights and control over their Personal Information. Clutch provides this statement to Colorado residents in accordance with requirements under the CPA to make certain disclosures about the collection and processing of their Personal Information. This is Clutch’s Colorado-specific description of consumers’ privacy rights under the CPA.

We Do Not Sell Your Personal Information

Under the CPA, a business that sells Colorado residents’ Personal Information to others:

  • must give notice to Colorado residents before selling their Personal Information to others; and
  • must provide the right to opt out of the sale of their Personal Information.

Clutch does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent.

Your Rights Under the CPA

Colorado residents have the right to:

  • Confirm whether or not a business is processing their Personal Information;
  • Access their Personal Information;
  • Correct inaccuracies in their Personal Information;
  • Delete their Personal Information;
  • Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
  • Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling that may produce a legal or other significant impact on the Colorado resident.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information twice per calendar year, with the first such request being free of charge. You may be charged a reasonable fee for additional requests made in the same calendar year.

Clutch may use de-identified data (data that cannot reasonably be linked to an identified or identifiable person or a device linked to such person) in some instances, but Clutch either maintains such data without attempting to re-identify it or treats such data as Personal Information.

The CPA prohibits businesses from discriminating against a Colorado resident for exercising any of their rights under the CPA, including by:

  • denying goods or services to the resident;
  • charging different prices or rates for goods or services; or
  • providing a different level or quality of goods or services.

To Exercise Your CPA Rights

Contact us at 1(888)-541-6789

Click Here or go to www.account.clutch.com/ccpa

Clutch will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law. Additionally, you have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request. If you are not satisfied with the results of the appeal, you have the right to contact the Colorado Attorney General.

If you have any questions specifically about CPA, you may reach out to us at [email protected].

For those of you in Connecticut, please see our Notice to Connecticut residents:

Notice to Connecticut Residents

Clutch complies with the Connecticut Data Privacy Act (“CTDPA”), which goes into effect on July 1, 2023, and gives Connecticut residents rights and control over their Personal Information. Clutch provides this statement to Connecticut residents in accordance with requirements under the CTDPA to make certain disclosures about the collection and processing of their Personal Information. This is Clutch’s Connecticut -specific description of consumers’ privacy rights under the CTDPA.

We Do Not Sell Your Personal Information

Under the CTDPA, a business that sells Connecticut residents’ Personal Information to others:

  • must give notice to Connecticut residents before selling their Personal Information to others; and
  • must provide the right to opt out of the sale of their Personal Information.

Clutch does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent.

Your Rights Under the CTDPA

Connecticut residents have the right to:

  • Confirm whether or not a business is processing their Personal Information;
  • Access their Personal Information;
  • Correct inaccuracies in their Personal Information;
  • Delete their Personal Information;
  • Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
  • Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling that may produce a legal or other significant impact on the Connecticut resident.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information for a twelve month period free of charge, once a year.

Clutch may use de-identified data (data that cannot reasonably be linked to an identified or identifiable person or a device linked to such person) in some instances, but Clutch either maintains such data without attempting to re-identify it or treats such data as Personal Information.

The CTDPA prohibits businesses from discriminating against a Connecticut resident for exercising any of their rights under the CTDPA, including by:

  • denying goods or services to the resident;
  • charging different prices or rates for goods or services; or
  • providing a different level or quality of goods or services.

To Exercise Your CTDPA Rights

Contact us at 1(888)-541-6789

Click Here or go to www.account.clutch.com/ccpa

Clutch will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law. Additionally, you have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request.

If you have any questions specifically about CTDPA, you may reach out to us at [email protected].

For those of you in Utah, please see our Notice to Utah Residents:

Notice to Utah Residents

Clutch complies with the Utah Consumer Privacy Act (“UCPA”), which goes into effect on December 31, 2023, and gives Utah residents rights and control over their Personal Information. Clutch provides this statement to Utah residents in accordance with requirements under the UCPA to make certain disclosures about the collection and processing of their Personal Information. This is Clutch’s Utah-specific description of consumers’ privacy rights under the UCPA.

We Do Not Sell Your Personal Information

Under the UCPA, a business that sells Utah residents’ Personal Information to others:

  • must give notice to Utah residents before selling their Personal Information to others; and
  • must provide the right to opt out of the sale of their Personal Information.

