This Privacy Policy describes how Clutch Capital LLC ("Company," "we," "us") collects, uses, and handles information when you use Vantage (the "Service"). We wrote this to be direct — no vague language about what we actually store.
When you subscribe, we collect your email address and create a hashed password credential. We store your Stripe customer and subscription IDs to manage billing, and your account status and plan tier.
Payment is processed by Stripe, Inc. We store only your Stripe customer ID as a reference — never your card number, CVV, or full billing address. Stripe's privacy policy governs how your payment data is handled.
Business data you create or import — lead lists, prospect names, phone numbers, email addresses, call notes, and policy records — is synced from your browser to our servers so it persists across devices. This data is AES-encrypted at rest in our database. We do not use it for any purpose other than returning it to you when you log in.
When you enroll a lead in a drip campaign, we store an encrypted snapshot of that lead's contact information (name, email, phone number) on our servers for the duration of the campaign. Email addresses and phone numbers are also stored as one-way SHA-256 hashes for opt-out suppression. Message content is encrypted at rest. Consent timestamp and the IP address of the enrolling agent are recorded at the time of enrollment.
If you connect your own Twilio account or an outbound email address for drip campaigns, we store those credentials (account SID, API keys, SMTP password) server-side in encrypted form. We use them only to place calls and send drip messages on your behalf.
We collect first-party analytics events for product improvement, including: login, account creation, data sync, drip campaign enrollment and send events, and opt-out events. These are tied to your user account and stored for 180 days. No third-party analytics scripts or advertising trackers are used. On the public landing page, we log anonymous page-view and button-click events (no cookies, no fingerprinting) to understand how visitors engage with the site.
We log login attempts — including timestamp, email, and IP address — for fraud and abuse prevention. These records are purged after 90 days. Administrator actions are recorded in an audit log.
We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We share data only with the service providers listed below, solely to operate the Service:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing and subscription management | Email, payment card details (processed directly by Stripe) |
| Supabase, Inc. | Cloud database hosting | All data stored in the Service (encrypted at rest) |
| Twilio Inc. | Browser-based voice calling and SMS delivery for drip campaigns | Lead phone numbers (when you place calls or send SMS), call metadata |
| Anthropic, PBC | AI-personalized drip message generation (when ANTHROPIC_API_KEY is configured) | Lead first name, industry context, campaign step intent — no full contact records |
| SMTP provider (your configuration) | Transactional emails from Vantage (welcome, password reset, payment alerts) | Your email address and message content |
We may also disclose information if required by law, court order, or to protect the rights, property, or safety of our users or the public.
When you enable AI-personalized drip campaigns and an Anthropic API key is configured, we send limited lead context (first name, campaign intent, industry) to Anthropic's API to generate message copy. Full lead records, phone numbers, and email addresses are not sent. Anthropic's data processing agreement governs that data. AI personalization is optional — the drip system functions fully on pre-built templates without it.
We retain your account and business data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days and then deleted unless you request earlier deletion. Drip enrollment records (including encrypted lead snapshots) are deleted when an enrollment is cancelled or completed and purged on account deletion. Login attempt logs are deleted after 90 days. First-party analytics events are deleted after 180 days.
We protect your data with: bcrypt-hashed passwords, AES encryption for business data and drip lead snapshots at rest, SHA-256 hashing for suppression matching, encrypted storage of third-party credentials, HTTPS/TLS for all data in transit, strict per-account data isolation enforced at the query level, and rate limiting on login and sync endpoints.
You can export all of your business data at any time from within the app. To request access to, correction of, or deletion of your account data, email vantagecloses@gmail.com. We honor verified deletion requests within the timeframes required by applicable law.
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights:
To submit a verifiable consumer request, email vantagecloses@gmail.com from the address associated with your account. We will respond within 45 days as required by law. We may need to verify your identity before processing a request.
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Email address, IP address | Account authentication, security logging |
| Commercial information | Subscription plan, Stripe customer ID | Billing and subscription management |
| Professional information | Lead lists, call notes, policy records you enter | Core product functionality — storing your business data |
| Internet / network activity | Login events, sync events, drip send events, page views | Security, fraud prevention, product improvement |
| Third-party credentials | Twilio API keys, SMTP credentials (encrypted) | Placing calls and sending drip messages on your behalf |
The Service is not directed to children under 18. We do not knowingly collect information from minors.
We may update this Privacy Policy. We will notify you by email or in-app notice of material changes at least 30 days before they take effect. Continued use after changes take effect constitutes acceptance.
Questions about this policy or your data? Email us at vantagecloses@gmail.com.