1. Who We Are
This Privacy Policy explains how Clevewood ("Clevewood," "we," "us," or "our") collects, uses, discloses, and protects personal information when you:
visit https://bookmoreclients.io or any of our subdomains (the "Website");
request a demo, book a strategy call, or submit a form;
communicate with us by SMS, email, phone, or chat;
engage us as a paying client and use our AI automation services (the "Services").
Email: [email protected]
Trading name: Clevewood
If you are a resident of the United Kingdom or the European Economic Area, Clevewood Consulting is the data controller for your personal information under the UK GDPR and EU GDPR. For visitors in the United States, this notice is also intended to satisfy applicable U.S. state privacy laws (including the CCPA/CPRA in California).
By using the Website or our Services you confirm you have read and understood this Privacy Policy.
2. The Personal Information We Collect
We collect personal information in four distinct contexts. The categories, lawful bases, and retention periods differ for each.
2.1 Information You Give Us (Website Visitors & Prospects)
When you fill out a form, request a demo, book a call, or otherwise contact us, we collect:
Identity data: full name, business name, job title.
Contact data: email address, phone number (mobile), postal address (if provided).
Business data: industry/niche, products or services sold, lead-volume, average order value, marketing budget, and any context you provide so we can build a demo or proposal.
Marketing-consent data: the consent record (timestamp, IP address, the exact wording you agreed to, the checkbox state) confirming you have opted in to receive SMS or email from us.
Correspondence: the content of messages, emails, calls, and chat transcripts exchanged with us.
2.2 Information We Collect Automatically (Website Analytics)
When you use the Website we collect, via cookies and similar technologies, technical information including:
IP address, approximate location (country/region), device type, browser type and version, operating system, language;
pages visited, time spent, click paths, referring URLs, exit pages;
session identifiers and event data (form submissions, button clicks);
security data captured by Google reCAPTCHA to protect against bot abuse (see §6 below).
2.3 Information We Receive From Third Parties
We may receive personal information about you from:
Advertising platforms (e.g. Meta/Facebook, Google Ads) when you click on or interact with our ads;
Lead-generation partners if you submitted your details to a partner who passed your enquiry to us;
Public sources (e.g. LinkedIn, company registries) for B2B research and outreach;
Payment, calendar, CRM and analytics providers integrated with the Website (see §5).
2.4 Client Data and End-Customer Data (Paying Clients Only)
When you engage Clevewood as a paying client, you upload or grant us access to:
Your business data: account credentials, brand assets, scripts, offers, and configuration data;
Lead databases: lists of contacts (name, phone, email, prior interaction history) that you instruct us to message on your behalf;
End-customer conversation data: SMS, email, chat, and review-response content generated by our AI on your behalf.
For end-customers contacted through our Services, Clevewood acts as a data processor under UK/EU GDPR, and as a "service provider" under U.S. state privacy laws. You (the client) are the data controller and are solely responsible for ensuring you have a lawful basis and (where required) prior express written consent to contact those individuals. See our Terms of Service and our Data Processing Addendum for full obligations.
3. How We Use Your Personal Information
We use personal information only for the purposes set out below, each tied to a lawful basis under UK/EU GDPR.
#PurposeCategories UsedLawful Basis (UK/EU GDPR)1Respond to enquiries, build demos, deliver strategy callsIdentity, contact, businessSteps prior to entering a contract; legitimate interests2Provide, configure, and maintain the ServicesIdentity, contact, client dataContract performance3Send transactional SMS/email (demo links, calendar confirmations, account notices)Contact, marketing-consentContract performance; legitimate interests4Send marketing SMS or email about our ServicesContact, marketing-consentConsent (you can withdraw at any time)5Process payments and manage billingIdentity, contact, paymentContract performance; legal obligation6Improve, secure, and analyse the Website and ServicesTechnical, usageLegitimate interests (running a secure, useful service)7Comply with law, respond to lawful requests, enforce our termsAll categoriesLegal obligation; legitimate interests8Display testimonials and case studies (with consent)Identity, results dataConsent
We do not sell your personal information. We do not use your personal information to train any third-party AI model for purposes unrelated to providing the Services to you.
4. SMS and Phone Communications
Because messaging sits at the heart of our Services, the following terms apply specifically to SMS and calls:
Opt-in. We only send marketing SMS to people who have ticked an unticked consent box and confirmed their phone number on our Website, or who have separately and verifiably opted in.
Message frequency. Frequency varies. We typically send no more than a few messages per week to prospects.
Carrier fees. Message and data rates may apply. We do not control your carrier's charges.
Help & opt-out. Reply HELP for help. Reply STOP at any time to opt out of marketing messages. We process STOP requests immediately and confirm via a final message.
Consent is not required to obtain Services. You may request a quote, demo, or call without consenting to marketing SMS.
AI-generated content. Many messages you receive from Clevewood (or from a Clevewood-operated number used on behalf of a client) are generated or sent by automated systems including AI assistants. Where required by law, we disclose this on first contact.
Recording. We may record or transcribe calls and SMS exchanges for quality, training, and compliance purposes. If you do not consent to recording, please tell us at the start of the call.
