Privacy Policy
Last updated: 25 February 2026
1. Introduction
Clarier.ai ("we", "our", "us") operates the Clarier.ai web application and Chrome browser extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (hashed and stored securely; we never store plaintext passwords)
- Company name and association
- User role within your organization
Usage Data
When you use the Service, we collect:
- AI vendor tools you add to your company inventory (tool names and associated domains)
- Vendor assessment reports you generate
- Timestamps of your interactions with the Service
Browser Extension Data
When you use the Clarier.ai Chrome extension:
- Active tab domain: We read the domain (e.g. "notion.so") of your currently active tab when you open the extension popup, solely to identify the vendor you are visiting. We do not collect full URLs, page content, browsing history, or data from inactive tabs.
- Authentication tokens: Your session credentials are stored locally in your browser's extension storage to keep you signed in.
Data We Do NOT Collect
- Browsing history or full page URLs
- Page content, form inputs, or downloaded files
- Data from tabs other than the currently active tab
- Any data when the extension popup is closed
- Personal data beyond what is required for account creation
3. How We Use Your Information
We use the information we collect to:
- Authenticate you and maintain your session
- Detect which AI vendor or tool you are visiting (extension only)
- Generate vendor security and compliance assessment reports
- Maintain your company's AI tool inventory
- Send notifications when background analysis is complete
- Improve and maintain the Service
4. Data Storage and Security
- All data is transmitted over HTTPS/TLS encryption
- Our backend infrastructure is hosted on Supabase, which provides enterprise-grade security, encryption at rest, and SOC 2 compliance
- Passwords are hashed using industry-standard algorithms; we never store or have access to plaintext passwords
- Authentication tokens are stored locally on your device and refreshed automatically
- We implement role-based access controls to ensure users can only access data within their organization
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
We may share data only in the following circumstances:
- Service providers: We use Supabase for infrastructure (authentication, database, serverless functions). Supabase processes data on our behalf and is bound by their own privacy and security commitments.
- Legal requirements: We may disclose information if required by law, regulation, or legal process.
- Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.
6. Data Retention
- Account data is retained for as long as your account is active
- Vendor assessment reports are retained as part of your company's inventory for as long as the company account is active
- You may request deletion of your account and associated data at any time by contacting us
- Upon account deletion, your personal data will be removed within 30 days
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data
- Export your data in a portable format
- Withdraw consent for data processing
- Object to processing of your personal data
To exercise any of these rights, contact us at the email address below.
8. Cookies
The Clarier.ai web application uses essential cookies and local storage for authentication and session management. We do not use advertising or tracking cookies. The Chrome extension uses chrome.storage.local for session persistence and does not use cookies.
9. Children's Privacy
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. International Data Transfers
Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: dev@clarier.ai
Website: clarier.ai