Privacy policy

Last updated 16 July 2026

1. Who we are

CleverX is a research platform operated by BluMatter, Inc., a Delaware corporation ("CleverX," "we," "us"). Our address is 131 Continental Drive, Suite 305, Newark, DE 19713.

Companies use CleverX to run research studies: surveys, AI-moderated interviews, live video interviews, unmoderated usability tests, and video diaries. Professionals join those studies as participants and earn rewards.

This policy explains what personal data we collect, why, who we share it with, and the choices you have.

Two roles. For data we collect to run the platform (accounts, payments, fraud prevention, analytics), we are the data controller. For study content that a researcher collects through our platform (your survey answers, interview recordings, test sessions), the researcher is typically the controller and we process that data on their behalf under our Data Processing Agreement. Where this policy says a researcher "receives" your data, that researcher has their own privacy obligations to you.

2. Who this policy covers

This policy covers three groups of people. What we collect depends on which group you are in.

Website visitorsResearchers (customers)Participants
Account and contact detailsNoYesYes (limited for link-only panelists, see below)
Professional profile (job history, education, skills)NoBasic (name, company, role)Yes
Study responses, recordings, transcriptsNoYes, when you appear in a recorded session you moderate or observeYes
Payment or payout detailsNoYes (billing)Yes (payouts)
Device data, cookies, analyticsYesYesYes
Device fingerprinting for fraud preventionNoYesYes
Third-party profile enrichment (LinkedIn-sourced)NoNoYes

Link-only panelists. Some participants reach a study through a direct link from an external research panel without creating a full CleverX account. For these participants we collect the study responses, recordings where the study includes them, device and fraud-prevention data, and a panel identifier so the panel can pay you. Your relationship with the panel is governed by the panel's own terms and privacy policy.

3. Data we collect

3.1 Data you give us directly

Researchers: name, work email, company, role, password or single sign-on details, billing information, the studies you create, and messages you send through the platform or to our support team.

Participants: name, email, password or single sign-on details, your professional profile (job titles, employers, work history, education, skills, industries), LinkedIn profile URL if you provide one, screener answers, survey responses, messages, and payout account details (handled by our payout providers, see Section 7).

Study responses: everything you submit inside a study, including survey answers, open-text responses, uploaded files, and demographic questions a researcher chooses to ask.

3.2 Data collected automatically

  • Device and usage data: IP address, browser and device type, operating system, pages viewed, actions taken in the app, and timestamps. We use third-party analytics tools for this (see our Subprocessor List for current providers).
  • Approximate location: we derive your country from your IP address.
  • Device fingerprint: we use device-fingerprinting technology to generate an identifier for your device. We use it to detect duplicate accounts, VPN or virtual-machine use, and fraud rings. See Section 12 on automated decisions.
  • Cookies and similar technologies: see Section 14.

3.3 Data we collect from third parties

We want to be direct about this because it is unusual and you may not expect it.

LinkedIn-sourced profile enrichment (participants). When a participant provides a LinkedIn profile URL, or when we verify a profile, we obtain data about that profile from third-party professional-data providers (named on our Subprocessor List). These providers compile data from publicly available sources and their own partner sources. The data we receive can include:

  • name, headline, photo, and location
  • full work history, job titles, employers, and education
  • skills, languages, and certifications
  • personal email addresses and phone numbers
  • an inferred salary estimate

If these providers include sensitive fields such as gender or date of birth, we discard them; we do not store them.

We use this data to verify that participants are who they say they are, to match participants to studies, and to build the professional profile researchers see. Because this data does not come from you directly, this section serves as the notice required by GDPR Article 14. If you want this data corrected or deleted, contact us (Section 16).

Panel providers. When you arrive from an external research panel, the panel sends us a participant identifier and, depending on the panel, basic demographic attributes for matching.

Sign-in and connected services. If you sign in with Google or connect an integration (for example, a video conferencing, calendar, design, or survey tool), we receive your basic account details and the access tokens needed to run the integration. We use data from Google APIs only to provide the connected feature and in line with the Google API Services User Data Policy, including its Limited Use requirements.

Payment providers. Our payment and payout providers send us confirmation and status data about payments and payouts. We do not store full card numbers.

