Is Clario a lawyer or tax advisor?

No. Clario is an AI assistant that helps you understand documents instantly. For complex legal matters, we connect you to verified professionals through our Expert Marketplace.

Is my data safe and protected?

Clario uses encryption in transit and at rest, access controls, and account-level export/delete workflows. Anonymous try uploads are cleaned up automatically, and signed-in users can manage their data from settings.

Which languages do you support?

100+ languages with instant translation. Upload a German tax letter, get a simple summary in your language. Legal jargon transforms into plain language you actually understand.

Can I cancel anytime?

Yes. No long-term contracts, no hidden fees, no dark patterns. Cancel in one click. If you delete your account, access is revoked immediately and permanent deletion is scheduled after a 30-day recovery window.

Do you integrate with cloud storage?

Yes! Google Drive, Dropbox, OneDrive, Gmail — we instantly detect and import relevant documents.

What if I need a real lawyer?

Our Expert Marketplace connects you with vetted lawyers and tax advisors. Fixed fees, language filters, one-click handoff with full document context.

Privacy Policy — Clario.ai

1. Data Controller

The data controller responsible for the processing of your personal data is:

Clario.ai GmbH
Musterstraße 123, 10115 Berlin, Germany
Email: privacy@myclario.app

We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.

2. Data We Collect

2.1 Account and Authentication Data

When you create an account, we collect your email address, display name, and authentication credentials. If you sign in via a third-party provider (Google, Apple, Microsoft), we receive your name and email from that provider. We do not receive or store your third-party account password.

2.2 Documents and Content

When you upload documents, we store the original files and generate derived data including: extracted text (via OCR), document metadata (filename, size, type, upload date), AI-generated summaries and classifications, vector embeddings for search functionality, and extracted entities such as deadlines, amounts, and counterparties.

2.3 Usage and Analytics Data

We collect anonymized usage data to improve the Service, including: pages visited, features used, session duration, device type, browser type, and interaction patterns. Analytics are processed via PostHog, hosted in the European Union. We do not use Google Analytics.

2.4 Payment Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment credentials on our servers. We retain only your subscription status, plan type, and Stripe customer ID.

2.5 Communication Data

If you contact us via email or in-app support, we retain the correspondence to resolve your inquiry and improve our Service.

3. Legal Bases for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

Purpose	Legal Basis
Providing the Service	Contract performance (Art. 6(1)(b))
AI document processing	Consent (Art. 6(1)(a))
Payment processing	Contract performance (Art. 6(1)(b))
Analytics and improvement	Legitimate interest (Art. 6(1)(f))
Security and fraud prevention	Legitimate interest (Art. 6(1)(f))
Legal compliance	Legal obligation (Art. 6(1)(c))

4. AI Processing and Sub-Processors

4.1 How AI Processing Works. When you upload a document, it passes through our processing pipeline: text extraction (OCR), classification, summarization, translation, and embedding generation. These steps involve sending document content to AI providers for processing.

4.2 AI Sub-Processors. We use the following AI providers as data sub-processors:

OpenAI — Text extraction, classification, summarization, translation, and chat (GPT-4). Data processing agreements in place. Document content is not used for model training.
Cohere — Search result re-ranking. Only document snippets are sent, not full documents.

4.3 Consent and Opt-Out. AI processing is performed with your consent. You can withdraw consent at any time via Settings > Privacy. Opting out disables automated analysis while preserving document storage.

5. Data Storage, Security, and Transfers

5.1 Infrastructure. All primary data is stored on servers within the European Union. Our infrastructure includes:

PostgreSQL database (Railway, EU region) — account and document metadata
Object storage — original document files, encrypted at rest
Qdrant vector database (EU region) — document embeddings for search
Redis (Railway, EU region) — job queue and temporary processing cache

5.2 Encryption. All data is encrypted in transit using TLS 1.2+. Sensitive data is encrypted at rest. Authentication tokens use secure, HTTP-only cookies with strict same-site policies.

