Skip to main content

Privacy Policy

Version 1.0 · Last updated 13 June 2026

This policy explains how Clyro handles personal data. We may update it; material changes will be notified and the "last updated" date revised.

Controller: Clyro Trade & Technology S.A.E. ("Clyro"), Cairo, Egypt. Privacy contact: privacy@clyro.trade.

1. Scope

Clyro is a B2B platform for verified-origin food trade. This policy covers clyro.trade and the Clyro platform. Clyro facilitates trade between businesses — it is not a party to trade contracts and does not hold or transfer funds.

2. Data we process

  • Account & identity: name, business email, phone, company, role, country, hashed password, login metadata; company legal-identity and verification documents (commercial registration, tax card, certificates).
  • Trade & platform activity: RFQs, inquiries, orders, agreements, messages, tasks, notes, listings, inventory, capacity, commercial/ledger records, verification evidence, support requests.
  • Technical: IP address, device/browser, cookies (see §9), product analytics, error/security logs.
  • AI assistant data: your conversations with Tunka/Super-Tunka and — only if you opt in (§7) — personalization memories derived from them.
  • Payment-reference data: invoice/payment references only. Clyro does not process or store card/bank credentials and has no payment custody.

3. Why we process it & legal bases

We process personal data to: provide the platform and trade workflow (contract / legitimate interests); verify exporters/suppliers/facilities and prevent fraud (legitimate interests / legal obligation); secure the service and prevent abuse and cloning (legitimate interests); send service emails (contract / legitimate interests); improve the product via aggregated analytics (consent for analytics cookies / legitimate interests); provide opt-in AI personalization memory (consent — §7); produce anonymized market intelligence (legitimate interests); and comply with law (legal obligation). Marketing emails, if any, are sent only with consent and you can opt out anytime.

4. How AI processes your data

Clyro uses AI for assistance, verification support, intelligence, content, and operations. We do not train or fine-tune AI models on your data — AI is used for inference only. AI calls run through a governed gateway with cost and safety controls; AI providers act as sub-processors (§8). AI output is assistive, not a guarantee (see the AI Disclaimers & Transparency notice). Aggregate intelligence is released only under a K-anonymity policy so no individual or business is identifiable (§6). See §7 for opt-in memory.

5. Who we share with

  • Other users, only as the trade requires (e.g. a buyer sees a verified exporter's profile; counterparties see shared deal documents). Contact details are gated behind an active relationship.
  • Verifiers (internal staff or contracted external verifiers under confidentiality and a data-processing agreement) — limited to documents assigned to them.
  • Sub-processors (§8) who host and operate the service under contract.
  • Authorities where required by law or to protect rights, safety, or prevent fraud.
  • We do not sell personal data and do not serve third-party ads.

6. Aggregate / anonymized intelligence

Market intelligence and platform insights are produced from aggregated, K-anonymized data (minimum cohort thresholds; thin or identifying slices are suppressed). This output is not personal data and cannot be traced to an individual or single business.

7. AI memory & personalization (opt-in)

By default the assistants do not remember you across conversations. If you opt in (Account → Privacy), we store minimal personalization memories (e.g. your typical products, corridors, preferences) to make the assistant more helpful. This is consent-based, off by default, and reversible: you can view, edit, and delete your memories or turn the feature off at any time. Memories are not used to train models, expire after a defined period, are visible only to you, and are deletable on request.

8. Sub-processors

We use vetted providers under data-processing terms: Supabase (database, auth, storage; EU region), Vercel (application hosting), Resend (transactional email), Cloudflare (CDN, security, media), AI providers including Anthropic (AI inference; no training on our data), Langfuse (AI observability), and Open Exchange Rates (FX reference; no personal data). A current sub-processor list is available on request.

9. Cookies & analytics

We use strictly-necessary cookies (login/session/security) only. Manage choices via the cookie banner and /legal/privacy-choices. See the Cookie Policy.

10. Your rights

Subject to applicable law (Egypt's Personal Data Protection Law 151/2020; the EU GDPR for EU data subjects; Saudi Arabia's PDPL; and other applicable laws), you may access, correct, delete, restrict, object to, and port your data, and withdraw consent. Submit requests at /legal/data-rights or privacy@clyro.trade; we respond within 30 days (or as law requires). AI memories and other personal data are erasable via this process.

11. International transfers

Data may be processed in the EU and transferred between Egypt, the EU, and the Gulf as the service and trade require, under appropriate safeguards (such as standard contractual clauses or equivalent measures).

12. Retention

We keep personal data only as long as needed for the purposes above or as law requires. Verification documents, commercial/ledger records, and consents are retained per legal and audit obligations; AI memories expire per §7; append-only audit and compliance records are retained as required.

13. Security

We use tenant isolation (row-level security), encryption in transit, access controls, multi-factor authentication for sensitive roles, short-lived signed document links, audit logging, a web application firewall, and anti-fraud/anti-cloning controls. No system is perfectly secure; we work to protect your data and will notify you and authorities of a breach as required by law.

14. Children

The platform is for businesses and is not directed to children; we do not knowingly process children's data.

15. Changes & contact

We may update this policy; material changes will be notified. Questions or requests: privacy@clyro.trade.


Clyro Privacy Policy v1.0. Under formal legal review; revisions will be published as version updates.