privacy policy

Effective date: Feb 27, 2026

MYCLO INC. ("Myclo", "we", "us", or "our") operates the myclo.ai website and the Myclo mobile application (collectively, the "Service"). This Policy explains how we collect, use, and disclose personal data when you use the Service and the choices you have. By using the Service, you agree to the collection and use of information in accordance with this Policy.

definitions

• Service. The myclo.ai website and Myclo mobile application operated by MYCLO INC.
• Personal Data. Data about a living individual who can be identified from that data (or from that and other information in our possession or likely to come into our possession).
• Usage Data. Data collected automatically (for example, the duration of a page visit or device information).
• Cookies. Small pieces of data stored on your device.
• Data Controller. The person or legal entity who determines the purposes and manner in which Personal Data is processed. MYCLO INC. is the Data Controller of your Personal Data.
• Data Subject / User. Any living individual who uses our Service and is the subject of Personal Data.

information collection and use

We collect several different types of information for various purposes to provide and improve our Service.

types of data collected

• Personal Data. During pre-launch, this website currently does not collect waitlist signup personal information. If waitlist collection is enabled later, this section and the effective date will be updated before collection begins.
• Login Credentials. When registering or connecting other accounts, you may use your email login credentials to link your email or merchant accounts with your Myclo account.
• User Content. When you use the Service, you may upload images, collections of purchases, comments, or other content ("User Content"). User Content posted in public areas may become public information.
• Usage Data. We may collect information your browser or device sends when you visit or use the Service, such as IP address, browser type and version, pages visited, time and date of visits, time spent on pages, unique device identifiers, and diagnostic data.
• Tracking & Cookies Data. We use cookies and similar tracking technologies to operate the Service and analyze usage. You can instruct your browser to refuse cookies, but some features may not work.

Examples of cookies we use: Session Cookies (to operate the Service), Preference Cookies (to remember settings), and Security Cookies (for security purposes).

use of data

• Provide and maintain our Service, including recommendations or customized content
• Notify you about changes to our Service
• Allow you to participate in interactive features when you choose
• Provide support and address account issues; investigate fraud or abuse; enforce our Terms and this Policy
• Gather analysis or valuable information to improve the Service
• Monitor usage of the Service
• Detect, prevent, and address technical issues
• Provide you with news, offers, and information about similar goods or services unless you opt out

additional limits on OAuth email data

• We do not use Gmail, Yahoo, or AOL email data for serving advertisements or marketing.
• Email access tokens and related data are used solely for purchase extraction or synchronization you request.
• Strict access controls apply; human access is restricted.
• We comply with Google OAuth Limited Use requirements and similar provider rules.

legal basis for processing (GDPR)

• We need to perform a contract with you
• You have given us permission to do so
• The processing is in our legitimate interests and not overridden by your rights
• To comply with the law

sensitive data & protection levels

• Level 1 — Standard Personal Data. Registration and profile information (name, email address, gender, birthday) and basic usage data, protected using industry-standard security controls.
• Level 2 — User-Generated Content. Images, comments, and purchase collections you upload; access is restricted and visibility follows your settings.
• Level 3 — Sensitive / Restricted OAuth Data. Email account access tokens and purchase receipt data obtained via Gmail, Yahoo, or AOL integrations. This data has strict access controls, is used only for purchase extraction and synchronization, is never used for advertising or marketing, and complies with provider requirements.

retention of data

MYCLO INC. retains Personal Data only as long as necessary for the purposes set out in this Policy. We retain and use Personal Data as needed to comply with legal obligations, resolve disputes, and enforce agreements. Usage Data is generally retained for shorter periods unless required for security, to improve functionality, or to meet legal obligations.

transfer of data

Your information, including Personal Data, may be transferred to and maintained on servers located outside your state, province, country, or other jurisdiction where data protection laws may differ. By providing information to us, you agree to these transfers, subject to safeguards to ensure your data remains protected consistent with this Policy.

disclosure of data

Business Transaction. If MYCLO INC. is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data becomes subject to a different Privacy Policy.

Law Enforcement. Under certain circumstances, MYCLO INC. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

Legal Requirements. MYCLO INC. may disclose your Personal Data in the good-faith belief such action is necessary to comply with a legal obligation, protect our rights or property, prevent or investigate possible wrongdoing, protect personal safety, or protect against legal liability.

data protection rights

"Do Not Track" signals (CalOPPA). We do not currently respond to DNT signals. You can enable or disable DNT in your browser settings.

GDPR rights. If you are a resident of the EEA, you have rights to access, update, or delete Personal Data; rectify inaccurate data; object to or restrict processing; request data portability; and withdraw consent where processing is based on consent. We may request identity verification before responding. You may complain to your local data protection authority.

security

The security of your data is important to us. While we use commercially acceptable means to protect Personal Data, no method of transmission over the Internet or electronic storage is 100% secure.

service providers

We may employ third-party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services, or assist us in analyzing how our Service is used. These third parties have access to Personal Data only to perform tasks for us and are obligated not to disclose or use it for any other purpose.

analytics

We may use third-party Service Providers to monitor and analyze the use of our Service, including Google Analytics. For more information, visit Google's Privacy Policy.

links to other sites

Our Service may contain links to other sites not operated by us. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

children

The Service is not intended for anyone under 12 years of age. If you believe we have collected personal information from a child in a manner prohibited by law, please contact us. If we learn we have collected personal information from a child without required consent, we will delete it.

changes to this policy

We may update this Policy from time to time. We will notify you of changes by posting the new Policy on this page and updating the effective date. Changes are effective when posted on this page.

contact us

If you have any questions about this Policy or want to exercise your rights, contact us at hello@myclo.ai.