1. Who we are and what this covers
This Privacy Policy describes how Clarvia (“Clarvia”, “we”, “us”, or “our”) handles personal information in connection with the Clarvia website at clarvia.dev, the Clarvia Bureau application, and our related products and services (together, the “Services”). For the purposes of applicable data-protection law, Clarvia is the controller of the personal information described here.
We offer the Services to users in many countries. We aim to apply the protections in this Policy to everyone who uses the Services, while also recognising the specific rights that may apply where you live (see Section 11).
2. Information we collect
Information you provide
- Account information, such as your name, username, email address, and password;
- Workspace and organisation details, such as your company or workspace name and the team members you invite;
- Billing information, handled by our payment provider; we do not store full payment-card numbers;
- Communications, messages you send us, including support requests and survey responses;
- Inputs, the prompts, instructions, documents, and other content you submit to the Services, including to AI features.
Information we collect automatically
- Usage data, the features you use, actions you take, and other interactions with the Services;
- Device and technical data, IP address, browser type, device type, operating system, and similar identifiers;
- Cookies and similar technologies, see Section 6;
- Log data, diagnostic, performance, and security logs.
Information from third parties
We may receive information from third parties such as authentication, analytics, and payment providers, consistent with their terms and your settings.
3. AI inputs, outputs, and third-party AI providers
When you use AI features, your Inputs and related content are processed by Clarvia and by third-party AI providers (such as Anthropic and OpenAI) in order to generate AI Output. This processing may involve transmitting your Inputs to those providers’ systems.
We use these providers under their API or business terms. Where a provider offers controls over whether submitted data is used to train its models, we aim to use settings that limit such use; however, each provider’s processing is governed by its own terms and privacy policy, which we encourage you to review.
AI Output may be inaccurate or incomplete. You should independently verify AI Output and must not rely on it as professional advice. See our Terms of Service. We may process Inputs and AI Output to provide, secure, debug, monitor, and improve the Services.
4. How we use your information
We use personal information to:
- provide, operate, maintain, and secure the Services;
- authenticate you and manage your account;
- process your Inputs and generate AI Output;
- process payments and manage subscriptions;
- communicate with you, including service, security, and (where permitted) marketing messages;
- monitor, prevent, detect, and address fraud, abuse, and security issues;
- analyse, maintain, and improve the Services and develop new features, using aggregated or de-identified data where practicable;
- comply with our legal obligations and enforce our Terms.
5. Legal bases for processing
Where data-protection laws such as the UK GDPR and EU GDPR apply, we rely on the following legal bases: performance of a contract with you; our legitimate interests (such as securing, operating, and improving the Services), balanced against your rights; your consent (for example, for certain cookies or marketing, which you may withdraw at any time); and compliance with legal obligations.
6. Cookies and analytics
We use cookies and similar technologies to operate the website, remember your preferences, and understand how the Services are used. We use analytics tools, including Google Analytics, to measure traffic and improve the Services.
You can manage non-essential cookies through our cookie controls and your browser settings. Disabling some cookies may affect how the Services function.
7. How we share information
We do not sell your personal information. We share personal information only as described here:
- Service providers and sub-processors, including AI providers (such as Anthropic and OpenAI), cloud hosting and infrastructure, analytics (such as Google), payment processors, and communications providers, who process data on our behalf under appropriate contractual protections;
- Legal and safety, where required by law, regulation, or legal process, or to protect the rights, safety, and security of Clarvia, our users, or the public;
- Business transfers, in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy;
- With your consent or at your direction.
8. International transfers
We and our service providers may process personal information in countries other than where you live, including the United States. Where we transfer personal information across borders, we take steps to ensure an appropriate level of protection, such as relying on recognised transfer mechanisms (for example, standard contractual clauses) where required.
9. Data retention
We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymise it. Retention periods vary depending on the type of information and why it is used.
10. Security
We use reasonable technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, and alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
11. Your rights and choices
Depending on where you live, you may have some or all of the following rights in respect of your personal information.
If you are in the UK or EEA (UK GDPR / EU GDPR)
- access a copy of your personal information;
- rectify inaccurate or incomplete information;
- erase your information in certain circumstances;
- restrict or object to certain processing;
- request portability of your information;
- withdraw consent where processing is based on consent;
- lodge a complaint with a supervisory authority, in the UK, the Information Commissioner’s Office (ICO).
If you are in California (CCPA / CPRA)
- know what personal information we collect, use, and disclose;
- access and delete your personal information;
- correct inaccurate personal information;
- opt out of the “sale” or “sharing” of personal information, note that we do not sell personal information;
- not be discriminated against for exercising your rights.
Everyone else
Wherever you live, you may contact us to ask about the personal information we hold about you and how it is used. To exercise any right, email us at hello@clarvia.dev. We may need to verify your identity before responding, and we will respond within the timeframes required by applicable law.
12. Children’s privacy
The Services are not intended for children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.
13. Third-party links
The Services may link to third-party websites and services that we do not control. This Policy does not apply to those third parties, and we are not responsible for their practices. Please review their privacy policies.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and, where the changes are material, take reasonable steps to notify you. Your continued use of the Services after the changes take effect means you accept the updated Policy.
15. Contact us
Questions about this Privacy Policy or how we handle your personal information? Contact us at hello@clarvia.dev. If you are in the UK or EEA, you also have the right to lodge a complaint with your local data-protection authority.