5.3 Tenant Isolation. Your data is strictly isolated from other users. Every database query and vector search is filtered by your unique user identifier. No user can access another user's documents or data.

5.4 International Transfers. When AI processing involves sub-processors outside the EEA (e.g., OpenAI servers in the US), transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, in compliance with Chapter V of the GDPR.

6. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15) — Request a copy of all personal data we hold about you.
Right to Rectification (Art. 16) — Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17) — Request deletion of your account and all associated data ("right to be forgotten").
Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format (JSON/CSV export).
Right to Restrict Processing (Art. 18) — Request temporary restriction of data processing.
Right to Object (Art. 21) — Object to processing based on legitimate interests.
Right to Withdraw Consent (Art. 7(3)) — Withdraw consent for AI processing at any time without affecting prior processing.

To exercise any of these rights, visit Settings > Privacy in the app, or contact us at privacy@myclario.app. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. For Germany: the Berliner Beauftragte für Datenschutz und Informationsfreiheit (www.datenschutz-berlin.de).

7. Data Retention

7.1 Active Accounts. We retain your personal data and documents for as long as your account is active and as needed to provide the Service.

7.2 Account Deletion. Upon account deletion, all personal data, documents, and derived data (summaries, embeddings, extracted entities) are permanently deleted within 30 days. Backup copies are purged within 90 days.

7.3 Legal Retention. Certain data may be retained longer where required by law (e.g., tax records for 10 years under German tax law, audit logs for compliance purposes).

7.4 Anonymized Data. Aggregated, fully anonymized analytics data that cannot be linked to any individual may be retained indefinitely for product improvement purposes.

8. Cookies and Tracking

8.1 Essential Cookies. We use strictly necessary cookies for authentication, session management, and security (CSRF protection). These cookies are required for the Service to function and cannot be disabled.

8.2 Analytics Cookies. We use PostHog (EU-hosted) for anonymized usage analytics. Analytics cookies are only set with your explicit consent via our cookie banner. You may withdraw consent at any time.

8.3 No Third-Party Advertising. We do not use advertising cookies, tracking pixels, or share data with advertising networks. We do not sell your data to third parties.

9. Third-Party Services

We use the following third-party services as data processors:

Service	Purpose	Location
Supabase	Authentication	EU
Railway	Application hosting	EU
Stripe	Payment processing	EU/US (SCCs)
OpenAI	AI document processing	US (SCCs)
Qdrant Cloud	Vector search	EU
PostHog	Product analytics	EU
Postmark	Transactional email	US (SCCs)

All third-party processors are bound by data processing agreements (DPAs) that ensure GDPR-compliant handling of your data.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

12. Contact and DPO

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Data Protection Officer
Clario.ai GmbH
Musterstraße 123, 10115 Berlin, Germany
Email: privacy@myclario.app

Privacy Policy

1. Data Controller

2. Data We Collect

2.1 Account and Authentication Data

2.2 Documents and Content

2.3 Usage and Analytics Data

2.4 Payment Data

2.5 Communication Data

3. Legal Bases for Processing (Art. 6 GDPR)

4. AI Processing and Sub-Processors

5. Data Storage, Security, and Transfers

6. Your Rights Under GDPR

7. Data Retention

8. Cookies and Tracking

9. Third-Party Services

10. Children's Privacy

11. Changes to This Privacy Policy

12. Contact and DPO

Your data, your rules.

Privacy Policy

1. Data Controller

2. Data We Collect

2.1 Account and Authentication Data

2.2 Documents and Content

2.3 Usage and Analytics Data

2.4 Payment Data

2.5 Communication Data

3. Legal Bases for Processing (Art. 6 GDPR)

4. AI Processing and Sub-Processors

5. Data Storage, Security, and Transfers

6. Your Rights Under GDPR

7. Data Retention

8. Cookies and Tracking

9. Third-Party Services

10. Children's Privacy

11. Changes to This Privacy Policy

12. Contact and DPO

Your data, your rules.