ClivoDaily Privacy Policy

This Privacy Policy ("Policy") describes how Clivo Ventures Private Limited ("Clivo", "we", "our", or "us") collects, uses, shares, and protects personal data when you use the ClivoDaily mobile application on iOS or Android (the "App").

This Policy supplements the Clivo Master Privacy Policy available at https://clivotech.io/privacy-policy. Where this Policy differs from the Master Policy in respect of the App, this Policy prevails.

By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, please do not use the App.

1. WHO WE ARE

For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and, where applicable, the EU General Data Protection Regulation ("GDPR"), Clivo Ventures Private Limited is the Data Fiduciary / data controller for personal data processed through the App.

Registered office: Unit 109, Master Mind-V, Royal Palms Estate, Aarey Milk Colony, Goregaon East, Mumbai, Maharashtra 400065, India.

CIN: U62020MH2026PTC465602

Contact: strategy@clivotech.io

2. PERSONAL DATA WE COLLECT

We collect the following categories of personal data when you use the App:

2.1 Account information

When you create an account, we collect:

• Email address;
• Password (stored as a cryptographic hash — we never store your password in plain text);
• Display name (if provided);
• If you sign up using Google Sign-In or Sign in with Apple: your email address, name, and a unique identifier provided by Google or Apple. We do not receive your Google or Apple account password.

2.2 User content

• Tasks, reminders, lists, priorities, completion status, notes, tags, and other productivity data you create, modify, or delete within the App;
• Metadata associated with such content (creation and modification timestamps, task status, and user-defined categories).

2.3 Purchase information

The App offers in-app purchases processed by the Apple App Store or Google Play Store. Clivo does not receive or store your payment card, bank, or wallet information. From Apple and Google, we receive:

• A transaction identifier and receipt;
• The product purchased and the purchase status (active, expired, refunded);
• An anonymised user identifier from the relevant store.

2.4 Device and technical data

When you use the App, we (and our third-party service providers) automatically collect:

• Device identifiers (such as a random installation ID generated by the App and platform-provided device identifiers);
• Device type, model, and manufacturer;
• Operating system and version (iOS, iPadOS, or Android);
• App version, build number, and language/locale settings;
• IP address and approximate location derived from IP (city / region level — we do not collect precise GPS location);
• Network information (such as carrier and connection type).

2.5 Usage and analytics data

• Screens and features you view and interact with within the App;
• Actions you take (for example, creating a task, completing a task, initiating a purchase);
• Session duration, frequency of use, and in-app navigation paths;
• Performance metrics such as load times and feature responsiveness.

2.6 Session recording data

To understand how features are used, identify usability issues, and fix bugs, we record anonymised sessions of your use of the App. These recordings are captured in pseudonymous form (associated with a random user identifier rather than your personal identity) and are subject to the following safeguards:

• Text you type into input fields (task titles, notes, email, password) is masked before the recording is uploaded;
• Views that display your stored user content (task lists, note bodies) are masked;
• Email addresses shown in account and settings screens are masked;
• Sensitive information is automatically masked by our analytics provider before upload.

Session recordings capture the sequence of screens you view, the interactions you perform (taps, swipes, scroll depth), and the layout of the App as rendered on your device. They are used solely for internal product improvement and are not shared with third parties for advertising, profiling, or any purpose other than the operation and improvement of the App.

Opting out: You can turn off session recording at any time from Settings → Opt out analytics recording. Opting out does not restrict any functionality of the App. Once you opt out, we will stop recording new sessions for you, and existing recordings will be deleted in the ordinary course of retention (see Section 8).

2.7 Crash and diagnostic data

• Crash logs, stack traces, and error reports when the App crashes or encounters an error;
• Device state at the time of the crash (for example, memory usage and OS version);
• A hashed or pseudonymous user identifier, where applicable, to correlate crash reports across sessions.

2.8 Communications

Content of support requests or messages you send to us through the App or via strategy@clivotech.io or published support channels.

2.9 Push-notification tokens

When you enable push notifications, the operating system (Apple Push Notification service on iOS, or Firebase Cloud Messaging on Android) and Expo Push (which routes notifications on our behalf) provide us with a device-specific push token, which we use to deliver notifications.

3. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

• Provide the App and Services: authenticate you, sync your user content across your devices, and make the App's features available to you;
• Process in-app purchases: verify purchases with Apple or Google and enable access to paid features;
• Send notifications: deliver task reminders and other functional notifications you have enabled, and promotional or marketing notifications where you have opted in (you may opt out of marketing notifications at any time);
• Improve the App: analyse how users interact with the App, identify bugs and performance issues, and develop new features, including via anonymised, masked session recordings (which you can disable in Settings);
• Deliver over-the-air (OTA) updates: distribute JavaScript/TypeScript bundle updates to your copy of the App in accordance with Apple's and Google's applicable guidelines, so that we can deliver bug fixes and non-material improvements without requiring a full app-store update;
• Provide customer support: respond to your enquiries, resolve complaints, and assist with account issues;
• Security and fraud prevention: detect, prevent, and address technical issues, abuse, fraud, and violations of our terms;
• Legal compliance: comply with applicable laws and respond to lawful requests from public authorities.

4. LEGAL BASES FOR PROCESSING

We process your personal data on the following legal bases (as applicable):

• Performance of a contract: to provide you with the App and the features you have requested;
• Consent: for marketing notifications and any other processing that requires your consent under applicable law. You may withdraw your consent at any time;
• Legitimate interests: to secure the App, prevent abuse, improve the App through analytics and anonymised, masked session recordings, and develop new features, where such interests are not overridden by your rights and where you have the ability to object (for example, by disabling session recording in Settings);
• Legal obligation: where processing is required to comply with applicable law.

5. THIRD-PARTY SDKs AND SERVICE PROVIDERS

To operate the App and understand how it is used, we integrate with the following third-party service providers. Each provider receives only the data necessary for its stated purpose and is bound by its own privacy policy and our written data-processing arrangements.

5.1 Supabase (Backend and Data Hosting)

• Provider: Supabase, Inc.
• Purpose: authentication, database, storage, and backend infrastructure that enables cloud sync of your account and user content.
• Data processed: email address, hashed password, account identifiers, user content (tasks, lists, notes, metadata), and associated timestamps.
• Data location: stored in Supabase infrastructure located in India.
• Privacy policy: https://supabase.com/privacy

5.2 Sentry (Crash and Error Reporting)

• Provider: Functional Software, Inc. (d/b/a Sentry).
• Purpose: crash reporting, error tracking, and performance monitoring.
• Data processed: crash logs, stack traces, device type and OS, App version, and a pseudonymous user identifier. We configure Sentry to minimise the personal data it receives.
• Privacy policy: https://sentry.io/privacy/

5.3 PostHog (Product Analytics and Session Recording)

• Provider: PostHog Inc.
• Purpose: (i) product analytics — understanding feature usage, user journeys, and aggregate trends to improve the App; and (ii) session recording — replaying anonymised, masked sessions of App use to identify usability issues and bugs.
• Data processed (analytics): a pseudonymous user identifier (linked to your Clivo account), events and screens you view, actions you take within the App, device and App information, approximate (IP-based) location, and session data.
• Data processed (session recording): a replay of the App interface as rendered on your device during the session, together with interaction events. Text inputs, displayed task titles, displayed note bodies, and email addresses are masked by the PostHog SDK before the recording is uploaded. PostHog's built-in masking automatically redacts sensitive fields and input text, so your personal content is not visible in the recordings.
• Controls: you can disable session recording (and analytics) at any time in Settings → Opt out analytics recording.
• Privacy policy: https://posthog.com/privacy

5.4 Expo (App Delivery and Push Notifications)

• Provider: 650 Industries, Inc. (d/b/a Expo).
• Purpose: (i) EAS Build — cloud build infrastructure used to compile and sign the App; (ii) EAS Update — delivery of JavaScript/TypeScript bundle over-the-air updates to your device; and (iii) Expo Push — routing service that forwards push notifications from us to Apple Push Notification service or Firebase Cloud Messaging for delivery to your device.
• Data processed: App version, runtime version, platform (iOS/Android), installation identifiers, and Expo push tokens. For push notifications routed via Expo Push, the notification payload (for example, the title and body of the notification) passes through Expo's infrastructure before being delivered to Apple or Google for final delivery to your device.
• Privacy policy: https://expo.dev/privacy

5.5 Firebase Cloud Messaging (Android Push Delivery)

• Provider: Google LLC.
• Purpose: final delivery of push notifications to Android devices.
• Data processed: device registration tokens and the notification payload forwarded to your device. Firebase Cloud Messaging is a transport layer; we do not use Firebase Analytics or other Firebase services beyond push delivery.
• Privacy policy: https://firebase.google.com/support/privacy

5.6 Apple and Google (Platform Providers)

The Apple App Store and Google Play Store process your account and payment data in connection with downloading the App and any in-app purchases. Apple Push Notification service (on iOS) handles final delivery of push notifications to your device. Their use of your data is governed by Apple's and Google's respective privacy policies.

