Privacy Policy

01Overview

Cloner is the website cloning service at trycloner.com, operated by Symmerce LLC(“Cloner”, “we”, “us”). This policy covers information we collect through the service, our website, and any related applications.

The data controller is Symmerce LLC. If you have questions about this policy or your data, contact us at the address in the last section.

02Information we collect

Account information

When you create an account we collect your name, email address, and authentication credentials. Passwords are hashed by Supabase Auth and never stored in plain text.

Billing information

Payments are processed by Stripe. We receive your subscription status, invoice history, and the last four digits of your card — card numbers never reach our servers.

Usage data

We log IP address, user agent, routes you visit, and timestamps. These logs help us operate the service, prevent abuse, and investigate errors.

Clone inputs and outputs

When you submit a URL to clone, we store that URL along with the generated artifacts (HTML, CSS, assets) in our object storage. You control these artifacts from your dashboard and can delete them at any time.

Cookies and similar technologies

We use a small number of first-party cookies for authentication and session management. See the Cookies section for details.

03How we use information

• Deliver and maintain the service.
• Process payments and manage your subscription.
• Prevent fraud, abuse, and violations of our Terms of Service.
• Improve the product through aggregate analytics.
• Send account, security, and service-related communications.

We do not sell your personal information.

04Legal bases (GDPR)

If you are in the European Economic Area, we rely on the following legal bases:

• Contract. To provide the service you signed up for.
• Legitimate interest. To secure the service, prevent abuse, and improve the product.
• Consent. Where required, for example for optional analytics.
• Legal obligation. To comply with applicable laws and lawful requests.

05Sharing with third parties

We share information with the service providers required to operate Cloner:

• Supabase — authentication and database.
• Stripe — payment processing.
• Vercel — hosting and delivery.
• PostHog — product analytics.
• Resend — transactional email.

Each subprocessor is bound by a data processing agreement and only receives the minimum data required to perform its function. We do not sell personal data to third parties.

06International transfers

Cloner's infrastructure is hosted in the United States. If you access the service from outside the US, your information will be transferred to and processed in the US. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses with our subprocessors.

07Data retention

• Account data is retained until you delete your account, plus a 90-day grace period for account recovery and fraud investigations.
• Clone artifactsare retained per your plan's quota and deleted when you remove them or cancel your subscription.
• Billing records are retained as long as required by tax and financial regulations.
• Logs are retained for up to 90 days for security and debugging.

08Your rights

Depending on where you live, you have the following rights:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data (the “right to be forgotten”).
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent where processing is based on it.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at the address in the last section. We will respond within 30 days.

09California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the right to know what personal information we collect, to request its deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

10Cookies

We use cookies for three purposes:

• Session. Keeps you signed in between requests.
• Security. CSRF tokens and fraud prevention.
• Preferences. Remembers UI state you have set.

You can disable cookies in your browser, but parts of the service — especially authentication — will stop working if you do.

11AI and your data

Cloner uses machine learning to improve clone accuracy and component naming. We do not train our models on URLs you submit, on clone artifacts we generate for you, or on prompts you enter into the editor.

12Children's privacy

Cloner is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

13Security

We protect your information with encryption in transit (TLS) and at rest, least- privilege access controls, and continuous monitoring. No system is perfectly secure — if you discover a vulnerability, email us and we will investigate promptly.

14Changes & contact

We may update this policy as the service evolves. Material changes will be announced by email or in-product notice at least 30 days before they take effect.

Questions about this policy? Email privacy@trycloner.com or write to us at: