Privacy Policy

Last Updated: June 12, 2026

1. Introduction

At Dialin AI, Inc. d/b/a Clarm ("us", "we", "our" or the "Company") we value your privacy and the importance of safeguarding your data. This Privacy Policy (the "Policy") describes our privacy practices for the activities set out below. As per your rights, we inform you how we collect, store, access, and otherwise process information relating to individuals. In this Policy, personal data ("Personal Data") refers to any information that on its own, or in combination with other available information, can identify an individual.

We are committed to protecting your privacy under applicable privacy laws, including the GDPR, UK GDPR, Swiss FADP, California's Consumer Privacy Act as amended by the CPRA, Colorado Privacy Act, Virginia Consumer Data Protection Act, and other applicable state, federal, and international privacy laws.

Scope

This policy applies to the Dialin AI, Inc. d/b/a Clarm websites, domains, applications, services, and products. This Policy does not apply to third-party applications, websites, products, services or platforms that may be accessed through links that we may provide to you.

For customer workspaces, Clarm generally acts as a service provider or processor for Personal Data that customers submit to the product, configure through connectors, or collect through their own deployed widget. Our customers are responsible for their own notices and lawful bases for their end users. Clarm acts as a controller for our website, sales, billing, security, and account administration activities.

2. Personal Data We Collect

Depending on how you interact with Clarm, we may collect the following types of Personal Data:

  • Account and workspace information: name, email address, password credentials, organization name, role, workspace configuration, and authentication/session data.
  • Billing information: billing contact details, plan information, payment status, invoices, and limited payment metadata. Payment card details are processed by our payment processor.
  • Customer content and connector data: documents, chats, tickets, messages, knowledge sources, connector metadata, workflow configuration, and outputs that customers choose to connect to or create in Clarm.
  • Website and widget usage data: pages viewed, referrers, UTM parameters, timestamps, browser and device data, first-party visitor identifiers, cookie-consent state, event names, and chat or form submissions.
  • Network and security data: IP addresses or hashed IP values, logs, audit events, abuse-prevention signals, and approximate location derived from IP address.
  • Visitor-intelligence data: company-level enrichment such as company name, domain, industry, size, and location. We do not use passive IP enrichment to request person-level enrichment by default. Person-level details such as name, title, email, phone number, or LinkedIn URL are used when you provide them, a customer provides them, or a consented visitor-intelligence provider returns them under the applicable configuration.
  • Communications: support requests, sales communications, demo forms, survey responses, and preferences.

How We Collect Your Personal Data

We collect Personal Data from the following sources:

  • From You: Information you provide when creating an account, using our services, or contacting us
  • Automated technologies: Device data, usage data, and browsing patterns collected via cookies and similar technologies
  • Customers and integrations: Content, events, and contact data submitted through customer-configured widgets, APIs, connectors, webhooks, Slack, CRM systems, email providers, and other integrations
  • Third parties: Payment processors, analytics providers, enrichment providers, email and CRM providers, identity providers, hosting providers, and security tools

3. How We Use Personal Data

We use Personal Data for the following purposes:

  • Provide, secure, maintain, and improve Clarm websites, applications, APIs, widgets, workflows, and support.
  • Authenticate users, administer accounts, process billing, send service notices, and respond to support or sales requests.
  • Operate AI features requested by customers, including retrieval, chat, workflow automation, approvals, audit logs, and connector-based actions.
  • Measure product and website performance, diagnose errors, detect abuse, prevent fraud, and enforce terms.
  • Route customer-configured notifications, including Slack, CRM, webhook, and email notifications where enabled by the customer.
  • Provide company-level visitor intelligence and, where a visitor has granted consent or otherwise where permitted by law and customer configuration, visitor-intelligence enrichment.
  • Comply with legal obligations, respond to lawful requests, and protect the rights, safety, and security of Clarm, customers, users, and the public.

Lawful Bases

Where GDPR, UK GDPR, or similar laws apply, our lawful bases may include performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights and security. We rely on consent for optional cookies and similar technologies where required, including cookie-based analytics and visitor-intelligence scripts that are not strictly necessary. Where permitted, we also rely on legitimate interests to run privacy-preserving, aggregate analytics that do not store or read information on your device and do not identify you, such as cookieless page-traffic measurement; this requires no consent and you may object using browser controls or by contacting us. You may withdraw consent at any time by declining the banner, clearing stored consent, using browser controls, or contacting us.