Clutch does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent.

Your Rights Under the UCPA

Utah residents have the right to:

  • Confirm whether or not a business is processing their Personal Information;
  • Access their Personal Information;
  • Correct inaccuracies in their Personal Information;
  • Delete their Personal Information;
  • Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
  • Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, or (ii) the sale of Personal Information.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information for a twelve month period free of charge, once a year. You may be charged a reasonable fee for additional requests made in the same twelve month period.

Clutch may use de-identified data (data that cannot reasonably be linked to an identified or identifiable person or a device linked to such person) in some instances, but Clutch either maintains such data without attempting to re-identify it or treats such data as Personal Information.

The UCPA prohibits businesses from discriminating against a Utah resident for exercising any of their rights under the UCPA, including by:

  • denying goods or services to the resident;
  • charging different prices or rates for goods or services; or
  • providing a different level or quality of goods or services.

To Exercise Your UCPA Rights

Contact us at 1(888)-541-6789

Click Here or go to www.account.clutch.com/ccpa

Clutch will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law.  

If you have any questions specifically about UCPA, you may reach out to us at [email protected].

For those of you in Virginia, please see our Notice to Virginia Residents:

Notice to Virginia Residents

The Virginia Consumer Data Protection Act (“VCDPA”) became effective on January 1, 2023, and gives Virginia residents rights and control over their Personal Information. Clutch provides this statement to Virginia residents in accordance with requirements under the VCDPA to make certain disclosures about the collection and processing of their Personal Information. This is Clutch’s Virginia-specific description of consumers’ privacy rights under the VCDPA.

We Do Not Sell Your Personal Information

Under the VCDPA, a business that sells Virginia residents’ Personal Information to others:

  • must give notice to Virginia residents before selling their Personal Information to others; and
  • must provide the right to opt out of the sale of their Personal Information.

Clutch does not sell Personal Information, including Personal Information of anyone under 16 years old, without consent.

Your Rights Under the VCDPA

Virginia residents have the right to:

  • Confirm whether or not a business is processing their Personal Information;
  • Access their Personal Information;
  • Correct inaccuracies in their Personal Information;
  • Delete their Personal Information;
  • Obtain a copy of their Personal Information in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the information to another entity; and
  • Opt out of the processing of their Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling that may produce a legal or other significant impact on the Virginia resident.

If you request that a business disclose categories and specific pieces of Personal Information collected about you, you have the right to receive that information, free of charge, twice a year.

Clutch may use de-identified data (data that cannot reasonably be linked to an identified or identifiable person or a device linked to such person) in some instances, but Clutch either maintains such data without attempting to re-identify it or treats such data as Personal Information.

The VCDPA prohibits businesses from discriminating against a Virginia resident for exercising any of their rights under the VCDPA, including by:

  • denying goods or services to the resident;
  • charging different prices or rates for goods or services; or
  • providing a different level or quality of goods or services.

To Exercise Your VCDPA Rights

Contact us at 1(888)-541-6789

Click Here or go to www.account.clutch.com/ccpa

Clutch will verify your request within seven (7) days and complete the request within 45 days from receipt of the request, as required by law. Additionally, you may have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request.

If you have any questions specifically about VCDPA, you may reach out to us at [email protected].

——————————–

If you have any questions or concerns about this Privacy Statement or about our privacy or data security practices, please contact us at [email protected].

Personal Information Definitions

For purposes of this Privacy Statement, “Personal Information” means information from or about you that identifies you directly and information that is associated with you and thus could potentially identify you, including when combined with other information from or about you.

Types of Information Collected

  • Names
  • Social Media Handles
  • Messenger App Handles
  • Physical address
  • Email addresses
  • Telephone numbers
  • Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title
  • User IDs and passwords
  • Personal information that you choose to share within our user communities
  • Payment card and financial account information
  • Identifiers of devices used to access our Services

Data Collection

Voluntary Collection

Account and Profile Information: We collect information about you and your company when you register for an account, create or modify your profile, and make purchases through our Services. Information we collect includes your name, username, address, email address, phone number, and payment card details. You may provide this information directly through our Services or in some cases another user (such as an account administrator) creating an account on your behalf may provide it. If you provide information (including Personal Information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.

Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as Health Insurance Portability and Accountability Act (HIPAA) protected health information, European Union (EU) personal data, and other information such as source code or regulatory compliance materials.

Other submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media Sites.

Automatic Collection

Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.

Cookies and Other Tracking Technologies: We use various technologies to collect information, including cookies that we save to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize our Services and your experience; to allow you to access and use the Services without re-entering your username or password; and to count visits and understand which areas and features of the Services are most popular. We may also associate the information we store in cookies with Personal Information you submit while on our Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services.

Collection from Other Sources

Information from Third Parties: We may obtain information, including Personal Information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from our direct marketing providers, product referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Statement. If we use this information to provide you with opportunities that we think may be of interest to you, you will have the ability to inform us that you do not wish to receive such offers, and you may unsubscribe from our marketing and other email communications by clicking on the link in the email, sending an email to [email protected], or accessing your user account and changing your distribution preferences.

Information Provided by Other Individuals: While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about you. When one individual provides us with information (including Personal Information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of Personal Information as described in this Privacy Statement. Please contact us immediately at [email protected] if you become aware of an individual providing us with Personal Information about another individual without being authorized to do so, and we will act consistently with this Privacy Statement.

Data Provided by Customers

Our customers and their designated users use our Services to develop, establish, implement, and maintain secure application and database deployment environments for processing sensitive data, including Personal Information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store Personal Information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.

Our customers and prospective customers are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of Personal Information, prior to providing that Personal Information to Clutch.

In addition, our customers and prospective customers are also responsible for identifying, in their services agreements with Clutch or in a related document (such as a HIPAA Business Associate Agreement or General Data Protection Regulation (GDPR) agreement), any additional requirements for protecting, accessing, and handling Personal Information in a manner that exceeds the reasonable, risk-based administrative, technical, and physical safeguards that Clutch would otherwise routinely implement, or that are inconsistent with the collection and use practices identified in this Privacy Statement.

Unlike the other collections of information described in this section, our agreements with customers include protections and limitations regarding our access to and use of Personal Information collected by customers, and we do not access, use, copy, retain, or aggregate customer data except as stated in those agreements.

Why We Collect Data From and About You

We will not use your Personal Information for anything other than the following lawful purposes:

To establish and maintain contractual relationships with our customers:

  • To establish and maintain relationships with customers
  • To fulfill our obligations to current customers in the delivery of the Services
  • To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
  • To enable our customers to access and use our Services

To comply with our legal obligations:

  • To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements
  • To demonstrate compliance with applicable privacy and data security laws and regulations, such as HIPAA, CCPA and GDPR
  • To comply with incident monitoring, reporting, assessment, and notification requirements
  • To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

To provide services and information that you request and consent to receive:

  • To provide customer service and support
  • To communicate with you, including responding to your comments, questions, and requests regarding our Services
  • To process and complete transactions, and send you related information, including purchase confirmations and invoices
  • To provide direct marketing, email, and other distributed information distribution

To conduct business operations necessary for the continued operation of our business:

  • To administer, operate, maintain, and secure our website and Services
  • To monitor and analyze trends, usage, and activities in connection with our Services
  • To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
  • To verify compliance with our internal policies and procedures
  • For accounting, record keeping, backup, and administrative purposes
  • To customize and improve the content of our communications, websites, and social media accounts
  • To educate and train our workforce in data protection and customer support
  • To provide, operate, maintain, improve, personalize, and promote our Services
  • To develop new products, services, features, and functionality
  • To market our products and services (first-party marketing only; we do not provide Personal Information for use in marketing any non-Clutch, third-party goods or services)

When possible, we will use anonymized data for these purposes, but if we do not, or if we combine it with Personal Information, we will treat it in accordance with this Privacy Statement.

When and Why We Share or Disclose Personal Information

Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose Personal Information that we collect from or about you.

We may share your information in the following ways:

With Your Express Consent: We will share your Personal Information with companies, organizations, or individuals outside of Clutch when we have your consent to do so.

When You Choose to Directly Share Your Information While Using Our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.

When Your Account Is Accessed by Your Organization’s Designated Clutch Administrator: Your Clutch account owners and administrators may be able to:

  • Access information in and about your Clutch account;
  • Disclose, restrict, or access information that you have provided or that is made available to you when using your Clutch account, including your content; and
  • Control how your Clutch account may be configured, accessed, or deleted.

