Your privacy matters. This policy explains what data we collect, why we collect it, and how we protect it. Claritas is built by researchers, for researchers—we treat your data with the same care we'd want for our own research.
1. Data We Collect
Account Information
- Email address (required for account creation)
- Name (optional, for personalization)
- Password (stored securely using industry-standard hashing)
Research Content
- Papers you add (metadata: title, authors, year, DOI)
- Annotations you create
- Links between annotations
- Arguments you construct
- Topics and organizational tags
Usage Data
- Feature usage (which features you use, how often)
- Error logs (to fix bugs and improve reliability)
- Session information (login times, device type)
Payment Information
Payment processing is handled by Stripe. We do not store your credit card number, CVV, or full payment details. We only receive confirmation of successful payments and subscription status.
2. How We Use Your Data
- To provide the service: Store and sync your research content across devices.
- To improve the product: Aggregate, anonymized usage patterns help us prioritize features.
- To communicate with you: Service updates, security notices, and (with consent) product news.
- To provide support: Respond to your questions and troubleshoot issues.
- To process payments: Manage subscriptions and billing.
3. Data We Don't Collect
- PDF content: We store paper metadata, not full PDFs. Your reading happens in your own PDF reader.
- Tracking across sites: We don't use third-party trackers or sell data to advertisers.
- AI training: Your research content is not used to train machine learning models.
4. Data Sharing
We do not sell your data. We share data only in these limited circumstances:
- Service providers: We use Supabase (database hosting), Vercel (web hosting), and Stripe (payments). These providers process data on our behalf under strict agreements.
- Legal requirements: We may disclose data if required by law or to protect rights, safety, or property.
- With your consent: We may share data if you explicitly authorize it (e.g., team features in Lab tier).
5. Data Security
- All data is encrypted in transit (TLS/HTTPS).
- Database is encrypted at rest.
- Passwords are hashed using bcrypt.
- Row-level security ensures users can only access their own data.
- Regular security audits and dependency updates.
6. Data Retention
- Active accounts: Data is retained as long as your account is active.
- Deleted accounts: Data is permanently deleted within 30 days of account deletion.
- Backups: Encrypted backups are retained for 90 days for disaster recovery, then permanently deleted.
7. Your Rights
You have the right to:
- Access: Export all your data using our export features (Obsidian, BibTeX, JSON).
- Correct: Update your account information and research content at any time.
- Delete: Delete your account and all associated data from Settings.
- Portability: Export your data in standard formats to use elsewhere.
- Object: Opt out of non-essential communications in your email preferences.
8. Cookies
We use only essential cookies:
- Authentication: Session cookies to keep you logged in.
- Preferences: Theme preference (light/dark mode).
We do not use advertising cookies or third-party tracking cookies.
9. International Users
Data is processed in the United States and Canada. By using Claritas, you consent to the transfer of data to these jurisdictions. We comply with applicable data protection laws including GDPR for EU users and PIPEDA for Canadian users.
10. Children's Privacy
Claritas is designed for adult researchers and is not intended for users under 18 years of age. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email. The “Effective” date at the top indicates when the policy was last updated.
This privacy policy is designed to be clear and readable. If anything is unclear, please ask us.