ClientsCave
Log in Start free
Legal

Privacy Policy

What we collect, why, and what you can do about it — written to be read, not survived. We collect little, sell nothing, and run no advertising trackers.

Last updated · 1 June 2026

1. Who we are

ClientsCave Ltd, a company registered in England and Wales, is the data controller for personal data processed through clientscave.com and app.clientscave.com. For anything privacy-related, email hello@clientscave.com.

2. What we collect

  • Account data — name, email address and a password (stored only as a salted hash). Optionally, your business name and the lead categories you care about.
  • Billing data — your plan, payment history and VAT country. Card details are collected and stored by our payment provider, who acts as merchant of record; they never touch our servers.
  • Usage data — which leads you unlock, credits spent, and basic product events, used to run the service and improve curation.
  • Correspondence — emails you send us, kept so we can actually help you next time.
  • Technical logs — IP address, browser type and timestamps, kept briefly for security and debugging.

We do not collect special-category data, and we do not buy data about you from anyone.

3. Data inside the leads we curate

Our product contains information from publicly posted client requirements on LinkedIn, which can include the poster's name, role and the content of their post. We process this limited, business-context information under our legitimate interest in operating a curation service — and our Terms require customers to use it lawfully and respectfully: one relevant, human reply, never bulk messaging.

If a post about you appears in our database and you would like it removed, email hello@clientscave.com and we will remove it within one business day, no questions asked.

4. How we use it (and the lawful bases)

  • Providing the service — account management, lead unlocking, billing, support. Lawful basis: contract.
  • Service emails — receipts, renewal notices, security alerts and lead alerts you have switched on. Lawful basis: contract.
  • Keeping the service safe and improving it — fraud and abuse prevention, debugging, understanding which features get used. Lawful basis: legitimate interests.
  • Marketing emails — only if you opt in, and every one carries an unsubscribe link that works. Lawful basis: consent, withdrawable at any time.
  • Tax and accounting recordslawful basis: legal obligation.

We do not sell personal data, and we make no automated decisions about you with legal or similarly significant effects.

5. Who we share it with

A small set of processors, each under contract, each receiving only what they need:

  • Payment provider (merchant of record) — processes payments, handles VAT and stores card details.
  • Email provider — sends transactional and (if you opted in) marketing email.
  • Hosting and infrastructure providers — run our servers, database and backups.

Beyond processors, we disclose personal data only if the law requires it, or as part of a sale or reorganisation of the business (in which case this policy continues to apply to your data).

6. Cookies

We use strictly necessary cookies only: a session cookie to keep you logged in and a CSRF token to protect forms. No advertising cookies, no third-party analytics cookies, no cross-site tracking — which is also why there is no cookie banner here.

7. How long we keep it

  • Account and usage data — while your account is open, then deleted or anonymised within 90 days of closure.
  • Billing records — six years, as UK tax law requires.
  • Technical logs — up to 30 days.
  • Support correspondence — up to two years after the thread closes.

8. International transfers

Some of our providers process data outside the UK. Where they do, the transfer is protected by a UK adequacy decision or by the UK International Data Transfer Agreement / Addendum (or equivalent safeguards), so your data keeps its UK-level protection wherever it is processed.

9. Your rights

Under the UK GDPR you can ask us to:

  • give you a copy of your personal data (access);
  • correct it (rectification);
  • delete it (erasure);
  • limit what we do with it (restriction);
  • hand it over in a portable format (portability);
  • stop processing based on legitimate interests or for marketing (objection);
  • withdraw consent you have previously given.

Email hello@clientscave.com — we respond within one month, usually much faster, and we never charge. If you are unhappy with our answer, you can complain to the Information Commissioner's Office at ico.org.uk.

10. Security

Traffic is encrypted in transit (TLS), passwords are hashed, access to production data is restricted to the people who need it, and backups are encrypted. If a breach ever puts your rights at risk, we will tell you and the ICO without undue delay, as the law requires.

11. Changes to this policy

If we change this policy in a way that matters — new purposes, new categories of data, new processors handling more of it — we will email account holders before the change takes effect. The date at the top always shows the current version.

12. Contact

Privacy questions, removal requests, rights requests: hello@clientscave.com. A human replies within one business day.