Clove Financial Ltd (“Clove”, “we”, “our” or “us”) respects your privacy and is committed to protecting personal data entrusted to us. This Notice explains how we collect, use, share and secure personal data when you use Clove’s software and related services (the Services). It also describes the rights and choices available to you.

1. Who we are

  • Legal entity: Clove Financial Ltd, a private company limited by shares incorporated in England & Wales.

  • Company number: 16451137

  • Registered office: 71 – 75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

  • Email: hello@tryclove.com

For the purposes of the UK GDPR and applicable U.S. privacy laws (including the Gramm‑Leach‑Bliley Act (GLBA) where relevant), Clove is the “data controller” of personal data described in this Notice.

2. Scope of this Notice

This Notice applies to:

  • Visitors to our websites and documentation portals;

  • Authorised users of the Clove platform, APIs or integrations; and

  • Business contacts at our customers, prospects, suppliers and partners.

Our Services are designed for business‑to‑business use. They are not directed to individual consumers or children.

3. Personal data we collect

We collect and process the following categories of personal data, only to the extent they are relevant:

  1. Account & Contact Data – name, business email address, role, telephone number and authentication credentials.

  2. Business Financial Data – bank tokens, transaction records and accounting‑system entries that you or your institution choose to import. These records may incidentally contain personal data (e.g., a director’s name in a payee field).

  3. Usage & Telemetry Data – log files, query strings, clickstream data, feature‑use metrics, and device/IP information gathered from your interaction with the Services.

  4. Marketing & Communications Data – preferences for marketing emails, event registrations and survey responses.

  5. Cookies & Similar Technologies – small data files or pixels used to operate and improve our websites. See our Cookie Notice for details.

We do not intentionally collect any special‑category or sensitive personal data (e.g., health information). Please refrain from uploading such data to the platform.

4. How we use personal data

We use personal data only for the following purposes:

  1. Deliver and maintain the Services. Authenticate users, ingest bank and accounting data, generate responses, provide customer support, and invoice Customers.
  2. Ensure security and compliance. Detect fraud or misuse, back up and audit systems, and meet legal or regulatory obligations (e.g., GLBA Safeguards Rule, UK GDPR).
  3. Improve and develop the Services. Analyse de‑identified usage patterns to debug, benchmark, train and evaluate machine‑learning models, and design new features.
  4. Communicate with you. Send operational notices, respond to inquiries, and market new functionality (you may opt out at any time).

We never sell personal data, allow third‑party advertising on the platform, or use raw bank or accounting records for unrelated marketing.

5. Aggregated analytics, model training and benchmarks

  • Before any Service Data enters our analytics pipeline, we strip or hash direct identifiers (such as account numbers, names, and free‑text references) and store it separately from raw vault data.
  • We apply statistical safeguards including k‑anonymity (k ≥ 10) and differential‑privacy noise (ε ≤ 1) so that individuals or specific businesses cannot be re‑identified from query logs or transaction patterns.
  • Aggregated telemetry is used solely to:
    • measure model accuracy and latency;
    • train proprietary models that power features such as auto‑categorisation;
    • generate anonymised industry benchmarks and insights.
  • We prohibit ourselves and our subprocessors from attempting to re‑identify, or allowing others to re‑identify, any aggregated or de-identified data.
  • Customers may disable analytics at any time in Settings or via the Privacy API; doing so prevents future log ingestion for improvement purposes and purges existing telemetry within 30 days.

6. International transfers

Clove’s primary compute and storage facilities are in the United States and the European Economic Area. When we transfer personal data outside the UK or EEA, we rely on approved safeguards such as the UK Addendum to the EU Standard Contractual Clauses (SCCs). A copy of these safeguards is available on request.

7. Security

We apply administrative, technical and organisational measures aligned with the UK GDPR, GLBA Safeguards Rule and industry frameworks such as SOC 2 Type II and the NIST Privacy Framework. Examples include:

  • Encryption at rest and in transit;

  • Tokenisation of banking credentials;

  • Role‑based access control with least privilege;

  • Differential‑privacy protections in our analytics pipeline;

  • Regular penetration testing and vulnerability management.

8. Data retention

  • Customer vault data (bank and accounting records) is retained for the duration of the customer contract and deleted or anonymised within 30 days of termination, unless we are legally required to keep it longer.

  • Operational logs and telemetry are retained for up to 12 months.

  • Aggregated, de‑identified statistics may be retained indefinitely because they no longer identify any individual or company.

9. Your rights

Depending on your location and role, you may have the right to:

  • Access, correct or delete personal data we hold about you;

  • Restrict or object to certain processing;

  • Receive a copy of your data in portable form;

  • Opt out of marketing communications at any time; and

  • Lodge a complaint with a supervisory authority (in the UK, the Information Commissioner’s Office at ico.org.uk).

For U.S. customers, we also honour rights under applicable state privacy laws (e.g., CPRA) relating to access, deletion and opt‑out of certain disclosures.

To exercise any rights, please email hello@tryclove.com. We may request verification of your identity before fulfilling your request.

10. Automated decision‑making

Clove does not engage in automated decision‑making that produces legal or similarly significant effects on individuals.

11. Contact us

If you have questions about this Notice or our privacy practices, write to:
Clove Financial Ltd
71 – 75 Shelton Street
Covent Garden
London
WC2H 9JQ
United Kingdom

Or email us at hello@tryclove.com

12. Updates to this Notice

We may update this Notice from time to time. Significant changes will be notified via the Services or by email. The revised Notice will take effect when posted unless stated otherwise.