Privacy policy
Clarafy — Privacy Policy
Effective date: 26 May 2026
Operator: Liam Tidholm
Contact: hi@useclarafy.com
Website / account hub: https://app.useclarafy.com
This Privacy Policy applies to Clarafy (the Service), including the web account hub, Chrome extension, Windows desktop app, and related APIs operated under the Clarafy / useclarafy brand.
1. Who we are
The Service is operated by Liam Tidholm (“we”, “us”, “our”). For privacy questions or requests, email hi@useclarafy.com.
2. What Clarafy does
Clarafy is a writing assistant. When you use a shortcut or in-product controls while typing in a supported field, Clarafy reads text from that field, sends it to our servers for automated rewriting, and replaces the text in place. Optional features (such as The Atelier on paid plans) may show previews or tone hints. We design the product to avoid polishing passwords, one-time codes, and other sensitive field types.
3. Information we collect
We collect only what we need to run the Service, enforce limits, bill subscribers, and improve reliability.
3.1 Account and profile information
When you create an account (email/password or Google sign-in), we store:
Email address and authentication identifiers (via Supabase Auth)
Profile fields you provide or we derive: display name, avatar, bio, timezone, language/tone preferences, plan tier, and structured app settings (including privacy toggles you set in the hub)
Billing linkage: Stripe customer ID and subscription status (we do not store full payment card numbers; Stripe processes payments)
3.2 Text you submit for polishing
To polish your writing, we process the content of the text field you invoke Clarafy on, plus context needed to complete the request, such as:
Optional custom instructions you provide (length-capped)
Host site identifier (e.g. hostname) and, for some features, page title
Writing preferences (conciseness, emoji preference, etc.)
StyleMemory (paid Atelier plan only, when enabled): recent before/after examples stored in your profile to keep output closer to your voice
Text is sent to our backend and to AI providers (currently OpenAI) to generate the rewritten text. We apply length limits (for example, inputs are capped at roughly 16,000 characters per polish).
Atelier tone preview (tone-read): For eligible drafts, we may send a short snippet of text (not the full polish pipeline) plus hostname/title to return a one-line “how this might sound” impression. This does not count toward your daily polish quota and is not written to your Activity log.
3.3 Usage and activity logs
We log polish events to operate quotas, show you Activity in the hub, and prevent abuse. Depending on settings and plan, a log entry may include:
Timestamp, character counts, model used, and host site
Truncated before/after previews (up to several thousand characters each) in metadata for your Activity view
You can delete all polish history from hub settings; we will remove corresponding polish_usage rows for your account.
3.4 Information stored on your device
The Chrome extension and desktop app may store locally (for example, in browser or app storage):
Hotkey bindings and UI preferences
Session tokens for signed-in use
Local polish history and counters (e.g. daily free-tier usage)
Extension identifiers used to complete sign-in handoff with the hub
Local data stays on your device unless you sign in and a feature explicitly syncs to the cloud (such as StyleMemory on Atelier).
3.5 Technical and security data
Our hosting and API providers may process standard technical logs: IP address, user agent, request timestamps, and error diagnostics. We use these for security, rate limiting, and debugging.
3.6 Communications
If you opt in, we may send product or activity emails. We send transactional messages (verification codes, password reset, billing notices) as needed to operate your account. Email delivery may use our mail provider and templates configured in the hub.
4. How we use information
We use personal data to:
Provide, maintain, and secure the Service
Authenticate you and sync settings across extension, desktop, and hub
Process polishes and enforce Free vs Atelier limits
Process subscriptions and support billing disputes
Respond to support requests and legal obligations
Detect abuse (rate limits, suspicious traffic)
We do not sell your personal information. We do not use your polished text to train third-party foundation models unless a provider’s terms require it for API delivery—in that case processing is limited to providing the API response. We do not use your content for our own unrelated advertising profiles.
5. Legal bases (EEA / UK users)
Where GDPR or UK GDPR applies, we rely on:
Contract — to deliver the Service you signed up for
Legitimate interests — security, fraud prevention, product analytics in aggregated form, and improving reliability
Consent — where you enable optional processing (for example, marketing email or explicit data-processing acknowledgment in settings)
Legal obligation — tax, accounting, or lawful requests
You may withdraw consent for optional processing without affecting core polish features, except where consent is required by law.
6. Sharing with service providers
We share data with processors that help us run Clarafy, under contracts or terms that require appropriate safeguards:
Provider | Role |
|---|---|
Supabase | Authentication, database, file storage (e.g. avatars), Edge Functions |
OpenAI | AI text rewriting and tone-read |
Stripe | Payments and subscription management |
Vercel (or equivalent) | Hosting the web hub |
Optional OAuth sign-in | |
Email / SMTP provider | Transactional and optional product email |
We may also disclose information if required by law, to protect rights and safety, or in connection with a merger or sale of the business (with notice where legally required).
7. International transfers
We and our processors may process data in the United States and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA/UK.
8. Retention
Account data — kept while your account is active
Polish usage / Activity — kept until you delete history or delete your account
StyleMemory — kept until you clear it or delete your account; downgraded accounts may stop cloud StyleMemory updates
Billing records — retained as required for tax and accounting (often several years)
Security logs — typically rotated after a limited period unless needed for an incident
After account deletion, we delete or anonymize personal data within a reasonable period, except where we must retain it by law.
9. Security
We use industry-standard measures: encrypted transport (HTTPS/TLS), access controls, row-level security on user data in our database, and separation of privileged keys (service role keys are never shipped in client apps). No method of transmission or storage is 100% secure; use a strong, unique password and keep your devices updated.
10. Your rights and choices
Depending on where you live, you may have the right to:
Access a copy of your data (the hub offers export for signed-in users)
Correct inaccurate profile information in settings
Delete polish history, StyleMemory, or your entire account (account deletion removes your auth user and cascaded profile data)
Object or restrict certain processing
Portability of data you provided
Complain to your local supervisory authority (EEA/UK)
To exercise rights, email hi@useclarafy.com from your account email. We may need to verify your identity.
California (CCPA/CPRA): We do not sell personal information. You may request access, deletion, and correction as described above.
11. Children
The Service is not directed at children under 16 (or the age of digital consent in your country). We do not knowingly collect data from children. Contact us if you believe a child has provided personal data.
12. Chrome extension and desktop app
The extension requests permissions needed to read and replace text only where you invoke Clarafy, store settings, and communicate with our API. It does not use your browsing history for advertising. See the extension listing and in-app settings for the current permission list.
The desktop app uses system accessibility APIs on Windows to polish text in native fields, subject to the same server-side processing described above when you are signed in.
13. Changes to this Privacy Policy
We may update this policy. We will post the new version with a revised effective date and, for material changes, provide notice in the hub or by email where appropriate. Continued use after the effective date means you accept the update.
14. Contact
Liam Tidholm — Clarafy
Email: hi@useclarafy.com
Privacy Policy v1.0 — 26 May 2026 — Liam Tidholm