6. HOW WE SHARE YOUR PERSONAL DATA

We do not sell your personal data. We share personal data only in the following circumstances:

• Service providers: with the third-party providers listed in Section 5, strictly for the purposes described;
• Legal and regulatory: where required by law, court order, or other legal process, or to establish, exercise, or defend legal claims;
• Safety and security: to protect the rights, property, or safety of Clivo, our users, or the public;
• Business transfers: in connection with a merger, acquisition, financing, or sale of all or part of our business, subject to appropriate confidentiality protections and notice where required by law;
• With your consent: where you have directed or consented to the sharing.

7. DATA LOCATION AND INTERNATIONAL TRANSFERS

Your account and user content are primarily stored on Supabase infrastructure located in India. Some of our other service providers (including Sentry, PostHog, Expo, and Firebase Cloud Messaging) may process data outside India, including in the United States. Where personal data is transferred to a jurisdiction that does not offer the same level of protection, we implement appropriate safeguards in accordance with applicable law (including the DPDP Act and, where applicable, GDPR standard contractual clauses).

8. DATA RETENTION

We retain your personal data for as long as your account is active, and for a limited period thereafter, as described below:

• Account and user content: retained until you delete your account. Once you initiate account deletion, we delete or anonymise your account and user content from our active systems, and from backups in the ordinary course of backup rotation;
• Crash and analytics data: retained in aggregated or pseudonymous form for up to 26 months, consistent with our analytics providers' default retention;
• Session recordings: retained for up to 30 days from the date of recording, after which they are automatically deleted. You may request earlier deletion by contacting strategy@clivotech.io or by opting out in Settings → Opt out analytics recording;
• Purchase receipts and transaction records: retained for the period required under applicable tax, accounting, and commercial laws (typically 8 years from the end of the financial year);
• Support communications: retained for up to 24 months after resolution.

We may retain certain data for longer where required by law, or where necessary to establish, exercise, or defend legal claims.

9. YOUR RIGHTS

Subject to applicable law, you have the following rights in relation to your personal data:

• Access: obtain a copy of the personal data we hold about you;
• Correction: correct inaccurate or incomplete data;
• Erasure / Account deletion: delete your account and associated personal data (see Section 10 below);
• Portability: receive a copy of your user content in a structured, commonly used, machine-readable format;
• Restriction and objection: restrict or object to certain processing, including direct marketing, analytics, and session recording (which you can disable in Settings → Opt out analytics recording);
• Withdraw consent: where processing is based on consent, withdraw your consent at any time;
• Nominate: under the DPDP Act, nominate another individual to exercise your rights in the event of your death or incapacity;
• Grievance redressal: raise a grievance with our Grievance Officer (see Section 14);
• Complaint to a supervisory authority: lodge a complaint with the Data Protection Board of India or the relevant supervisory authority in your jurisdiction.

To exercise your rights, contact us at strategy@clivotech.io or use the in-App settings where available. We will respond within the timeframes required by applicable law.

10. ACCOUNT DELETION

You may delete your ClivoDaily account at any time by:

• Using the "Delete Account" option within the App (Settings → Account); or
• Sending a written request to strategy@clivotech.io from the email address associated with your account.

Upon account deletion, we will delete or irreversibly anonymise your account and user content from our active systems promptly, and from backups in the ordinary course of backup rotation. Certain data may be retained where necessary for legal, tax, accounting, fraud-prevention, or dispute-resolution purposes, as described in Section 8.

11. CHILDREN'S PRIVACY

The App is intended for users aged 13 and above. Users under 18 are considered "children" under the DPDP Act. Where the App is used by an individual under 18 years of age in India, we require verifiable parental or lawful-guardian consent before processing that individual's personal data.

