Privacy Policy

1 Who this applies to

This policy covers personal information we process about visitors to our website, people who contact us, and the operators, administrators, and end users of customer organizations that license our software.

When we process personal information on behalf of a customer organization — inside the deployed software — we act as a processor and the customer is the controller. The terms of that processing are set out in our Data Processing Agreement.

2 Information we collect

You give us. Name, business email, company, and anything you include in a message or booking request. If you apply for a role, the contents of your application.

We collect automatically. Standard server and browser metadata when you visit the site: IP address, user agent, referring page, pages requested, and timestamps. We use only essential cookies and limited first-party analytics necessary to operate and improve the site. We do not use advertising trackers.

Customer data inside the product. Content provided by a customer organization through the deployed software is governed by the agreement with that customer, not by this policy. See the DPA for details.

3 How we use it

• To respond to inquiries, run sales conversations, and schedule calls.
• To deliver, support, and improve the software you license from us.
• To send service announcements (these are not marketing emails).
• To meet legal, accounting, and security obligations.
• To detect and prevent abuse, fraud, and unauthorized access.

We do not sell personal information, and we do not use customer data to train third-party models. Our standard inference contracts include zero-retention terms with our model providers.

4 When we share it

With sub-processors who help us operate the service, under written contracts that require equivalent security and confidentiality (see Section 5). With professional advisors (lawyers, auditors, accountants) under duties of confidentiality. With authorities where we are legally required to. In connection with a corporate transaction (merger, acquisition, financing), under appropriate safeguards.

5 Sub-processors

We work primarily with established US-based infrastructure and business-tooling providers. The current list is maintained in our DPA and reproduced below. We notify customers in advance of material changes through the channel set out in their order form or DPA.

• Amazon Web Services (AWS)— United States. Part of the service offering: cloud infrastructure, hosting, storage, application services, logging, support tooling, and transactional email delivery for the deployed software.
• Google Workspace— United States. Internal tooling: authentication, email, document collaboration, and operational communications. May process customer or prospect contact information and support-related communications.
• OpenAI— United States. Used internally by Clarity personnel for internal business and software-development tooling — research, documentation, and productivity work. Customer data is not intentionally submitted to OpenAI in the course of normal operations.
• Anthropic Claude— United States. Used internally by Clarity personnel for internal business and software-development tooling — research, documentation, and productivity work. Customer data is not intentionally submitted to Anthropic in the course of normal operations.

6 How long we keep it

We retain personal information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention windows: 90 days for server logs, the duration of the customer relationship plus 12 months for account records, and seven years for tax and accounting records as required by US law.

7 Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent where we rely on it. California residents have additional rights under the CCPA/CPRA, including the right to know what we collect, to delete it, to correct inaccuracies, and to opt out of any sale or sharing (we do not sell or share personal information for cross-context behavioral advertising).

To exercise any of these rights, email privacy@gainclarity.ai. We will respond within 30 days and may need to verify your identity before acting.

8 International transfers

Our infrastructure and our team are based in the United States. If you are outside the US, your information will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

9 Security

We maintain administrative, technical, and physical safeguards designed to protect personal information. Our SOC 2 Type II readiness program is underway — the control framework is being implemented, with auditor engagement to follow. Additional operational security documentation and deployment controls are available under NDA. No system is perfectly secure — if you discover a vulnerability, please report it to security@gainclarity.ai.

10 Children

Our products and website are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11 Changes to this policy

We may update this policy from time to time. Material changes will be flagged at the top of this page and, for customers, communicated through the channel set out in their agreement. The “last updated” date above always reflects the current version.

12 Contact

Privacy questions and rights requests: privacy@gainclarity.ai. Security disclosures: security@gainclarity.ai. Anything else: hello@gainclarity.ai.

Codewerx LLC, DBA Clarity AI