ClarpaClarpaBack to home

Privacy Policy

Last updated: 31 May 2026

This Privacy Policy explains how Clarpa ("Clarpa", "we", "us") processes personal data when you use our website and services at clarpa.io. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR).

1. Data controller

The data controller responsible for your personal data is:

2. Personal data we collect

Depending on how you use Clarpa, we may process the following categories of data:

Account data

  • Email address
  • Name (if provided)
  • Authentication identifiers and session data
  • Sign-in method (email, Google, or other enabled providers)

Project brief data

  • Raw client messages and inputs you submit
  • Audio files you upload for transcription (processed and not permanently stored as audio unless required for the service)
  • AI-generated brief content (summaries, deliverables, tasks, boundaries, risk warnings)
  • Client name and email associated with a brief (if you provide them)
  • Brief status, approval timestamps, and public approval tokens

Technical and usage data

  • IP address and browser/device information (via our hosting and authentication providers)
  • Log data related to security, errors, and service operation
  • Theme preference stored locally in your browser
  • Cookie consent preference

3. How we use your data and legal bases

We process personal data only where we have a lawful basis under GDPR Article 6:

  • Contract (Art. 6(1)(b)) — to provide the Clarpa service, create and manage your account, generate and store briefs, and enable client approval flows.
  • Legitimate interests (Art. 6(1)(f)) — to maintain security, prevent abuse, improve reliability, and protect our legal rights, balanced against your rights and freedoms.
  • Consent (Art. 6(1)(a)) — where required, such as for optional cookies or marketing communications if we introduce them in the future. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — where we must comply with applicable law.

4. AI processing

When you submit text or audio, we send that content to third-party AI providers to generate structured briefs. AI output may be inaccurate or incomplete. You are responsible for reviewing all generated content before sharing it with clients or relying on it professionally.

We do not use your brief content to train our own models. Third-party AI providers may process data according to their own terms — see Section 5.

5. Third-party processors

We use trusted service providers who process data on our behalf under data processing agreements where required:

  • Clerk — authentication, user management, and security (may involve transfers outside the EEA with appropriate safeguards)
  • Vercel — website hosting and infrastructure
  • Supabase (PostgreSQL) — database storage for accounts and briefs
  • OpenRouter — AI text generation and related processing
  • Resend — transactional email delivery (e.g. approval notifications)
  • Google — optional sign-in via Google OAuth (only if you choose this method)

These providers may process data in the United States or other countries. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or equivalent mechanisms provided by our vendors.

6. Public approval links

When you share a brief approval link with a client, anyone with that link may view the brief content you chose to share. Public approval pages do not require the client to create an account. Do not include sensitive personal data in briefs unless necessary and appropriate for your client relationship.

7. Data retention

  • Account data — retained while your account is active and for a reasonable period thereafter to comply with legal obligations or resolve disputes.
  • Brief data — retained until you delete the brief or your account, unless longer retention is required by law.
  • Logs — retained for a limited period for security and troubleshooting.

You may request deletion of your data at any time (see Section 8). Some data may be retained where we have a legal obligation or legitimate interest to do so.

8. Your rights under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request that we limit processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent

To exercise your rights, contact us at privacy@clarpa.io. We will respond within one month, as required by GDPR.

You also have the right to lodge a complaint with your local data protection supervisory authority in the European Economic Area. A list of authorities is available from the European Data Protection Board: edpb.europa.eu.

9. Cookies and similar technologies

We use cookies and local storage for essential functionality. We do not currently use analytics or advertising cookies. For details, see our Cookie Policy.

10. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (HTTPS), access controls, and secure authentication. No method of transmission over the Internet is 100% secure.

11. Children

Clarpa is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Material changes may also be communicated by email or in-app notice where appropriate.

13. Contact

For privacy-related questions or to exercise your rights, contact: privacy@clarpa.io