Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

We may collect the following types of information that you provide:

• Account details such as your name, email address, organisation name and role.
• Authentication data collected by Clerk — including email address, name, password (hashed and stored by Clerk only), phone number, multi-factor authentication information, OAuth identity information, device and session metadata, and IP addresses for fraud detection. Passwords, MFA information, OAuth tokens, device data, session data and IP addresses are processed and stored by Clerk only and are not accessible to Clairable. Your email address and name are also stored by Clairable in its own database for account management and communication purposes.
• Wizard inputs including descriptions of your business, processes, challenges, goals and other information you enter into the Service.
• Generated outputs such as AI generated summaries and suggested ideas created for you by Clairable.
• Feedback and communications such as support requests and messages you send to us.
• Marketing preferences — your marketing consent status. By default, marketing communications are set to opted out at account creation. We will not send you marketing communications unless you separately opt in. We do not currently have a mechanism for opting in, but we will notify you if and when that changes.

You should avoid providing sensitive information (for example health information or financial account numbers) unless it is strictly necessary and you are authorised to do so.

1.2 Information We Collect Automatically

When you use Clairable, we automatically collect certain information relating to your device and use of the Service, including:

• IP address and general location information;
• browser type and version;
• device type and operating system;
• pages visited, features used and time spent;
• referral source, such as the site you came from; and
• error logs and diagnostic information.

Our authentication provider, Clerk, also collects certain information automatically as part of its security and fraud-prevention processes, including device identifiers, IP address, timestamps, user agent information, session activity, approximate location and security or fraud detection markers.

1.3 Cookies, Pixels and Similar Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, understand usage and support advertising measurement. The technologies we use include:

• browser cookies;
• Google Tag Manager (GTM);
• Google Analytics 4 — for understanding how users engage with the Service;
• Meta Pixel — for measuring the performance of advertising on Meta platforms (Facebook and Instagram). Meta may receive information such as your IP address, browser details and pages visited. We do not share your wizard inputs or generated Outputs with Meta; and
• LinkedIn Insight Tag — for measuring the performance of advertising on LinkedIn. LinkedIn may receive information such as your IP address and browsing activity on the Service. We do not share your wizard inputs or generated Outputs with LinkedIn.

You can manage your cookie preferences through the cookie banner displayed when you first visit the Service. You can also control cookies through your browser settings, but disabling cookies may affect your ability to use some features of the Service. Withdrawing cookie consent does not affect the lawfulness of processing based on consent before withdrawal.

Manage Your Cookie Preferences

You can manage your cookie preferences below. Changes will take effect immediately and will be saved for future visits.

2. How We Use Personal Information

We may use personal information for the following purposes:

• to provide, operate and maintain Clairable;
• to authenticate your identity, manage your sessions and allow you to securely sign in through Clerk;
• to process your wizard inputs and generate AI powered Outputs and reports;
• to personalise your experience of the Service;
• to monitor, diagnose and fix technical issues and to improve the performance and usability of Clairable;
• to detect, prevent and address misuse, abuse or security incidents;
• to understand how users engage with Clairable and to inform product development and roadmap decisions;
• to communicate with you about the Service, including updates, changes and important notices; and
• to comply with our legal and regulatory obligations.

We do not send marketing communications unless you have separately opted in. We do not sell personal information.

2.1 Direct Marketing (APP 7)

We collect and hold your marketing preference as part of your account. At account creation, your preference is set to opted out by default. We will not use your personal information for direct marketing unless you have separately opted in.

When we introduce a marketing opt-in mechanism, you will be able to opt in through the Service. You will be able to opt out of any marketing communications at any time at no cost by contacting us at hello@clairable.com.au or using any unsubscribe mechanism we provide.

We will not use sensitive information for direct marketing purposes.