With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services. We also work with third-party service providers to provide the cloud-based tools that our customers use to create their secure storage containers and securely store their sensitive information, including Personal Information.

When Necessary to Comply with Laws and Law Enforcement Requests, or Otherwise to Protect Our Rights or Those of Individuals: We may disclose your information (including your Personal Information) to a third party if:

  • We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request
  • To enforce our agreements, policies and terms of service
  • To protect the security or integrity of Clutch’s products and services
  • To respond to an incident involving personal data for which Clutch has direct or indirect responsibility
  • To protect the property, rights, and safety of Clutch, our customers or the public from harm or illegal activities
  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person
  • To investigate and defend ourselves against any third-party claims or allegations.

As the result of a business transition: We may share or transfer your information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

Sharing aggregated, anonymized, de-identified, or otherwise non-personal data: We may share aggregated, anonymized, de-identified, or otherwise non-Personal Information that does not directly or indirectly identify you and that cannot with reasonable effort, be used to re-identify you in order to improve the overall experience of our Services. Such aggregated, anonymized, de-identified, or otherwise not re-identifiable information is not Personal Information within the scope of this Privacy Statement.

NOTE: Clutch does not sell your Personal Information

How we respond to compelled disclosure

Clutch may disclose Personal Information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.

In complying with court orders and similar legal processes, Clutch strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.

How we, and others, communicate with you

We may use your email address to communicate with you, if you have expressly allowed us to do so, and only for the reasons you have allowed. For example, if you contact our support team with a request, we will respond to you via email. You cannot opt out of receiving important communications from us, such as emails from our support team or system emails, but you can manage your communication preferences and limitations in your user profile, as described in greater detail in the section below.

Depending on your email settings, Clutch may occasionally send notification emails about changes in a repository you are watching, new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. We will provide an unsubscribe link located at the bottom of each of the marketing emails we send you.

Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.

In addition, if you access our platform or Services with your mobile device, the Company may send text messages (including SMS and MMS) to that mobile device. The subject of our text messages to you will be limited to those matters for which you have opted in. To stop receiving text messages, text STOP in response to any message you receive.

Your Control Over Your Personal Information

You maintain control over the data you share with us, as described below.

  • You may decline to share certain Personal Information with us, in which case we may not be able to provide to you (or our customers) some of the features and functionality of our Services or fulfill your requests. For example, we need your email address to authenticate you and perform account services such as password resets, or to provide you with customer support.
  • You may decline to accept cookies, but that decision may affect the functionality and performance of our Services.
  • You may update or correct your Personal Information at any time by accessing the account settings page on the website or within our platform.
  • You may opt out of receiving promotional communications from Clutch by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
  • You may request information about, and access to, the personal data that we collect from you.
  • You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.
  • You may request that we delete information that we have collected about you.
  • You may ask us for a copy of the information that we collect from you.

To exercise any of these options, or for additional information about our privacy and data security practices, contact us at [email protected].

Security

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we employ a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the Personal Information you trust us with.

To that end, we manage our data protection program consistent with ISO 27001 (https://www.iso.org/isoiec-27001-information-security.html).

Clutch protects Personal Information under its control and requires its service providers to also protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.

If you have concerns about the security of your information with Clutch, please contact us immediately at [email protected] to report an issue.

Data Retention

We retain your Personal Information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, and then securely dispose of that information.

Children’s Privacy

Our Services are not directed to individuals under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us at [email protected]

Clutch Sub-vendor Directory

(Last updated: March 2023)
Clutch shares information with service providers and other third parties who perform services on our behalf.
This page provides a list of vendors with whom we share Personal Information as well as describes where each is located and what services these vendors provide for us.

Subvendor — Service Provided — Headquarters Location

  • Google Analytics — Analytics — US
  • Google Cloud Platform – Cloud Infrastructure – US
  • AWS — Cloud Infrastructure — US
  • AppCues — Product Growth — US
  • Hubspot — Client Marketing — US
  • Google G-Suite — Communications and Daily Management — US
  • Atlassian — Task Management & Documentation — Australia
  • SalesForce — SaaS — US
  • Netsuite — Saas — US
  • Sharefile — Internal and External Secure File Share — US
  • Dropbox — Internal File Storage — US