4. Recordings, transcripts, and AI processing

This section matters most for participants. Read it before joining a study that involves audio or video.

Recording is automatic. All live video sessions on CleverX are recorded, including human-moderated interviews and AI-moderated interviews. AI-moderated interviews also capture your voice, and video where the study uses your camera. Unmoderated tests and video diaries record your screen, voice, and camera as the study specifies. Recordings are stored as video and audio files on our servers.

You will be asked to consent before a recorded session starts. If you do not consent, you cannot take part in that session. You can stop a session at any time; what was recorded up to that point is retained under Section 9 unless you ask us to delete it.

Observers. Members of the researcher's team may observe a live session, and observers may not be visible to you in the call. The researcher's team can also watch the recording afterward.

Transcription and AI processing. Recordings are transcribed automatically. Transcripts and recordings are processed by AI systems to moderate interviews, generate summaries, extract themes, and produce analysis for the researcher. This processing uses third-party transcription and AI model providers, listed on our Subprocessor List. AI outputs (summaries, labels, suggested skills or industries, embeddings used for matching) are stored alongside your data. We do not permit these providers to use your recordings or transcripts to train their models.

5. Why we use your data, and our legal bases

For people in the EEA, UK, or Switzerland, GDPR requires a lawful basis for each use. Here is the mapping.

PurposeData involvedLawful basis
Create and run your account; operate studies; deliver responses and recordings to the researcher; pay rewardsAccount, profile, study responses, recordings, payout dataContract (Art. 6(1)(b))
Record and transcribe audio/video sessionsRecordings, transcriptsConsent (Art. 6(1)(a)), collected before each recorded session. You can withdraw consent for future processing at any time
Verify participant identity and match participants to studies, including LinkedIn-sourced enrichmentProfile, enrichment dataLegitimate interests (Art. 6(1)(f)): keeping the panel real and relevant. You can object (Section 10)
Detect fraud, duplicate accounts, and abuse, including device fingerprintingDevice data, fingerprint, IP, usage patternsLegitimate interests (Art. 6(1)(f)). Balancing note: research integrity depends on real, unique participants; we limit this data to fraud and security uses, and it is not shown to researchers or used for marketing
Improve the product; analyticsUsage dataLegitimate interests (Art. 6(1)(f))
Send service emails and, with your permission where required, marketingContact detailsContract for service messages; consent or legitimate interests for marketing, with opt-out
Tax reporting on rewards, accounting, responding to lawful requestsPayout records, account dataLegal obligation (Art. 6(1)(c))

We do not seek out special-category data, and we discard sensitive fields (such as gender or date of birth) if enrichment providers include them. Where a researcher's study asks you sensitive questions (for example, health or demographic questions), answering is voluntary and that processing is based on your explicit consent given within the study.

6. What researchers see

If you participate in a study, the researcher running it receives:

  • your professional profile as shown on CleverX (including enrichment-derived fields)
  • your screener answers and study responses
  • recordings and transcripts of your sessions for that study, plus AI-generated summaries and analysis

Researchers do not receive your payout details, your device fingerprint, or your fraud-prevention data. Researchers agree to use participant data only for their research purposes, but once they receive it they are responsible for it under their own policies.

7. Who else we share data with

Service providers (subprocessors). We use third-party providers to run the platform, in these categories:

  • Hosting and storage (United States)
  • Video session infrastructure and recording
  • Transcription and AI model providers
  • Payment processing and reward payouts
  • Analytics and product improvement
  • Email, SMS, and customer support
  • Fraud prevention and device fingerprinting
  • Professional-profile data providers
  • External research panels

The current list of named providers is always at our Subprocessor List; we update that page when providers change. Each provider is bound by contract to process data only on our instructions.

Researchers, as described in Section 6.

Legal and safety. We disclose data when the law requires it, to enforce our terms, or to protect the rights and safety of users and others.

Business transfers. If we are acquired or merge, your data may transfer to the new owner under this policy's protections, and we will notify you.

We do not sell personal information. No one pays us for your data. Under some US state laws, using third-party analytics cookies can count as "sharing" personal information for cross-context advertising. To be safe and honest: our analytics tools receive usage data about you, and we treat opt-out requests as covering this (Section 11). We do not run advertising networks or ad targeting on personal data.

