Privacy Policy

1. What We Collect

Account data: Your email address and authentication session. We do not collect your name unless you provide it.

Connected data sources: When you connect Stripe, Google Analytics, PostHog, Mixpanel, Search Console, or GitHub, we store encrypted API keys or OAuth tokens. We access your data in read-only mode to generate metrics and daily briefs.

Usage data: We use Mixpanel to track product usage (page views, feature interactions). Session replay may be enabled to improve the product experience. No passwords or payment card numbers are ever tracked.

Payment data: Payments are processed by Polar.sh. We do not store your credit card information.

2. How We Use Your Data

• Generate daily briefs and anomaly alerts from your connected data sources
• Power the AI floatbar ("Ask ClarityFeed") with context about your business metrics
• Track goal progress and send notifications
• Improve the product based on aggregated, anonymized usage patterns
• Send transactional emails (daily briefs, magic link authentication)

3. Data Security

API keys and OAuth tokens are encrypted at rest using AES-256-GCM. Encryption keys are stored separately from the database.

All data is transmitted over HTTPS/TLS. Our infrastructure runs on Hetzner VPS with access restricted to SSH key authentication.

We do not sell, rent, or share your business data with third parties. Your Stripe revenue, analytics data, and GitHub activity are yours alone.

4. AI Processing

Your business metrics are sent to Anthropic's Claude API to generate daily briefs and answer floatbar queries. This data is processed per Anthropic's API terms and is not used to train their models.

We send only aggregated metric values and anonymized event descriptions to the AI. Raw customer names, emails, or payment details from your connected sources are never included in AI prompts.

5. Data Retention

Metric snapshots are retained for up to 1 year (depending on your plan). Daily briefs are stored indefinitely unless you delete them.

When you disconnect a data source, we stop syncing but retain historical data. When you delete your account, all data is permanently deleted within 30 days.

6. Your Rights

• Access: View all data we hold about you via the dashboard and settings
• Delete: Delete your account and all associated data at any time from Settings
• Disconnect: Revoke access to any data source at any time from Sources
• Export: Request a full export of your data by contacting us

7. Cookies

We use a session cookie for authentication (required) and Mixpanel's localStorage persistence for analytics (optional). We do not use advertising cookies or third-party trackers beyond Mixpanel.