Clarity

Privacy

Clarity Privacy Policy

Clarity is designed with data protection and governance in mind. We only process data according to your workspace and organizational controls.

1. Information We Collect

To provide Clarity, we collect information in the following categories.

A. Account and Profile Information

  • Personal information such as your name, work email address, password hash, job title, and company or workspace name.
  • Authentication details, including OAuth or SSO tokens when you sign in through providers such as Google or Microsoft.
  • Billing and subscription records processed securely through payment partners. We do not store full card numbers on our servers.

B. Customer Database and Platform Data

  • Database credentials and connection settings used to connect to PostgreSQL, MySQL, SQL Server, Oracle, ClickHouse, and other supported sources. These secrets are encrypted at rest.
  • Schema metadata such as table names, column names, data types, key relationships, and semantic mappings needed to model your data inside Clarity.
  • Virtual schema definitions, calculated fields, business logic, joins, flow configurations, dashboard definitions, report settings, and share settings you create in the product.
  • Raw query results or cached data only when needed for product performance, previews, exports, or speed-layer execution. Any retained cache is governed by workspace settings and internal retention controls.

C. AI Interaction Data

When you use the assistant, Clarity processes the request and limited context needed to complete the feature.

  • Prompts, chat messages, generated SQL, follow-up instructions, and the minimum schema context required for the assistant to answer your request.

D. Automatically Collected Information

  • Usage logs such as IP address, browser and device details, session timestamps, crash reports, feature interactions, and performance telemetry used to operate and secure the platform.

2. How We Use Your Information

  • To establish secure connections to your databases, files, and workspaces and execute the actions you request.
  • To translate natural-language questions into governed SQL, virtual schema logic, and analytics workflows.
  • To power dashboards, reports, flow pipelines, exports, alerts, and AI-assisted product experiences.
  • To monitor platform reliability, investigate abuse, detect security incidents, and enforce workspace controls.
  • To provide customer support, onboarding, billing support, and critical service communications.

3. Artificial Intelligence and Your Data

Clarity uses large language models to support conversational analytics, workflow assistance, and guided data exploration. We understand that enterprise data is sensitive, so our AI practices are designed around a metadata-first, zero-training approach.

  • No public model training. We do not use your database schemas, prompts, virtual fields, dashboards, reports, or raw customer data to train public AI models.
  • Enterprise processing controls. Where AI partners are used, we use business or enterprise terms intended to limit retention and secondary use of submitted data.
  • Metadata-first context. Clarity sends schema metadata, semantic context, and request instructions needed to generate SQL or product actions. We do not send raw database rows to third-party LLMs unless a feature is explicitly designed for that purpose and enabled by you.
  • Human review is limited. We do not review customer prompts or output except when required for support, abuse prevention, or legal compliance.

4. How We Share Your Information

We do not sell, rent, or trade your personal information or company data.

  • Service providers and sub-processors that help us host, secure, monitor, and operate the platform, such as infrastructure, storage, caching, and analytics vendors.
  • AI partners only for the purpose of executing AI-powered platform features under applicable contractual controls.
  • Legal or regulatory authorities when required by law, court order, or to protect the rights, safety, and security of Clarity, our customers, or others.
  • A successor entity in connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to substantially similar privacy commitments.

5. Security Measures

Clarity is built for governed analytics and enterprise security.

  • Encryption in transit using TLS and encryption at rest for stored credentials, metadata, and managed platform data.
  • Workspace isolation and execution controls to reduce the risk of cross-workspace access or unsafe query behavior.
  • Role-based access controls, permissions, and approval boundaries that allow workspace administrators to control who can view, edit, query, and share data assets.
  • Operational logging and audit-friendly records to support incident response, troubleshooting, and compliance workflows.

6. Data Retention

  • Account information, workspace configuration, schema metadata, dashboards, reports, and virtual definitions are retained for as long as your workspace remains active, unless a shorter retention period is required by contract or law.
  • Performance caches and speed-layer data are retained according to workspace settings, product configuration, and operational limits.
  • Encrypted backups may be retained for a limited period to support disaster recovery and business continuity.
  • When a workspace is deleted, we delete or anonymize associated data according to our internal retention processes and backup lifecycle.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the right to request access, correction, deletion, export, or restriction of your personal information, and to opt out of certain communications.

Workspace administrators may also have controls within the product to manage users, revoke access, rotate credentials, and remove shared assets.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our infrastructure, or the features available in Clarity. If we make a material change, we will provide notice through the website, the application, or by email when appropriate before the updated policy takes effect.