3. AI Providers and Other Service Providers

3.1 Anthropic and AI Processing

Clairable uses AI models provided by Anthropic, PBC ("Anthropic") to process Your Content and generate Outputs. Your wizard inputs and related context are sent to Anthropic for processing and the resulting outputs are returned to us.

Anthropic does not use data submitted through its API to train its models. Anthropic may temporarily retain inputs and outputs for trust and safety purposes in line with its published data usage policies.

3.2 Other Service Providers

We use other third party service providers to help us operate Clairable, including for:

• Authentication and account management (Clerk) — processes your authentication credentials, email address, name, profile information and organisation membership data. Passwords, MFA information, OAuth tokens, session data and IP addresses are stored by Clerk only and are not accessible to Clairable. Your email address and name are also stored by Clairable in its own database (Supabase) for account management and communication purposes. Your use of Clerk's authentication services is subject to Clerk's Privacy Policy;
• Hosting and infrastructure (Vercel);
• Database and object storage (Supabase);
• Analytics and usage monitoring (Google Analytics 4);
• Payment processing (Stripe) — see section 3.3 below; and
• Advertising and measurement (Meta Pixel and LinkedIn Insight Tag).

Clairable does not operate a separate email delivery service. Transactional emails are sent directly by Clerk (authentication notifications) and Stripe (payment receipts). We do not send marketing or operational emails through a third-party email platform at this time.

These providers may process personal information on our behalf. We take reasonable steps to ensure that they handle personal information in a manner consistent with applicable privacy laws and this Privacy Policy.

We do not share your wizard inputs or Clairable Outputs with Meta or LinkedIn.

Key subprocessors: Supabase (database, storage), Vercel (hosting), Anthropic (AI processing), Stripe (payments and payment receipts), Google (analytics), Meta (advertising pixel), LinkedIn (insight tag), and Clerk (authentication and authentication notifications).

3.3 Payment Processing (Stripe)

Payments for paid features are processed by Stripe, Inc. ("Stripe"), a third-party payment processor. When you make a purchase, you are redirected to a Stripe-hosted checkout page. Clairable does not collect, store or have access to your payment card number, CVV, or full billing address.

We receive from Stripe a confirmation of payment status, a transaction reference, and the email address used at checkout. We retain this information to fulfil your purchase and for our tax and accounting obligations. Stripe's handling of your personal information is governed by Stripe's Privacy Policy.

4. Legal Basis for Processing

Where the General Data Protection Regulation (GDPR) or similar laws apply, we rely on one or more of the following legal bases to process personal information:

• Contract — to provide the Service and perform our agreement with you;
• Legitimate interests — such as operating, improving and securing the Service and communicating with you about it;
• Consent — where you have given consent, for example for certain cookies or future marketing communications; and
• Legal obligations — where processing is required to comply with law.

5. Storage, Security and Retention

5.1 Storage and Security

We store personal information in systems we control and in systems provided by our trusted service providers. We use reasonable technical and organisational measures to protect personal information, including encryption in transit, access controls and row level security on our database.

We rely on Clerk to securely store authentication credentials. We do not have access to your password or multi-factor authentication information.

No system is completely secure. We cannot guarantee absolute security of your information and encourage you to use strong passwords, protect your devices and notify us promptly if you suspect any unauthorised access.

5.2 Retention and Deletion

We retain personal information for as long as necessary to provide the Service and to fulfil the purposes set out in this Privacy Policy, or as required by law.

Account deletion: When you delete your Clairable account through the account settings in the Service, your account data and user-generated content (including wizard inputs and Outputs) is deleted immediately. You do not need to contact us to delete your account.

Statutory retention: Notwithstanding immediate deletion of account content, we are required by law to retain certain financial and transactional records for a minimum period. Under the Income Tax Assessment Act 1997 (Cth) and related ATO requirements, financial records must generally be retained for five years. Under the Corporations Act 2001 (Cth), certain records must be retained for seven years. Records retained under these obligations include subscription history, credit purchase records, and AI usage audit logs (records of which AI features were used and how many credits were consumed), as these form part of our billing and financial audit trail. These records do not include your wizard inputs or generated Outputs.

