Legal

Privacy Policy

Last updated: May 17, 2026
The short version. We collect the data we need to run our products — emails, leads, conversation transcripts, scoring results — and we use it to deliver those products to you. We don't sell your data. We don't share it with advertisers. We don't train AI models on it. If you want it deleted, email travis@clientcoded.com and we'll do it.

1. Who we are

This privacy policy applies to ClientCoded (the "Service"), operated by ClientCoded ("we," "us," "our"). The Service includes:

  • ClientCoded Sequences — our B2B revenue orchestration and AI SDR platform
  • Agent Testing — our AI chat agent testing tool at clientcoded.com/agentproof.html
  • ClientCoded — AI Agent Stress Test — our Chrome extension
  • clientcoded.com — our marketing website

You can reach us at travis@clientcoded.com.

2. What we collect and why

Marketing website (clientcoded.com)

We collect standard server logs (IP address, browser, referrer, pages visited) for security and aggregate analytics. We do not use third-party advertising trackers. If you book a meeting through Calendly, your scheduling data is handled by Calendly under their privacy policy.

ClientCoded Sequences (the platform our customers buy)

When a customer connects their CRM (HubSpot, Salesforce) to ClientCoded, we process the lead and contact data flowing through their sales pipeline so we can send email sequences, detect replies, score leads, and route qualified prospects to their team. We store:

  • Contact records (name, email, company, title, custom CRM fields)
  • Email content sent and received through the platform
  • Engagement data (opens, clicks, replies, meeting bookings)
  • Lead scoring outputs and AI SDR conversation transcripts

This data belongs to the customer who set up the account. We act as a data processor for it. Customer admins can export or delete their data at any time by emailing us.

Agent Testing (web app)

When you run a test on clientcoded.com/agentproof.html, we collect:

  • Your email address (so we can rate-limit free tests, attach results to your account, and send Pro upgrade confirmations)
  • The agent endpoint URL or widget ID you submit for testing
  • The ICP description, product description, qualification criteria, and known objections you provide
  • The full synthetic conversation transcripts our test generates against your agent
  • The scorecard and individual dimension scores produced by our scoring engine

If you upgrade to Pro, Stripe handles your payment information directly. We receive a customer ID and subscription status from Stripe; we never see your card number.

ClientCoded — AI Agent Stress Test (Chrome extension)

The extension is a thin client. It only collects what's needed to run a test and return a scorecard:

  • Your email address, which you enter in the popup, stored locally in your browser via chrome.storage.local so you don't have to re-enter it
  • The chat conversation the extension runs on the page you choose to test — every message the synthetic prospect sends and every response the chat widget returns
  • The URL, page title, and meta description of the page being tested, used to generate a realistic synthetic prospect
  • Whether the agent displayed a calendar booking link during the test (a boolean — we don't read the rest of the page)

This data is sent to our servers at clientcoded.app.n8n.cloud for persona generation, mid-conversation prospect message generation, and scoring. The resulting scorecard is stored under your email so you can revisit it later.

The extension does not:

  • Read other content on the page beyond the chat widget
  • Capture screenshots, keystrokes, or form input outside the chat widget it's actively testing
  • Track your browsing history
  • Inject ads, redirects, or third-party code into any page
  • Run when you're not actively triggering a test

3. How we use your data

We use the data described above to:

  • Deliver the product you're using (run sequences, generate test conversations, produce scorecards)
  • Enforce free-tier limits and Pro account access
  • Send transactional emails (test completion notifications, account confirmations, password resets, billing receipts)
  • Investigate bugs, errors, and abuse
  • Improve our scoring rubrics and detection heuristics (using aggregated, de-identified patterns — never your transcripts shared with anyone)
  • Generate anonymized, aggregated benchmarks and industry reports (e.g., average AI agent scores by dimension, failure rates by persona type). These reports never include your company name, agent endpoint, email, or any data that could identify you or your agent.
  • Create anonymized training datasets derived from aggregate conversation patterns across all tests. These datasets contain synthetic conversation structures and scoring patterns — not your actual transcripts. They may be made available to third parties for AI model improvement. No individual test, company, or user is identifiable in these datasets.
  • Comply with legal requests when required

What we don't do with your data

  • Sell or rent your personally identifiable data to third parties
  • Share it with advertisers or data brokers
  • Share your raw transcripts, scorecards, or agent configurations with other customers or third parties
  • Identify you or your company in any published benchmark, report, or dataset without your explicit written consent

4. Third-party services we use

The Service depends on the following processors. Each has its own privacy practices:

Anthropic (Claude API)
Powers AI SDR conversations, Agent Testing persona and scoring logic, and extension testing. Conversation content is sent to Anthropic's API. Anthropic does not retain or train on data submitted via API.
Supabase
Database hosting for all customer, lead, conversation, and scorecard data.
SendGrid
Sends emails on behalf of ClientCoded Sequences customers, plus our own transactional emails.
Stripe
Processes payments for Pro and higher tier subscriptions. Stripe handles all card data directly.
n8n Cloud
Hosts the workflow automation that runs our backend logic.
Netlify
Hosts our website, widget, and supporting pages.
Calendly
Handles meeting scheduling when you book a call with us or when an AI SDR books you a meeting.
Slack
Receives qualified-lead alerts on behalf of our customers (per-tenant webhooks).

5. Data retention

How long we keep your data depends on which product you're using:

  • Marketing site logs: 90 days, then deleted.
  • ClientCoded Sequences customer data: Retained for the life of the account plus 90 days after cancellation, then deleted. You can request immediate deletion before that window.
  • Agent Testing data: Retained indefinitely so you can revisit scorecards by URL. You can request deletion at any time. Note: anonymized, aggregated patterns derived from your test data (which cannot be traced back to you) may persist in our benchmark datasets even after your individual records are deleted.
  • Extension test sessions: Temporary session state (the synthetic prospect's persona during an in-flight test) is deleted within 24 hours. Final scorecards follow the Agent Testing retention policy above.
  • Stripe billing records: Retained as required by financial regulations (typically 7 years).

6. Your rights

Regardless of where you live, you can:

  • Request a copy of the data we hold about you
  • Request correction of any inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Withdraw consent for processing (which may mean we can't continue providing the Service)
  • Opt out of marketing emails (every marketing email has an unsubscribe link; transactional emails are not promotional)

If you're in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively. To exercise any of these rights, email travis@clientcoded.com with the subject line "Privacy request." We respond within 30 days.

7. Security

All data is transmitted over HTTPS. Database access is restricted to our backend services via Supabase's service role keys. API keys for third-party services are stored as environment variables, not in code. We do not store payment card data — Stripe handles that exclusively.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of confirming it, as required by GDPR for EU residents and as a matter of policy for everyone else.

8. Children

ClientCoded is a B2B product. It is not intended for and is not marketed to anyone under 18. We don't knowingly collect data from children. If you believe we have, email us and we'll delete it.

9. International data transfers

Our servers and the servers of our processors are primarily located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

10. Changes to this policy

We may update this policy as our products and the laws governing them change. When we make material changes, we'll update the "Last updated" date at the top and, for significant changes, notify active customers by email. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy questions, data requests, or anything else covered by this policy:

Travis at ClientCoded
Email: travis@clientcoded.com
Web: clientcoded.com