1. Data Controller
Clarify Platform is the data controller responsible for your personal data. For data protection inquiries, contact our Data Protection Officer at privacy@clarifyplatform.online.
This Privacy Policy applies to all services offered by Clarify and is designed to comply with:
- General Data Protection Regulation (GDPR) — EU Regulation 2016/679
- California Consumer Privacy Act (CCPA) — California Civil Code §§ 1798.100-1798.199
- California Privacy Rights Act (CPRA) — Amendments effective January 1, 2023
- UK GDPR — UK Data Protection Act 2018
- Other applicable privacy laws in jurisdictions where we operate
2. Data We Collect
2.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Data | Name, email address, password (hashed) | Account creation, authentication, communication |
| Uploaded Content | Emails, attachments, supporting documents | Analysis and report generation |
| Context Information | Analysis goals, background context you provide | Tailored report generation |
| Payment Data | Billing name, payment confirmation (processed by Stripe) | Transaction processing |
| Communications | Support emails, feedback | Customer support, service improvement |
2.2 Automatically Collected Data
| Data Type | Examples | Purpose |
|---|---|---|
| Technical Data | IP address, browser type, device information | Security, fraud prevention, service optimization |
| Usage Data | Pages visited, features used, timestamps | Service improvement, analytics |
| Log Data | Error logs, access logs, job processing metadata | Troubleshooting, security monitoring |
3. How We Use Your Data
We process your personal data for the following purposes:
- Service Delivery: Processing uploaded content, generating reports, delivering results
- Account Management: Creating and managing your account, authentication
- Payment Processing: Processing transactions, billing, refund handling
- Communication: Sending service notifications, responding to support requests
- Security: Protecting against fraud, abuse, and security threats
- Legal Compliance: Meeting legal obligations, responding to legal requests
- Service Improvement: Analyzing usage patterns, improving features (aggregated/anonymized)
4. Legal Bases for Processing (GDPR)
Under the GDPR, we process personal data on the following legal bases:
- Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you requested
- Legitimate Interests (Art. 6(1)(f)): Security, fraud prevention, service improvement (balanced against your rights)
- Legal Obligation (Art. 6(1)(c)): Compliance with laws, regulations, and legal processes
- Consent (Art. 6(1)(a)): Where specifically requested (e.g., marketing communications)
5. Third-Party Services
We share data with the following categories of third parties:
5.1 AI Processing Providers
Portions of uploaded content may be sent to AI inference providers (such as OpenAI, Anthropic, or similar) solely for analysis and report generation. We minimize data sharing and do not permit these providers to use your data for training purposes.
5.2 Payment Processors
Payments are processed by Stripe, Inc. (PCI-DSS Level 1 certified). We receive payment confirmation and limited billing data but never store complete payment card numbers. See Stripe's privacy policy at stripe.com/privacy.
5.3 Infrastructure Providers
We use cloud infrastructure providers (such as AWS, Google Cloud, or similar) for hosting and data storage. These providers process data on our behalf under data processing agreements.
6. Data Retention
| Data Type | Retention Period | Rationale |
|---|---|---|
| Uploaded Content | Deleted after report delivery (typically within 24-72 hours) | Privacy by design |
| Generated Reports | Available for 30 days, then deleted | Reasonable access period |
| Account Data | Until account deletion + 30 days | Service provision |
| Transaction Records | 7 years | Tax/accounting compliance |
| Security Logs | 90 days | Security incident investigation |
7. Your Rights
Under applicable data protection laws, you have the following rights:
To exercise these rights, contact us at privacy@clarifyplatform.online. We will respond within 30 days (or as required by law). You also have the right to lodge a complaint with your local data protection authority.
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of personal information collected, used, or disclosed
- Right to Delete: Request deletion of personal information (with exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: Opt-out of "sale" or "sharing" of personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising these rights
9. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data from the EEA, UK, or Switzerland, we implement appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all third-party processors
- EU-US Data Privacy Framework certification (where applicable)
- Additional technical and organizational measures to ensure adequate protection
10. Data Security
We implement industry-standard security measures including:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access, multi-factor authentication for administrators
- Infrastructure: Secure cloud hosting with SOC 2 Type II certified providers
- Monitoring: 24/7 security monitoring, intrusion detection, audit logging
- Password Security: Bcrypt hashing with appropriate cost factor
- Regular Audits: Periodic security assessments and penetration testing
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
11. Cookies & Tracking Technologies
11.1 Essential Cookies
We use strictly necessary cookies for:
- Session management and authentication
- Security token storage (CSRF protection)
- User preference storage (theme settings)
11.2 Analytics
We may use privacy-respecting analytics to understand usage patterns. If implemented, analytics will be configured to:
- Anonymize IP addresses
- Not track across websites
- Respect Do Not Track browser settings
12. Children's Privacy
Clarify is not intended for use by individuals under 18 years of age (or the applicable age of majority). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@clarifyplatform.online and we will promptly delete such data.
13. Policy Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via:
- Email notification to the address associated with your account
- Prominent notice on our Service
- Update to the "Last Updated" date at the top of this policy
Continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
For privacy-related questions, data subject requests, or complaints:
- Email: privacy@clarifyplatform.online
- General Support: support@clarifyplatform.online
- Company: Clarify Platform
We aim to respond to all legitimate requests within 30 days. For complex requests, we may require up to 60 days, in which case we will inform you of the extension.