1. Data Controller
TL;DRClario.ai (Düsseldorf) decides why and how we use your data. Full registered address on our Imprint page.
The data controller responsible for the processing of your personal data is Clario.ai. Our registered office and statutory representative are published on our Imprint page (§ 5 TMG).
Data-protection enquiries: write to privacy@myclario.app. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and — where applicable — the California Consumer Privacy Act (CCPA) as amended by the CPRA.
2. Data We Collect
TL;DRYour email + name, the documents you upload, anonymised usage data, and the subscription status returned by Stripe. Nothing else.
2.1 Account & Authentication
Email, display name, and authentication credentials. If you sign in via Google, Apple, or Microsoft, we receive only your name and email from that provider — never your third-party password.
2.2 Documents & Content
Uploaded files plus derived artefacts: extracted text (OCR), document metadata (filename, size, type, upload date), AI-generated summaries and classifications, vector embeddings used to search your own library, and extracted entities such as deadlines, amounts, and counterparties.
2.3 Usage & Analytics
Anonymised behavioural data — pages visited, features used, session duration, device class, browser, interaction patterns. Processed by PostHog (EU-hosted). We do not use Google Analytics or any ad-tech tracker.
2.4 Payment
Payment processing is handled entirely by Stripe. We never see your card number, CVV, or banking credentials. We retain only your subscription status, plan tier, and Stripe customer ID.
2.5 Support Correspondence
Any email or in-app message you send to support is retained to resolve your enquiry and improve the Service. Marked tickets are purged 24 months after resolution.
3. Legal Bases for Processing (Art. 6 GDPR)
TL;DRSix purposes, four legal bases. AI processing always runs on your consent — you can withdraw it from Settings > Privacy at any time.
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract performance — Art. 6(1)(b) |
| AI document processing | Consent — Art. 6(1)(a) |
| Payment processing | Contract performance — Art. 6(1)(b) |
| Analytics & product improvement | Legitimate interest — Art. 6(1)(f) |
| Security & fraud prevention | Legitimate interest — Art. 6(1)(f) |
| Legal & tax compliance | Legal obligation — Art. 6(1)(c) |
4. AI Processing & Sub-Processors
TL;DRDocument content flows through OpenAI, DeepL, and Cohere for OCR, summarising, translating, and ranking. Contractually never used to train their models. Full live list at Sub-Processors.
4.1 How AI Processing Works. Uploaded documents pass through our pipeline — text extraction (OCR), classification, summarisation, translation, embedding generation. Each step may send document content to an AI provider.
4.2 Sub-Processors. The current list is maintained as a single source of truth at /legal/sub-processors and includes OpenAI (analysis), DeepL (translation), Cohere (re-ranking), Qdrant Cloud (vector search), Supabase (auth + storage), Railway (hosting), Redis/Upstash (queues + cache), PostHog (analytics), Stripe (payments), and Postmark (transactional email).
4.3 Training Carve-Out. Every AI sub-processor is bound by a Data Processing Agreement that prohibits using your content to train their models.
4.4 Consent & Opt-Out. AI processing runs on your consent. Withdraw it from Settings > Privacy. Opting out disables automated analysis while preserving raw document storage.
5. Automated Decision-Making (Art. 22 GDPR)
TL;DROur AI suggests deadlines, classifications, and next actions. None of these decisions are final — you always confirm before money or messages move.
Clario uses automated processing to classify documents, extract deadlines, surface suggested actions, and route reminders. Under Article 22 GDPR you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
5.1 Always Human-In-The-Loop. All materially significant actions — filing a claim, sending a reply, paying an invoice, sharing a document externally — require an explicit confirmation from you before execution. Our AI prepares; you decide.
5.2 Right to Review. If you believe a classification, deadline, or suggested action is wrong, you may request manual review by writing to privacy@myclario.app. We respond within 30 days.
5.3 EU AI Act Alignment. Clario does not operate any system listed as prohibited under Article 5 of Regulation (EU) 2024/1689 (EU AI Act). Where individual features fall under the obligations of limited-risk AI systems, we provide the disclosures and human-oversight controls required by Article 50.
6. Storage, Security & International Transfers
TL;DRData lives in the EU. Encrypted in transit (TLS 1.2+) and at rest. Strict tenant isolation — no user can ever see another user's documents.
6.1 Infrastructure. Primary data resides on EU servers:
- PostgreSQL (Railway, EU region) — account & document metadata
- Object storage — original document files, encrypted at rest
- Qdrant vector database (EU region) — embeddings for search
- Redis / Upstash (EU region) — job queue and short-lived processing cache
6.2 Encryption. All transport uses TLS 1.2 or higher. Sensitive payloads are encrypted at rest. Authentication tokens are stored in HTTP-only cookies with strict same-site policies.
6.3 Tenant Isolation. Every relational query and vector lookup is server-side scoped to your user ID. No client-supplied ID is ever trusted.
6.4 International Transfers. When a sub-processor (e.g., OpenAI, Postmark) processes data outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) per Chapter V of the GDPR. A current Transfer Impact Assessment summary is available on request.