Subscription cancellation: If you cancel your subscription rather than delete your account, you retain access to the Service and your data. Your subscription credits cease to be provisioned at the end of the billing period but your account data remains intact. You can delete your account at any time through the account settings.

We may retain aggregated or de-identified information for longer periods. This information does not identify you.

6. International Transfers

Some of our service providers are located outside Australia. This means personal information may be transferred to or stored in other countries, including the United States and countries in the European Union.

We take reasonable steps to ensure that overseas recipients handle personal information in a way that provides comparable protections to the Australian Privacy Principles and, where applicable, the GDPR. Where we transfer personal information overseas, we do so in accordance with APP 8.

7. Disclosure of Information

We may disclose personal information to third parties in the following circumstances:

• to our service providers and related entities that support the Service;
• to Clerk, for the purposes of authentication, identity management and session management;
• to your Organisation administrator, if you use Clairable under an Organisation account — specifically, your idea sessions, in-progress use cases, and generated reports may be visible to your Organisation administrator;
• to comply with legal obligations, court orders or requests from regulators or law enforcement;
• to protect the safety, rights or property of our users, the public or us;
• to investigate and address misuse, security incidents or suspected unlawful activity; or
• with your consent or at your direction.

8. Data Breach Notification

We take data security seriously and have implemented reasonable measures to protect personal information from loss, misuse, unauthorised access, disclosure, alteration and destruction.

If we become aware of a data breach that is likely to result in serious harm to you, we will comply with our obligations under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988 (Cth). This means we will:

• notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable after we become aware of an eligible data breach; and
• notify affected individuals whose personal information was involved in the breach, where we are required to do so.

Notifications to affected individuals will be made directly where we hold contact details, or via a public statement where direct notification is not reasonably practicable.

If you believe your personal information may have been involved in a data breach, please contact us immediately at hello@clairable.com.au.

9. Aggregated and De-identified Data

We may use Your Content, Outputs and usage data to create aggregated and de-identified information, such as statistics about common AI use cases or industry trends. This information does not identify you or your organisation.

We may use and share aggregated and de-identified information for research, education, marketing or product development.

10. Your Rights and Choices

Depending on your location and applicable law, you may have the right to:

• request access to the personal information we hold about you and receive a copy of it (APP 12);
• request correction of personal information that is inaccurate, out of date or incomplete (APP 13);
• request deletion of your personal information;
• object to certain types of processing or request that we restrict processing;
• receive personal information in a portable format where technically feasible; and
• withdraw consent where processing is based on your consent.

To exercise these rights, please contact us using the details below. We may need to verify your identity before responding to your request.

Account deletion: You can delete your Clairable account and associated personal information directly through the account settings in the Service at any time. Deletion of account data is immediate. We retain certain financial records as required by law — see section 5.2.

Authentication account: Deleting your Clairable account does not automatically delete your Clerk identity, which is managed separately by Clerk. To delete your Clerk authentication account, use Clerk's account management tools accessible via the user profile section of Clairable, or contact us for assistance.

You can opt out of any future marketing communications at any time at no cost by contacting us at hello@clairable.com.au.

11. Children

Clairable is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us so that we can take appropriate steps to delete it.

12. Third Party Sites

The Service may contain links to third party websites or services that we do not control. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third party sites and services and encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the Last Updated date at the top of this page and may provide notice in the Service or by email.

Your continued use of Clairable after any changes take effect will indicate your acceptance of the updated Privacy Policy.

14. Contact and Complaints

If you have any questions or concerns about this Privacy Policy, how we handle personal information, or if you wish to exercise your rights or make a complaint, please contact us at:

Email: hello@clairable.com.au
Website: www.clairable.com.au/contact

We will respond to complaints as soon as reasonably practicable and within 30 days. If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.