1. Overview
This Privacy Policy explains how Clarity ("we", "our", "us") collects, uses, stores, shares, and protects personal data when you use our browser extension, website, dashboard, checkout pages, and related services (collectively, the "Service").
The policy is intended for users in the United States, Europe, and other regions where Clarity is available. If local law grants additional rights, those rights remain applicable.
2. Scope and Controller
Clarity acts as the data controller for account, product usage, and website data described in this policy. For payment transactions, Paddle acts as merchant of record and processes payment data under Paddle's legal terms.
3. Data We Collect
- Account information: email, UID, auth provider, display name, and avatar (if available).
- Plan and billing metadata: subscription status, plan type, transaction references, renewal events.
- Operational telemetry: timestamps, latency, extension version, request outcomes, and error codes.
- Anti-abuse signals: rate-limit triggers, suspicious traffic indicators, and unusual usage patterns.
- User-submitted content: text and custom prompts you explicitly send for AI processing.
- Support communications: emails and troubleshooting details sent to support.
4. Chrome Extension Data Disclosure
To align with Chrome Web Store requirements, we process only data required to deliver requested features. We do not sell personal data and do not use browsing data for advertising.
- Data is used for rewriting, translation, auth, billing, fraud prevention, and product reliability.
- Data is not sold or transferred to data brokers.
- Data is not used for personalized advertising.
- Content is processed only when you explicitly trigger Clarity actions.
5. How We Use Data
- Provide and maintain Service functionality.
- Authenticate sessions and secure account access.
- Operate subscriptions, billing, and plan entitlement checks.
- Apply stability controls such as limits, queueing, and request safeguards.
- Detect abuse, fraud, and attempts to bypass system controls.
- Monitor service quality, diagnose incidents, and improve reliability.
- Comply with legal obligations and enforce Terms of Service.
6. AI Processing and Training
When you request AI output, your submitted text is processed by our backend and integrated model providers solely to generate your requested response.
By default, Clarity does not use user-submitted text for training or fine-tuning foundation models. We may use anonymized and aggregated technical metrics (for example, latency and error classes) to improve reliability, abuse prevention, and infrastructure performance.
If this default training policy changes, we will publish an update to this page before such change takes effect.
7. Legal Bases (EEA/UK/CH)
Where GDPR or equivalent law applies, we process personal data on one or more of these legal bases:
- Performance of contract: to deliver requested Service features.
- Legitimate interests: security, anti-abuse, diagnostics, and reliability improvements.
- Consent: analytics cookies or other processing that requires consent.
- Legal obligation: where processing is required by law or lawful request.
9. Payments (Paddle)
Paid checkouts, invoices, taxes, and payment method handling are processed by Paddle as merchant of record. Paddle's processing is governed by its own legal terms.
Paddle references: Privacy Policy and Terms.
11. International Transfers
Depending on your location and processing path, data may be handled in multiple jurisdictions. Where required, we apply appropriate safeguards for cross-border transfers.
12. Retention and Deletion
- Billing and tax records: up to 7 years when legally required.
- Operational logs and anti-abuse telemetry: typically up to 90 days before rotation or aggregation.
- Account metadata: while account is active plus limited legal/security retention after closure.
- Submitted text: processed to provide requested output; not retained for model training by default.
You may request deletion at hello@clarityext.com. After verification, deletion is usually completed within 30 days unless retention is required by law.
13. Security and Incidents
We implement technical and organizational safeguards including access controls and encryption in transit. No system can guarantee absolute security.
For incidents requiring legal notification, we notify authorities and/or affected users within timelines required by applicable law.
14. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access, correct, or delete personal data.
- Object to or restrict certain processing.
- Request data portability where available.
- Withdraw consent where processing is based on consent.
To submit a request, contact hello@clarityext.com from your account email.
15. DPA for Business Customers
Business customers can request a Data Processing Addendum (DPA) covering GDPR-oriented processor obligations, subprocessors, transfer safeguards, and data subject request workflows.
DPA request: hello@clarityext.com
Template download: Clarity DPA Template (PDF)
16. Children
The Service is not intended for children under 18 (or the age of digital consent in your jurisdiction), and we do not knowingly collect personal data from children.
17. Policy Changes
We may update this Privacy Policy to reflect legal, operational, or product changes. The updated version becomes effective when published with a revised "Last updated" date.
18. Contact
Privacy and data requests: hello@clarityext.com
Tashkent, Uzbekistan