1. Overview
Claryti ("we," "us," or "our") operates the Claryti application and website at claryti.ai. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our services.
Claryti is a productivity tool that connects to your email, calendar, and meeting platforms to help you track commitments, prepare for meetings, and stay on top of what matters. To provide this service, we access data from third-party platforms, including Google Workspace (Gmail and Google Calendar), with your explicit permission.
By using Claryti, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.
2. Information We Collect
2.1 Information You Provide
When you create an account, we collect:
- Account information: Your name, email address, and password (or authentication credentials via Google Sign-In).
- Profile information: Job title, company, and preferences you choose to share.
- Payment information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
- Communications: Messages you send to our support team, feedback, and survey responses.
2.2 Information from Connected Services
When you connect third-party accounts (Google Workspace, Microsoft 365, Slack, etc.), we access data from those services to provide Claryti's core functionality. The specific data accessed from Google APIs is detailed in Section 3 below.
2.3 Automatically Collected Information
When you visit our website or use our app, we may automatically collect:
- Device information: Browser type, operating system, device identifiers.
- Usage data: Pages visited, features used, actions taken within the app.
- Log data: IP address, access times, referring URLs.
- Analytics data: Aggregated usage patterns via Google Analytics and similar tools.
3. Google User Data
This section specifically describes how Claryti accesses, uses, stores, and shares data obtained through Google APIs. This section applies when you connect your Google Workspace account (Gmail and/or Google Calendar) to Claryti.
Claryti only accesses Google user data after you explicitly grant permission through Google's OAuth consent flow. You can revoke this access at any time (see Section 9).
3.1 Google API Scopes We Request
Claryti requests the following Google API scopes, each for a specific purpose:
| Scope | Classification | Why We Need It |
|---|---|---|
gmail.readonly |
Restricted | Claryti reads your emails to extract commitments, action items, and follow-ups. This data is used to populate your daily brief and "Who's waiting on me?" dashboard. We never modify or delete your emails. |
gmail.send |
Restricted | Claryti can send follow-up emails on your behalf using AI-generated drafts that you explicitly review and approve before sending. Claryti never sends emails without your confirmation. |
calendar.readonly |
Sensitive | Claryti reads your calendar events to prepare meeting briefs showing relevant context, past commitments, and outstanding items for each upcoming meeting. |
calendar.events |
Sensitive | Claryti can create calendar events (e.g., follow-up reminders) on your behalf when you request it. We never modify or delete existing events without your explicit action. |
3.2 How We Use Google User Data
Data received from Google APIs is used exclusively to provide and improve Claryti's user-facing features:
- Daily briefs: Synthesizing email and calendar data into a morning summary of what needs your attention.
- Commitment tracking: Extracting promises, action items, and follow-ups from email threads and meeting context.
- Meeting preparation: Assembling relevant context (past emails, commitments, relationship history) for upcoming calendar events.
- "Who's waiting on me?" dashboard: Identifying unanswered emails and outstanding commitments.
- Follow-up reminders: Surfacing items that need your attention based on email and calendar patterns.
3.3 What We Do NOT Do with Google User Data
Claryti strictly adheres to Google's policies. We do not:
- Use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
- Sell, rent, lease, or trade Google user data to any third party.
- Use Google user data to create, train, or improve generalized artificial intelligence or machine learning models (including foundation models). Any AI processing is performed solely to provide personalized features to you within the Claryti app.
- Allow human employees or contractors to read your Google user data, except:
- When you give us explicit, affirmative consent to view specific data (e.g., for technical support).
- When necessary for security purposes (e.g., investigating abuse or security incidents).
- When required to comply with applicable law or regulation.
- When the data is aggregated and anonymized so that it cannot identify any individual user, and is used only for internal operations.
- Transfer Google user data to any third party unless necessary to provide or improve user-facing features, and only with your consent.
- Store permanent copies of Google user data beyond what is necessary to provide the service.
4. Google API Services Limited Use Disclosure
Claryti's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In accordance with Google's Limited Use requirements, Claryti limits its use of data received from Google APIs as follows:
- Limited to stated purposes: We only use Google user data to provide or improve user-facing features that are visible and prominent in the Claryti application's user interface, as described in this privacy policy.
- No advertising use: We do not use or transfer Google user data for serving ads, including retargeting, personalized, or interest-based advertising.
- No unauthorized transfers: We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, as part of a merger/acquisition with prior user consent, for security purposes, or to comply with applicable laws.
- No human access without consent: We do not allow humans to read Google user data unless we have obtained your affirmative agreement to view specific data, it is necessary for security purposes, it is required by law, or the data has been aggregated and anonymized for internal operations.
- No generalized AI/ML training: We do not use Google user data to create, train, or improve generalized artificial intelligence or machine learning models, including foundational models. Any AI processing is limited to providing personalized features to the specific user who authorized access.
5. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the service: Operating Claryti's core features including daily briefs, commitment tracking, meeting preparation, and follow-up management.
- Account management: Creating and maintaining your account, processing payments, and communicating about your subscription.
- Service improvement: Understanding usage patterns (in aggregate) to improve features, fix bugs, and develop new functionality.
- Security: Detecting, preventing, and addressing fraud, abuse, and security issues.
- Communications: Sending transactional emails (receipts, account notifications), product updates, and marketing communications you've opted into.
- Legal compliance: Complying with applicable laws, regulations, and legal processes.
We do not use your personal information for profiling, automated decision-making, or targeted advertising.
6. Data Storage and Security
6.1 Where We Store Data
Your data is stored on secure servers provided by our infrastructure partners (e.g., AWS, Vercel). All data is stored in the United States. If you are accessing Claryti from outside the United States, your data may be transferred to and processed in the United States.
6.2 How We Protect Data
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2 or higher (HTTPS).
- Encryption at rest: Stored data is encrypted using AES-256 encryption.
- Access controls: Access to user data is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication required.
- Regular audits: We conduct regular security reviews and vulnerability assessments.
- Secure authentication: We use OAuth 2.0 for third-party integrations. We never store your Google password.
- Minimal data retention: We only retain data as long as necessary to provide the service (see Section 8).
6.3 Breach Notification
In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities within 72 hours, as required by law.
7. Data Sharing and Transfers
We do not sell your personal information. We may share your information only in the following circumstances:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing information, email address. Governed by Stripe's Privacy Policy. |
| Nylas | Email and calendar API integration | OAuth tokens for email/calendar access. Nylas acts as a data processor. Governed by Nylas's Privacy Policy. |
| Recall.ai | Meeting transcription | Meeting audio/video for transcription. Governed by Recall.ai's privacy policy. |
| AI processing | Natural language understanding | Email and meeting content is processed through AI models to extract commitments and generate briefs. This processing is performed solely to provide features to you and is not used to train generalized models. |
| Analytics providers | Usage analytics | Aggregated, anonymized usage data. No personally identifiable Google user data is shared with analytics providers. |
| Legal authorities | Legal compliance | As required by law, regulation, subpoena, or court order. |
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy. We will notify you before your data is transferred and becomes subject to a different privacy policy.
8. Data Retention and Deletion
8.1 Retention Periods
- Account data: Retained for the duration of your active account plus 30 days after deletion.
- Google user data (processed): Extracted commitments, briefs, and summaries are retained while your account is active. Raw email content is processed in real-time and not permanently stored; only extracted structured data (commitments, action items, summaries) is retained.
- OAuth tokens: Revoked immediately when you disconnect your Google account or delete your Claryti account.
- Payment records: Retained as required by financial regulations (typically 7 years for tax purposes).
- Anonymized analytics: May be retained indefinitely in aggregate form.
8.2 How to Delete Your Data
You can delete your data at any time:
- Disconnect Google: Go to Settings > Connected Accounts > Google > Disconnect. This immediately revokes our OAuth access and deletes cached Google data.
- Delete account: Go to Settings > Account > Delete Account. This permanently deletes all your data, including extracted commitments, briefs, and profile information, within 30 days.
- Google's security settings: You can also revoke Claryti's access at myaccount.google.com/permissions.
- Email us: Contact [email protected] to request data deletion.
9. Your Rights and Choices
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data (see Section 8).
- Portability: Request your data in a portable, machine-readable format.
- Revoke consent: Withdraw consent for data processing at any time by disconnecting integrations or deleting your account.
- Opt out of marketing: Unsubscribe from marketing emails at any time via the unsubscribe link in each email or through your account settings.
- Revoke Google access: Disconnect your Google account from Claryti at any time through app settings or directly through Google's security settings.
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.
9.1 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. Claryti does not sell personal information.
9.2 European Residents (GDPR)
If you are a resident of the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority. Our legal basis for processing personal data is your consent (for Google API access) and legitimate interest (for service operation and improvement).
10. Cookies and Tracking
Our website uses cookies and similar technologies:
- Essential cookies: Required for site functionality (authentication, preferences). Cannot be disabled.
- Analytics cookies: Help us understand site usage via Google Analytics. You can opt out using Google's opt-out browser add-on.
- Marketing cookies: Used for conversion tracking (Meta Pixel). You can manage these through your browser settings or opt out at Facebook's Ad Preferences.
We do not use Google user data for any advertising or tracking purposes.
11. Children's Privacy
Claryti is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a child, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on our website prior to the changes taking effect. The "Last updated" date at the top of this policy indicates when it was last revised.
Continued use of Claryti after changes take effect constitutes acceptance of the revised policy.
13. Contact Us
If you have questions about this Privacy Policy, your data, or our privacy practices, contact us at:
Claryti
Email: hello@claryti.ai