4. Cookies and Similar Technologies

A cookie is a small file with information that your browser stores on your device. We use strictly necessary cookies for authentication, security, consent storage, and service operation. We use preference cookies to remember how you like to use our service. With consent where required, we use cookie-based analytics and visitor-intelligence technologies to understand how people use our site, improve our service, and identify company-level buying signals. Independently of consent, we also use cookieless, aggregate analytics that set no cookies, store nothing on your device, and do not identify you, so we can measure overall site traffic.

Our website uses Cloudflare Web Analytics, which is cookieless and does not fingerprint visitors or track them across sites, to measure aggregate traffic without consent. We use PostHog for product analytics: for visitors outside the EU and UK, and for EU or UK visitors who grant consent, PostHog runs with cookies and a persistent identifier; for EU or UK visitors who have not granted consent, PostHog runs in a cookieless mode that stores nothing on the device and collects only anonymous, aggregate usage. RB2B visitor intelligence loads automatically for visitors outside the EU and UK, where GDPR does not apply, and for EU or UK visitors only after stored consent. All of these are suppressed when supported Global Privacy Control or Do Not Track signals are present. Customer-deployed widgets may set first-party visitor identifiers, respect supported opt-out signals, and use analytics or enrichment only according to customer configuration and applicable law.

5. Disclosure and Subprocessors

We may disclose Personal Data to the following categories of recipients:

  • Hosting, infrastructure, database, storage, monitoring, logging, and security providers.
  • Payment, billing, tax, accounting, and customer-support providers.
  • Analytics and website-intelligence providers, including PostHog, Cloudflare Web Analytics, and RB2B where enabled.
  • Enrichment providers used for company-level visitor intelligence, such as People Data Labs, Clearbit, 6sense, IPinfo, or similar services where configured.
  • Customer-configured destinations, including Slack, HubSpot, webhooks, email providers, CRMs, and connected knowledge or workflow systems.
  • Professional advisors, authorities, or third parties when required by law, to protect rights and security, or in connection with a corporate transaction.

We require service providers and processors to protect Personal Data and process it only for the purposes we authorize or the customer instructs, as applicable.

6. International Transfers

Clarm is based in the United States and may process Personal Data in the United States, the European Economic Area, the United Kingdom, Switzerland, and other countries where we or our service providers operate. When Personal Data is transferred from the EEA, United Kingdom, or Switzerland to a country that has not been found to provide an adequate level of protection, we use appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, transfer-impact assessments where required, and technical and organizational measures designed to protect the data.

7. Retention & Deletion

We will only retain your Personal Data for as long as necessary for the purpose for which that data was collected and to the extent required by applicable law. When we no longer need Personal Data, we will remove it from our systems and/or take steps to anonymize it.

Retention periods vary by category. Account and billing records are retained while your account is active and as needed for tax, accounting, dispute, and legal requirements. Security logs and audit records are retained as needed to protect the service and preserve evidence. Website and widget analytics are retained according to the workspace configuration and our documented retention schedules, unless a longer period is required for security, legal, or fraud-prevention reasons.

8. How We Keep Your Data Safe

We have appropriate organizational safeguards and security measures in place to protect your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. The communication between your browser and our website uses a secure encrypted connection wherever your Personal Data is involved.

9. Children's Privacy

We do not knowingly collect Personal Data from children under the age of 18 years.

10. Your Rights

Depending on your geographical location and citizenship, your rights may include:

  • Right to Access: Learn whether we are processing your Personal Data and request a copy
  • Right to Rectification: Have incomplete or inaccurate Personal Data corrected
  • Right to be Forgotten: Request deletion of your Personal Data
  • Right to Portability: Request a portable copy of Personal Data you provided to us
  • Right to Restrict Processing: Ask us to limit processing in certain circumstances
  • Right to Object: Object to processing based on legitimate interests, including certain profiling or direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
  • Right to Opt Out: Opt out of targeted advertising, sale of Personal Data, or profiling
  • Nondiscrimination: Not be denied service for exercising your rights

If you are in the EEA, United Kingdom, or Switzerland, you may also have the right to lodge a complaint with your local supervisory authority. If your Personal Data was submitted to Clarm by one of our customers, we may direct your request to that customer or help the customer respond, depending on our role for that data.

11. Automated Decision-Making

Clarm may use AI and automation to classify website events, summarize conversations, route notifications, recommend next actions, and support customer-configured workflows. We do not use website visitor intelligence to make decisions that produce legal or similarly significant effects about you without appropriate human involvement or another lawful basis.

12. Contact Us

To request a copy of your information, unsubscribe from our email list, request for your data to be deleted, or ask a question about your data privacy:

Email: [email protected]
Write to us at: Data Privacy Officer of Dialin AI, Inc. d/b/a Clarm, 1111B S Governors Ave STE 29410, Dover, DE, 19904