How Clerwell handles personal data, workspace data, and AI worker context

1. Who we are

CLERWELL PRIVATE LIMITED is headquartered in Bangalore, India. Clerwell builds AI workers that can be given roles, instructions, connected tools, memory, permissions, and oversight so they can help people and teams complete work.

CIN: U62099KA2026PTC220395

Registered Office: NO A 52, RPR COMPLEX, FIFTH FLOOR 1ST MAIN ROAD, Ramamurthy Nagar, Bangalore North, Bangalore – 560016, Karnataka, India

Email: hello@clerwell.com

2. Information we collect

We collect information you provide directly, information created when you use Clerwell, and limited technical information collected by our website and services.

• Account and profile information, such as name, email address, organization, role, login details, plan, and preferences.
• Contact and support information, such as messages, form submissions, support tickets, sales requests, and feedback.
• Workspace and customer content, such as files, prompts, instructions, tasks, notes, connected-tool records, approvals, and outputs you ask a Clerwell worker to process.
• AI worker configuration, such as worker names, roles, guidelines, memory, permissions, tool access, model routing choices, and escalation rules.
• Usage and log data, such as pages viewed, device and browser details, IP address, timestamps, authentication events, worker actions, audit trails, error logs, and security events.
• Billing and commercial information, such as plan selections, invoices, payment status, and transaction metadata. Payment card data is handled by payment processors, not stored by Clerwell unless explicitly stated in the billing flow.
• Cookies and similar technologies used for site functionality, analytics, preferences, security, and performance.

3. How we use information

We use information to provide, secure, improve, and support Clerwell. This includes account creation, authentication, worker setup, tool connections, task execution, memory and context handling, billing, support, abuse prevention, analytics, product improvement, and legal compliance.

Clerwell workers may process customer content to complete the tasks you assign. Depending on your plan and configuration, processing may occur through your own model provider keys, Clerwell-managed providers, self-deployed infrastructure, private cloud, or on-premise environments.

4. Legal bases and consent

Where applicable law requires a legal basis, we process information to perform a contract, operate the service, comply with legal obligations, protect legitimate interests such as security and service improvement, and honor consent where consent is required. You may withdraw consent where processing depends on consent, but this may limit some features.

5. AI, model providers, and customer control

Clerwell is designed around control and accountability. Administrators decide which workers exist, what they may access, which tools they can use, and which model providers or deployment environments are allowed.

Customer content may be sent to selected model providers or connected services only as needed to perform requested work, unless your deployment is configured to keep processing within your own environment. If you bring your own model keys or self-deploy Clerwell, your relationship with those providers may be governed by your own provider terms and settings.

6. Sharing and subprocessors

We do not sell personal information. We may share information with service providers and subprocessors that help us provide hosting, authentication, analytics, support, billing, email delivery, security, model processing, and connected-tool functionality. We may also share information when required by law, to protect rights and safety, during a business transfer, or with your instructions.

7. Retention

We keep information only as long as needed for the purposes described in this policy, including providing the service, maintaining audit records, resolving disputes, enforcing agreements, meeting legal obligations, and preserving security. Customer administrators may be able to delete workspace content, worker memory, and logs depending on plan, deployment model, and retention settings.

8. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal data. You may also have rights to withdraw consent, opt out of certain sharing, and lodge a complaint with a data protection authority. To exercise rights, contact hello@clerwell.com.

If Clerwell processes your information on behalf of a customer organization, we may direct your request to that organization because it controls the workspace and worker configuration.

9. Security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. These safeguards include access controls, least-privilege permissions, encryption where appropriate, audit logs, monitoring, backups, and incident response processes. No system is perfectly secure, so customers should also configure strong passwords, access controls, provider keys, and worker permissions.

10. International processing

Clerwell may process information in India and other countries where we or our providers operate. When required, we use appropriate safeguards for international transfers and vendor processing.

11. Children

Clerwell is not intended for children. Do not use Clerwell to collect or process children’s personal data unless your organization has the legal authority and required safeguards to do so.

12. Changes to this policy

We may update this policy as Clerwell evolves, laws change, or our practices change. The latest version will be posted on this page.