8. International transfers

Our servers are in the United States. We do not currently offer EU data residency. If you are in the EEA, UK, or Switzerland, your data is transferred to the US. We rely on the European Commission's Standard Contractual Clauses, with the UK Addendum and Swiss recognition where applicable, for these transfers.

9. How long we keep data

We keep personal data no longer than needed for the purposes in this policy, and we delete or de-identify it during periodic cleanups and whenever you ask us to. The periods below are maximums, not automatic guarantees — we may delete sooner.

DataRetention
Account and profile dataKept for the life of your account; after you close it, up to 12 months, then deleted during a cleanup or sooner on request
Recordings and transcriptsUntil the researcher deletes the study, or up to 24 months after study completion, whichever is sooner — then deleted during a cleanup or on request
Study responsesSame as recordings and transcripts
Fraud-prevention and fingerprint dataUp to 24 months from last activity
Payment and payout records7 years (tax and accounting law)
Analytics dataUp to 24 months (vendor-side retention)

What account deletion does today. When you delete your account, we close it: your email and public identifiers are replaced with an anonymized placeholder, so researchers and other users can no longer identify you. Your profile and study contributions are kept in this closed, anonymized state — and remain reversible if the deletion was a mistake — until they are permanently deleted (during a periodic cleanup, by our team, or when you ask us to erase specific data at sharekh@cleverx.com, which we honor where the law allows). Records we must keep (payments, fraud signals, legal holds) are retained in restricted form.

10. Your rights (EEA, UK, Switzerland)

You have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Correct inaccurate data (Art. 16)
  • Erase your data (Art. 17)
  • Restrict processing (Art. 18)
  • Portability: receive your data in a machine-readable format (Art. 20)
  • Object to processing based on legitimate interests, including enrichment and analytics (Art. 21)
  • Not be subject to solely automated decisions with significant effects, and to obtain human review (Art. 22, see Section 12)
  • Withdraw consent at any time, including consent to recording, without affecting past processing

To exercise these rights, email sharekh@cleverx.com. We respond within one month. You can also complain to your local supervisory authority.

11. Your rights (US states)

If you live in California, Colorado, Connecticut, Utah, Virginia, or another state with a comprehensive privacy law, you have the right to:

  • Know and access the personal information we collect about you
  • Delete it (see Section 9 for what deletion does)
  • Correct inaccurate information
  • Opt out of "sharing" or targeted-advertising uses. We honor the Global Privacy Control (GPC) browser signal as an opt-out.
  • Non-discrimination for exercising your rights
  • Appeal a refused request: reply to our decision and a different reviewer will reconsider within the timeline your state's law sets

California residents: the categories we collect are identifiers, professional and employment information, education information, commercial information, internet activity, approximate geolocation, audio and visual data (recordings), inferences, and characteristics of protected classifications only where you choose to provide them in a study. Sources, purposes, and recipients are as described in Sections 3 to 7. We do not sell personal information and we do not knowingly collect data from anyone under 18.

Submit requests to sharekh@cleverx.com or support@cleverx.com. We will verify your identity before acting.

12. Automated decision-making

We use automated fraud detection. Device fingerprinting links devices and accounts; accounts that match fraud patterns (for example, clusters of linked accounts, VPN or virtual-machine signals, or links to a banned account) may be automatically restricted or removed from studies. This can affect your ability to earn rewards.

If you are in the EEA or UK and an automated decision significantly affects you, you can request human review, express your point of view, and contest the decision. Email sharekh@cleverx.com. We extend the same review to all users on request.

13. Children

CleverX is for professionals aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has an account, contact us and we will delete it.

14. Cookies

We use cookies and similar technologies for sign-in, security, preferences, and analytics. Details, including how to manage them, are in our Cookie Policy at /cookie-policy.

15. Changes to this policy

We will post changes here and update the date at the top. For material changes, we will notify you by email or in the app before they take effect.

16. Contact us

  • Privacy requests: sharekh@cleverx.com
  • General support: support@cleverx.com
  • Mail: BluMatter, Inc., 131 Continental Drive, Suite 305, Newark, DE 19713