We do not knowingly process personal data of any individual under 13, or of a child under 18 in India without the required parental consent. If you believe that we have inadvertently collected such personal data, please contact us at strategy@clivotech.io and we will take steps to delete it.

Parents and lawful guardians may contact us at strategy@clivotech.io to review, correct, or delete personal data of a child for whom they have provided consent.

12. SECURITY

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit using TLS;
• Encryption of user content at rest in Supabase infrastructure;
• Cryptographic hashing of passwords (we never store plaintext passwords);
• Access controls and least-privilege principles for our personnel and service providers;
• Masking of sensitive content in session recordings before upload (see Section 2.6);
• Periodic reviews of our security posture and response procedures.

No method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials and for notifying us promptly at strategy@clivotech.io if you suspect unauthorised access to your account.

13. NOTIFICATIONS AND MARKETING COMMUNICATIONS

With your permission, the App sends push notifications to your device. These may include:

• Functional notifications: task reminders and other notifications related to your use of the App;
• Promotional and marketing notifications: announcements about new features, offers, and campaigns.

Push notifications are routed through Expo Push and delivered by Apple Push Notification service (on iOS) or Firebase Cloud Messaging (on Android). You can manage or disable notifications at any time through the App's settings or your device's system settings. Disabling functional notifications may reduce the App's usefulness as a reminders tool.

If you wish to opt out of marketing-related notifications while continuing to receive functional notifications, you may do so through the App's settings (Settings → Notifications).

14. GRIEVANCE OFFICER

In accordance with the DPDP Act and the Information Technology Act, 2000 (and the rules made thereunder), we have appointed a Grievance Officer to address any concerns regarding this Policy or our processing of your personal data:

Grievance Officer: Abhay Muttreja, Managing Director, Clivo Ventures Private Limited
Email: strategy@clivotech.io
Postal Address: Unit 109, Master Mind-V, Royal Palms Estate, Aarey Milk Colony, Goregaon East, Mumbai, Maharashtra 400065, India.

We acknowledge grievances within a reasonable period and respond within the timeframes prescribed by applicable law.

15. APPLE AND GOOGLE PLATFORM REQUIREMENTS

15.1 Apple App Tracking Transparency (iOS)

The App does not track you across apps and websites owned by other companies for advertising or measurement purposes, and does not currently present Apple's App Tracking Transparency (ATT) prompt. If this changes in the future, we will request your permission through Apple's ATT framework before enabling any such tracking, and will update this Policy accordingly.

15.2 Apple Privacy Nutrition Labels

The data types disclosed in this Policy are reflected in the privacy labels displayed on the App's Apple App Store listing. Where there is any inconsistency, this Policy prevails.

15.3 Google Play Data Safety

The data types disclosed in this Policy are reflected in the Data Safety section of the App's Google Play Store listing. Where there is any inconsistency, this Policy prevails.

15.4 Over-the-Air (OTA) Updates

The App uses Expo's EAS Update service to deliver over-the-air updates to the App's JavaScript/TypeScript bundle. These updates are limited to bug fixes and non-material changes that are consistent with the App's functionality as approved by Apple and Google, and do not change the App's primary purpose or introduce material new features requiring platform review. Updates that introduce material new features or native-code changes are distributed through the Apple App Store and Google Play Store review process.

15.5 Advertising identifiers

The App does not display third-party advertising, does not use device advertising identifiers (IDFA on iOS or Android Advertising ID) to deliver ads to you within the App, and does not share advertising identifiers with third parties.

15.6 Analytics and session recording controls

Product analytics and session recordings (anonymised and masked, as described in Section 2.6) can be disabled by you at any time through Settings → Opt out analytics recording. Disabling these features does not restrict any functionality of the App.

16. CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Policy at https://clivotech.io/clivodaily/privacy and update the "Last updated" date at the top of this Policy. Where changes are material, we will provide in-App notice and, where required by law, obtain your consent before the changes take effect.

17. CONTACT US

Clivo Ventures Private Limited
Unit 109, Master Mind-V, Royal Palms Estate, Aarey Milk Colony, Goregaon East, Mumbai, Maharashtra 400065, India
Email: strategy@clivotech.io  |  Website: clivotech.io

© 2026 Clivo Ventures Private Limited. All rights reserved. CIN: U62020MH2026PTC465602