5. When We Share Your Personal Information
We share personal information only with the following categories of recipients, each bound by contract and (where applicable) a UK/EU GDPR-compliant data processing agreement:
CategoryPurposeExamplesCRM & marketing automationHosting the Website, storing leads, sending SMS/email, dispatching campaignsLeadConnector / HighLevel (and its sub-processors)Telecommunications carriersRouting SMS and voice trafficTwilio, Bandwidth, and downstream mobile carriersAI / LLM providersGenerating conversational replies and contentOpenAI, Anthropic, and similar (used under enterprise terms that disable training on our data where available)Payment processorsTaking and reconciling paymentsStripe, GoCardless, or equivalent ([CONFIRM PROVIDER])Analytics & advertisingWebsite analytics, attribution, and remarketingGoogle Analytics, Meta Pixel ([CONFIRM/REMOVE WHICHEVER NOT IN USE])Security & anti-abuseProtecting against bots and fraudGoogle reCAPTCHAProductivity & communicationEmail, calendaring, schedulingGoogle Workspace / Microsoft 365 ([CONFIRM])Professional advisorsLegal, accounting, compliance, insuranceOur solicitors, accountants, auditorsAuthorities and third partiesWhere required by law, court order, or to protect rightsLaw-enforcement agencies, regulatorsSuccessors in interestIf we are acquired, merged, or reorganisedAcquirers, due-diligence advisors (under confidentiality)
A current list of sub-processors used to deliver the Services to clients is available on request to [email protected]
We do not sell or "share" your personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA, except to the extent the use of cookies on our Website constitutes "sharing" under California law. California residents may opt out via the cookie-consent banner or by emailing us (see §11).
6. Cookies and Similar Technologies
We use cookies and similar technologies to:
keep the Website functional (session, security, load-balancing);
remember your preferences;
measure traffic and improve the Website;
(where you consent) deliver and measure advertising.
You can manage cookies via your browser settings and, where shown, via the cookie banner on the Website. For a full list of cookies and durations, see our Cookie Notice at www.clevewoodconsulting.com or contact us.
The Website is protected by Google reCAPTCHA, subject to Google's Privacy Policy and Terms of Service. reCAPTCHA collects hardware and software information (e.g. device data, browser data, and the user's interaction on the site) and sends it to Google for the purpose of providing, maintaining, and improving the service and for general security.
7. International Transfers
Clevewood is based in USA. Many of our service providers are located outside that country, including in the United States and the European Economic Area. When we transfer personal information internationally, we rely on one or more of the following safeguards:
the UK International Data Transfer Agreement or the EU Standard Contractual Clauses (and the UK Addendum);
a valid adequacy decision issued by the UK Government or the European Commission;
your explicit consent, where appropriate.
You can request a copy of the safeguards in place by contacting [email protected].
8. How Long We Keep Personal Information
We keep personal information only as long as necessary for the purposes set out in this Policy.
Data Typical Retention
Prospect enquiry data (no purchase)Up to 24 months after last contact, then deleted or anonymised Marketing-consent records Duration of consent + 6 years (to evidence consent if challenged)Active client account dataDuration of engagement + the period required by applicable lawClient lead-database content uploaded for processingDeleted or returned within 30 days of contract termination (or sooner on request)Payment and invoicing records 6 years (UK/EU tax law) or longer if required Website analytics (aggregated)Up to 26 monthsCCTV/voice-call recordings (if any) Up to 12 months
Specific retention periods may be longer where we have a legal obligation or a legitimate interest (e.g. to defend against legal claims).
9. Your Rights
Depending on where you live, you have some or all of the following rights:
9.1 Under UK / EU GDPR
Access — request a copy of your personal information.
Rectification — correct inaccurate or incomplete information.
Erasure — ask us to delete personal information (subject to legal exceptions).
Restriction — limit how we process your information.
Portability — receive your information in a structured, machine-readable format.
Object — to processing based on legitimate interests, including direct marketing.
Withdraw consent — at any time, without affecting prior lawful processing.
Complain — to the UK Information Commissioner's Office (www.ico.org.uk) or your local EU/EEA data protection authority.
9.2 Under U.S. State Laws (including California CCPA/CPRA)
Right to know what categories and specific pieces of personal information we hold.
Right to delete personal information we have collected from you.
Right to correct inaccurate personal information.
Right to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising.
Right to limit use of sensitive personal information.
Right to non-discrimination for exercising any of these rights.
To exercise any of these rights, email us at [email protected] or write to the address in §1. We will verify your identity using a method proportionate to the sensitivity of the request and respond within the statutory deadline (one month under UK GDPR; 45 days under CCPA, extendable once).
You may use an authorised agent to submit a CCPA request on your behalf, provided you give that agent signed written permission and verify your identity directly with us.
10. Security
We use commercially reasonable technical and organisational measures to protect personal information, including TLS encryption in transit, encryption at rest for sensitive databases, role-based access controls, audit logging, vendor due-diligence, multi-factor authentication for staff accounts, and regular review of security practices.
No system is completely secure. If you believe your account or personal information has been compromised, contact us immediately at [email protected].
11. Children
The Services are intended for businesses and adults aged 18 or over. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact [email protected] and we will delete it.
12. Automated Decision-Making and AI
Our Services use artificial intelligence to draft and send messages. These are not "solely automated decisions producing legal or similarly significant effects" within the meaning of Article 22 of the UK/EU GDPR. AI-drafted messages are sent within parameters configured by our clients and are subject to human oversight. If you receive an AI-generated message and would like a human to take over, reply with the word HUMAN or contact us directly.
13. Third-Party Links
The Website may link to third-party sites or services. We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing personal information.
14. Changes to This Policy
We may update this Policy from time to time. The "Last Updated" date at the top shows when it was last revised. Material changes will be communicated by email (to active clients) or by a prominent notice on the Website. Continued use of the Services after a change indicates acceptance of the revised Policy.
15. Contact Us
Questions, requests, or complaints about this Privacy Policy or our handling of personal information:
Email: [email protected]
We aim to respond within 5 business days and to fully resolve verified rights requests within the statutory deadline.
If you are not satisfied with our response, you have the right to lodge a complaint with your supervisory authority (e.g. the UK Information Commissioner's Office at www.ico.org.uk).