Privacy Policy

Last Updated: 04-11-2025

IMPORTANT LEGAL NOTICE: This Privacy Policy explains how Clarevis ("Clarevis," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our project management service ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

This policy is a starting point and not legal advice. You must consult with a legal professional to ensure full compliance with laws like GDPR, CCPA, and others applicable to your users.

1. Introduction

We are committed to protecting your privacy. This policy details our practices concerning your Personal Data. "Personal Data" means any information that relates to an identified or identifiable individual.

2. Information We Collect

We collect information in the following ways:

A. Information You Provide Directly:

Account Information: When you sign up, we collect your full name, email address, password, and optionally your date of birth, company name, job title, and other contact info.

User-Generated Content (UGC): We collect all data you create within the Service, including:

  • Project details, task descriptions, and sub-tasks.
  • Files (Assets): For enhanced security and to give you full control over your largest files, we handle file uploads in two ways. Files up to 30MB are stored on our secure servers (via Supabase). Files larger than 30MB are uploaded directly to your own connected Google Drive account, meaning they are not stored on our servers at all.
  • Comments you post on assets, which may include @mentions.
  • Messages you send in both "Client Chat" and "Team Chat."
  • Personal notes you create in the "My Notes" widget.

Payment Information: When you subscribe to a paid plan, our payment processor, Dodo Payment, collects your payment information. We do not receive or store your full credit card details. We only receive a confirmation of payment, your plan details, and a customer ID (billing_provider_id) to manage your subscription.

B. Information from Third-Party Services:

OAuth Sign-In: If you sign up using Google or GitHub, we receive Personal Data from them, such as your name, email address, and profile picture. The data we receive is dependent on your privacy settings with that service.

C. Information We Collect Automatically:

Usage and Log Data: Like most services, our servers (provided by Supabase) automatically collect log data, which may include your IP address, browser type, operating system, pages visited, and timestamps.

Crash and Performance Data: We use Sentry to collect crash reports and performance analytics. This may include information about your device, operating system version, and actions that led to a crash, but it is anonymized where possible.

3. How We Use Your Information

We use your Personal Data for the following purposes:

  • To Provide and Maintain the Service: To authenticate you, host your User Content, manage your projects, and fulfill our contractual obligations to you.
  • To Process Payments: To manage your subscription, process payments , and enforce service limits based on your plan.
  • To Provide AI-Powered Features: To provide features like the AI Chatbot and AI Reports, we must process your User Content (like tasks and comments) and send it to our third-party AI providers. We have contractual agreements with our AI providers that prohibit them from using your data to train their models.
  • To Communicate With You: We use your email address (via Brevo) to send:
    • Transactional Emails: Account verification, password resets, and invitation links.
    • Notification Emails: Alerts for @mentions and task assignments. You can disable these in your "Notification Settings."
    • Digest Emails: Periodic summaries of project activity. You can disable these in your "Notification Settings."
  • To Improve the Service: To analyze usage patterns and fix bugs using Sentry, helping us improve the user experience.
  • To Enforce our Terms: To protect the security and integrity of our Service and users.

4. How We Share Your Information (Our Sub-processors)

We do not sell your Personal Data. We only share it with trusted third-party services (sub-processors) who help us operate the Service:

  • Supabase: Our core backend provider. They host our database, store your uploaded files (Storage), and run our authentication.
  • Dodo Payment: Our exclusive payment processor for handling all subscription billing and customer portal management.
  • Google Drive: If you connect your account, it is used for storing files larger than 30MB. This provides an extra layer of security as your largest assets remain within your own cloud storage.
  • Brevo (formerly Sendinblue): Our email provider for sending all transactional and notification emails.
  • Sentry: Our application monitoring and crash reporting service.
  • Third-Party AI Providers (e.g., Cohere, Groq, Mistral): We send your User Content to these providers to generate AI Content. As stated above, this data is not used to train their models.
  • Slack: Only if you authorize the integration, we will send activity notifications (which may contain User Content) to your designated Slack workspace.

We may also disclose your information if required by law or in response to a valid legal request.

5. Data Security and Retention

Security: We implement industry-standard security measures, including data encryption in transit (SSL) and at rest, and provide 2FA options to protect your data. Your data is isolated in our database using Supabase's Row Level Security (RLS).

Retention: We retain your Personal Data for as long as your account is active. If you delete your account, we will permanently delete all your Personal Data and User Content from our primary systems, in accordance with our backend procedures (delete_user_account RPC).

6. Your Data Rights (GDPR & CCPA)

Depending on your location, you have certain rights regarding your Personal Data:

  • Right to Access & Portability: You can access most of your data directly in your profile and project settings. You can also download a complete JSON archive of all your data using the "Export My Data" feature in your "Danger Zone" settings.
  • Right to Rectification: You can update and correct your personal profile information at any time on your "My Profile" page.
  • Right to Erasure (Deletion): You can permanently delete your account and all associated data at any time using the "Delete Account" feature in your "Danger Zone" settings. This action is irreversible.
  • Right to Object/Withdraw Consent: You can opt-out of non-essential communications (like digest emails) from your "Notification Settings" page. You can revoke third-party integrations (like Slack) from your "Team Management" page.

To exercise any of these rights, please use the self-serve features provided or contact us at legal@clarevis.com.

7. International Data Transfers

Your information, including Personal Data, may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. Our primary hosting provider is Supabase. By using the Service, you consent to this transfer.

8. Children's Privacy

Our Service is not intended for use by anyone under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect Personal Data from children. If you become aware that a child has provided us with Personal Data, please contact us.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By Email: legal@clarevis.com