Legal

Privacy Policy

Last updated: 21 March 2026

Summary: We collect only what we need to run Clariva. We never sell your data. We never use your data to train AI models. You can delete your account and all data at any time. We are GDPR compliant.

1. Who we are

Clariva ("we", "us", "our") is an AI marketing analytics platform. Our service allows you to connect your marketing data sources and ask questions about them in plain English.

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller of your personal data.

2. What data we collect

We collect the following categories of data:

  • Account information: your name, email address, and password (encrypted)
  • Billing information: processed by Stripe — we never see or store your full card details
  • OAuth tokens: access and refresh tokens from Google, used solely to fetch your marketing data on your behalf
  • Marketing data: your Google Analytics, Search Console, and Google Ads data, accessed in real time to answer your questions
  • Usage data: which questions you ask, how often you use the product, and basic analytics about your sessions
  • Technical data: IP address, browser type, device type, for security and fraud prevention

3. How we use your data

We use your data exclusively to:

  • Provide the Clariva service — fetching your marketing data and generating AI-powered answers
  • Process payments and send billing receipts
  • Send transactional emails (account confirmation, password reset, usage limit alerts)
  • Detect and prevent fraud and abuse
  • Improve our product through aggregated, anonymised analytics

We never use your marketing data to train AI models. Your data is only ever used to answer your specific questions within your session.

4. Data sharing

We share your data with the following third-party processors, all operating under strict data processing agreements:

  • Supabase — database and authentication (EU region)
  • Anthropic — AI processing (your questions and marketing data context are sent to Claude to generate answers)
  • Stripe — payment processing
  • Vercel — hosting and infrastructure
  • Google — OAuth authentication and API access

We do not sell your data to any third party. We do not share your data with advertisers.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, we delete all your personal data within 30 days, except where we are legally required to retain it (e.g. financial records, which we keep for 7 years under UK law).

Chat history is retained for 90 days by default and can be deleted at any time from your account settings.

6. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data (Data Subject Access Request)
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time

To exercise any of these rights, email us at privacy@clariva.app. We will respond within 30 days.

7. Cookies

We use only essential cookies required to run the service (authentication session cookies). We do not use advertising cookies or third-party tracking cookies.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use Row Level Security in our database so your data is isolated from other users. We conduct regular security reviews.

9. Changes to this policy

We will notify you by email at least 14 days before making any material changes to this policy. Your continued use of Clariva after the effective date constitutes acceptance.

10. Contact

For privacy questions or requests: privacy@clariva.app

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO).