Privacy Policy

Clairist, Inc. (“Clairist,” “we,” or “us”) operates the Clairist web application and related APIs. For privacy inquiries, contact privacy@clairist.com.

This policy applies to information processed through Clairist workspaces, marketing sites, and support channels we operate. It does not govern third-party sites you link out to.

If you use Clairist for an organization, that organization decides what workspace data to enter. Clairist generally acts as a processor or service provider on the organization’s instructions for workspace content, while acting as a controller for account, billing, security telemetry, and product analytics needed to run Clairist.

We use information to provide, secure, troubleshoot, and improve Clairist; authenticate users; enforce team permissions; process payments; communicate about the service; comply with law; and protect rights and safety. We do not sell personal information and we do not use your workspace content to train generalized AI models for unrelated purposes.

If you enable public trust features, designated workspace data may be published to public URLs or artifacts intended for external readers. You control what is published within the product’s controls; you should avoid publishing personal data unless necessary and lawful.

Verification endpoints process bundles or references you or reviewers submit so Clairist can return integrity results. Those requests may be logged for security and rate limiting. Verification output is technical, not a legal certification.

We use vetted service providers to host and operate Clairist, including without limitation Supabase (database, auth, storage), application hosting (such as Vercel), and Stripe for payments. A consolidated overview lives in the Trust Center. Providers may change; where required by law or contract, we will provide notice of material subprocessor updates to customer contacts.

We implement administrative, technical, and organizational measures appropriate to the risk, including encryption in transit, access controls, and database authorization patterns. Details are summarized on the Security page. No security practice eliminates all risk.

We retain information for as long as your account or workspace is active and for a reasonable period afterward to meet legal, accounting, or dispute-resolution needs. Certain operational logs and analytics may use bounded retention windows in our backend. Deleting content in the product may not immediately remove all residual copies from backups; we purge backups on rolling schedules where feasible.

Depending on your location, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. Workspace administrators may be able to delete or export workspace data subject to product capabilities. Email privacy@clairist.com to exercise rights; we may need to verify your identity. We do not provide legal advice about which laws apply to you.

We are based in the United States. Information may be processed in the U.S. and in countries where subprocessors operate. Where required, we will rely on appropriate safeguards described in an agreement with your organization.

Clairist is not directed to children under 16, and we do not knowingly collect personal information from them.

We may update this policy from time to time. We will post the new version here and adjust the effective date. Material changes will be communicated as described in our Terms of Service.

Privacy questions: privacy@clairist.com. DPA and procurement requests: use the procurement request form or procurement@clairist.com.