7. Data Breach Notification (Art. 33 & 34)
TL;DRIf a breach risks you, we notify the supervisory authority within 72 hours and email affected users without undue delay.
If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware (Art. 33 GDPR). Where the breach is likely to result in a high risk to your rights, we will notify you directly without undue delay (Art. 34 GDPR), describing the nature of the breach, likely consequences, and measures taken or proposed.
Security incidents and post-mortems are tracked internally; high-impact public incidents are published on our status page once remediation is complete.
8. Your Rights Under GDPR
TL;DRSeven rights, one place to exercise them: Settings > Privacy in-app, or write to privacy@myclario.app. We respond within 30 days.
- Access (Art. 15) — request a copy of all personal data we hold about you.
- Rectification (Art. 16) — correct inaccurate or incomplete data.
- Erasure (Art. 17) — delete your account and all associated data ("right to be forgotten").
- Portability (Art. 20) — export your data in a structured, machine-readable format (JSON / CSV).
- Restriction (Art. 18) — request temporary restriction of processing.
- Object (Art. 21) — object to processing based on legitimate interest.
- Withdraw Consent (Art. 7(3)) — withdraw consent for AI processing at any time, without affecting prior lawfulness.
Exercise any of these from Settings > Privacy in the app, or write to privacy@myclario.app. We respond within 30 days. You also have the right to lodge a complaint with a supervisory authority. Because the operator is based in Düsseldorf, the competent authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW). If you reside in another EU member state, you may instead lodge your complaint with the supervisory authority of your habitual residence.
9. California (CCPA / CPRA) Rights
TL;DRIf you live in California: you can know, delete, correct, limit, and opt out — and we never sell your data.
California residents have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to Know — what categories of personal information we collect, the sources, purposes, and third parties.
- Right to Delete — request deletion of personal information we hold about you.
- Right to Correct — request correction of inaccurate personal information.
- Right to Limit Use of Sensitive PI — restrict use to that which is necessary to provide the service.
- Right to Opt Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioural advertising. No opt-out is required; the toggle is provided for completeness.
- Right to Non-Discrimination — we will never charge you a different price or provide a different quality of service for exercising these rights.
Submit a verifiable consumer request to privacy@myclario.app. Authorised agents may submit on your behalf with written authorisation.
10. Data Retention
TL;DRWhile your account is active. After deletion: 30 days for primary data, 90 days for backups. Tax records up to 10 years, as German law requires.
10.1 Active Accounts. Personal data and documents are retained for as long as your account is active and required to provide the Service.
10.2 Account Deletion. On deletion, all personal data, documents, summaries, embeddings, and extracted entities are permanently purged within 30 days. Disaster-recovery backups are purged within 90 days.
10.3 Legal Retention. Records that must be kept by law (e.g., invoices for 10 years under § 147 AO, audit logs for security compliance) are retained for the statutory period and then deleted.
10.4 Anonymised Data. Fully anonymised aggregate analytics — not linkable to any individual — may be retained indefinitely for product improvement.
12. Third-Party Services
TL;DRWe maintain a live list of every sub-processor — names, purposes, locations, DPA status — at /legal/sub-processors.
Listing third parties inside a privacy policy goes stale fast. Our authoritative, live sub-processor inventory lives at /legal/sub-processors. Material changes (new sub-processor, change of location) are notified to registered users at least 30 days in advance, giving you time to object before the change takes effect.
Every sub-processor is bound by a Data Processing Agreement (DPA) compliant with Art. 28 GDPR.
13. Children's Privacy
TL;DRFor users 18+ only. We never knowingly collect data from minors.
The Service is intended for users aged 18 or older. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it immediately.
14. Changes to This Policy
TL;DRMaterial changes: 30-day email notice. Cosmetic edits: change-log entry only.
We may update this Privacy Policy from time to time. Material changes are communicated by email or in-app notification at least 30 days before they take effect. Cosmetic edits (typos, formatting, broken links) are reflected in the change log below.
15. Contact & Data Protection Officer
TL;DROne inbox: privacy@myclario.app. Postal address on the Imprint.
Data Protection Officer — Clario.ai
Email: privacy@myclario.app
Registered office: see Imprint
16. Change Log
TL;DREvery revision recorded. If anything is unclear, ask us before agreeing — the door is open.
- May 17, 2026 — v2.0. Added sections on Automated Decision-Making (Art. 22), Data Breach Notification (Art. 33/34), and California (CCPA / CPRA) Rights. Added plain-language summaries, anchor-linked table of contents, reading-time estimate. Replaced placeholder postal address with a single link to the Imprint. Sub-processor list externalised to /legal/sub-processors as the live source of truth. EU AI Act alignment statement added.
- March 27, 2026 — v1.0. Initial GDPR Privacy Policy.
Contact us
Each topic has a dedicated inbox so we can route your request to the right person.
- General questions: support@myclario.app
- Privacy & data protection: privacy@myclario.app
- Legal & terms: legal@myclario.app
- Security incidents: security@myclario.app
- Illegal-content reports (DSA): abuse@myclario.app