Privacy Policy
Last updated: March 1, 2026
Clairo ("we", "us", "our") operates the clairo.run website and the Clairo platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
By using Clairo, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name (if provided via Google OAuth)
- Google account identifier (if you sign in with Google)
Usage Data
We automatically collect information about how you interact with the Service:
- Watcher configurations and prompts you create
- Feedback you provide on alerts (relevant/not useful ratings)
- Pages visited and features used
- Browser type, device type, and operating system
- IP address and approximate location (country/region level)
Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other financial information on our servers. We receive only a transaction identifier and subscription status from Stripe.
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Run your watchers and deliver alerts
- Learn from your feedback to improve alert relevance and scoring
- Process payments and manage your subscription
- Send transactional emails (alerts, account updates, security notices)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not use your data for advertising. We do not share your watcher configurations or alert data with other users.
3. AI and Data Processing
Clairo uses third-party AI models (Anthropic Claude and Google Gemini) to power its core features — generating search queries, scoring alerts, and learning from your feedback.
- Your watcher prompts and feedback are sent to these AI providers for processing
- We use API-based access — your data is not used to train third-party models
- Alert content is derived from publicly available web sources
4. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude) | AI processing | Watcher prompts, alert content, feedback |
| Google (Gemini) | Embeddings | Text for vector embeddings |
| Stripe | Payments | Email, payment details |
| Postmark | Transactional email | Email address, email content |
| Google OAuth | Authentication | Email, name, account ID |
| AppSignal | Error monitoring | Error logs, performance data |
| Tavily | Web search | Search queries |
Each provider processes data according to their own privacy policy. We encourage you to review their policies.
5. Data Retention
- Account data is retained for as long as your account is active
- Alert data is retained for 90 days after creation, then automatically deleted
- If you delete your account, we will delete your personal data within 30 days
- We may retain anonymized, aggregated data indefinitely for analytics purposes
- We retain data longer when required by law (e.g., billing records)
6. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure, cookie-based authentication with no passwords stored
- Database-level isolation between user accounts
- Regular security audits and dependency updates
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your personal data
- Portability — Receive your data in a structured, machine-readable format
- Restriction — Request that we limit processing of your data
- Objection — Object to processing based on legitimate interests
- Withdraw consent — Where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at privacy@clairo.run. We will respond within 30 days.
8. International Data Transfers
Your data may be transferred to and processed in countries other than your own. Our servers and third-party providers operate primarily in the United States and the European Union. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
9. Children's Privacy
Clairo is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Your continued use of Clairo after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at: