Privacy Policy
Last updated: 2026-05-24 · Effective: 2026-05-24
The short version
Your canvas content lives in our cloud infrastructure, encrypted at rest. Where Claude runs from your Mac daemon (the primary canvas flow), your prompts go directly to Anthropic; we never see them. Where Claude runs from our cloud worker (the FAB chat, voice, image generation), prompts pass through us. Both paths are governed by data-processing agreements. We charge for the canvas; Anthropic charges you for AI. Delete your account anytime — we erase your data within 30 days; backups within 90.
1. Who we are
Clearly is operated by Jinri Hong as a sole proprietorship based in the Commonwealth of Virginia, USA.
General contact: hi@clearly.sh. Privacy + data-protection requests: privacy@clearly.sh. DMCA + IP claims: dmca@clearly.sh. For legal service of process, write to the operator's business address on file with Stripe — request via legal@clearly.sh.
2. What we collect
Account data: email address, display name, hashed password (if email signup) OR Google profile (if SSO). Stored in Firebase Authentication.
Canvas content: the blocks you create (text, images, brand assets, comments) live in our cloud databases (SQLite) and object storage, both with AES-256 encryption at rest. We do not read your canvas content for analytics or training.
Subscription data: tier, trial status, Stripe customer ID. Card numbers go directly to Stripe — we never see them.
Usage telemetry: page views and product events. See §8 for current and planned analytics providers.
Mac daemon (if installed): local-only state in ~/.clearly/ and ~/.beehaven/. Your Claude API key is stored in macOS Keychain. The daemon sends canvas-block operations to our worker — never the Claude prompts themselves (those go directly from the daemon to Anthropic).
3. AI prompts — what we DO and DON'T see
Critical distinction. Clearly has multiple AI surfaces with different data flows:
Canvas Send (primary flow) — we do NOT see your prompts. When you hit Send on the canvas with the Mac app installed, your daemon talks directly to Anthropic using your subscription. Block content and your prompt text NEVER pass through our servers.
Floating terminal — we do NOT see your prompts. Same daemon-direct path as canvas Send.
Cloud FAB chat (the floating chat panel) — prompts DO pass through us. The FAB uses OpenRouter via our worker, so we see request bodies in transit. We do not store them after the request completes; logs are deleted within 7 days.
Voice agent (if enabled) — voice frames pass through us. Audio streams via Gemini Live API through our worker. Transcripts are stored on YOUR canvas where you can delete them; the voice stream itself is not retained.
Image generation — prompts DO pass through us. Vertex AI image generation runs from our worker. Prompts + generated images live in your cloud storage; we don't use them for training.
To use only the no-prompt-visibility paths, work via canvas Send + the floating terminal. Avoid the FAB chat and image generation if you need zero-trust prompt isolation from Clearly.
4. What we DON'T collect
- Your Anthropic subscription billing (paid directly to Anthropic)
- Your computer's filesystem content beyond what you explicitly drag into a canvas
- Camera footage; webcam frames; biometric data
- Browsing history outside Clearly's surfaces
- Cross-site tracking — no Facebook Pixel, no Google Ads pixel, no LinkedIn Insight Tag
- Voice/microphone data outside voice-agent sessions you explicitly start
5. How we use your data
To run the product: show you your canvases, share canvases with collaborators when you opt in, deliver Claude-generated blocks back to your canvas.
To bill you (paid tiers): we send your subscription tier + customer ID to Stripe. Stripe handles all card processing.
To support you: if you email us, we read the email. If we need to look at your canvas to debug, we ask first.
To improve the product: aggregate, anonymized usage patterns. Never individual content.
We do NOT: sell your personal information, train AI models on your canvas content, share your canvases with marketers, or sync data to ad networks. If our position on any of these changes in the future, we will notify you 30 days in advance and give you the option to delete your account before the change takes effect.
6. Automated decision-making (GDPR Article 22)
Clearly uses Anthropic's Claude as a core feature — Claude generates code, content, designs, and recommendations based on your canvas inputs. This constitutes automated processing.
However:
- No legal or significant effects without your explicit action. Claude produces drafts and suggestions; nothing is shipped or applied to the world without you clicking Approve, Send, or Deploy.
- You can disable AI features. Disconnect your Claude credential in /settings → Claude. The canvas continues to work as a static workspace.
- You can request human review. If you believe an automated decision (e.g. tier downgrade after trial expiry, account flag for abuse) has materially affected you, email privacy@clearly.sh and a human will review.
None of Clearly's automated processing currently produces legal effects on you (no employment decisions, no credit decisions, no insurance underwriting). If we ever add such features, we will require explicit consent + provide opt-out before activation.
7. Subprocessors + where your data lives
Third-party services we use to deliver Clearly. We have signed Data Processing Agreements with each. New subprocessors get 30-day advance notice via email (Pro+ tier) or banner (Free tier); you can object by deleting your account before the new subprocessor takes effect.
| Subprocessor | Purpose | Region(s) |
|---|---|---|
| Cloud infrastructure | Edge compute + databases + object storage + key-value store | Global edge, primary in US-East |
| Firebase Authentication (Google) | Email + Google SSO auth tokens | US, EU mirror |
| Stripe | Subscription billing, payment processing | US, EU, UK |
| Resend | Transactional email delivery | US (Vercel infra) |
| Anthropic | Claude AI (your subscription; daemon-direct or worker-proxied per §3) | US |
| Google Cloud (Vertex AI) | Image generation (Imagen/Flux), optional voice (Gemini Live) | US |
| OpenRouter | Cloud FAB chat completions (when used) | US |
| Plausible Analytics (planned) | Cookieless page-view counts | EU |
| Sentry (planned) | Error stack traces, no canvas content | US, EU regional |
EU/UK data transfers to US-based subprocessors are covered by the EU Standard Contractual Clauses (Commission Decision 2021/914) plus supplementary measures (encryption at rest + transit).
8. Cookies + local storage
We use cookies + localStorage for:
- Authentication (HttpOnly, secure, session-only cookie) — keeps you signed in
- CSRF protection (HttpOnly cookie) — anti-forgery for state-changing requests
- UI preferences (localStorage) — theme, sidebar state, tour-seen flag, cookie consent state
No third-party tracking cookies. No advertising cookies. Our planned analytics provider (Plausible) is cookieless by design. EU/UK users see a consent banner on first visit per the ePrivacy Directive — accepting unlocks no additional tracking today, it's purely transparency.
9. Data retention
| Data category | Retention |
|---|---|
| Canvas content, brands, files | Until you delete OR account deletion + 30 days (then erased) |
| Account profile, email, settings | Until account deletion + 30 days |
| Backups of the above | Purged within 90 days of account deletion |
| Subscription + invoice records | 7 years (tax/legal requirement; in Stripe) |
| Stripe customer ID + tier (for refund/recovery) | 7 years (anonymized to email hash on account delete) |
| Cloud FAB chat request bodies | 7 days then deleted from logs |
| Error logs (Sentry, when installed) | 90 days |
| Page-view logs (Plausible, when installed) | Indefinite anonymous aggregates; no per-user records |
| Waitlist email + invite codes | Until launch + 60 days OR until you unsubscribe |
| DMCA + abuse reports | 7 years (legal hold) |
10. Your rights
Under GDPR (EU/UK), CCPA (California), and similar laws, you have the right to:
- Access (GDPR Art 15) / Know (CCPA): download all your canvases + account data via /settings → Your data → Download my data. You get a JSON archive immediately; no waiting period.
- Correction (GDPR Art 16): edit any account data at /settings.
- Deletion (GDPR Art 17) / Delete (CCPA): delete your account anytime at /settings → Delete account. We erase canvas content + account data within 30 days. Backups purge within 90 days. Anonymized billing records (email hash only) retained for 7 years per tax law.
- Portability (GDPR Art 20): same as Access — JSON export covers it.
- Object (GDPR Art 21): to any processing you don't agree with. Email privacy@clearly.sh.
- Restriction (GDPR Art 18): request we pause processing pending a dispute.
- Opt-out of automated decisions (GDPR Art 22): see §6 — none of our automated processing currently has legal/significant effects, but the right applies.
- Right to Opt-Out of Sale / Sharing (CCPA): we do NOT sell personal information or share for cross-context behavioral advertising. There is no opt-out toggle because there is nothing to opt out of.
- Non-discrimination (CCPA): exercising any of these rights does not affect your service quality or pricing.
- Complaint: to your local data-protection authority. EU users — your national DPA. UK users — the ICO. California users — the CPPA.
11. CCPA-specific disclosures (California residents)
In the prior 12 months, we have collected the categories of personal information listed in §2 above. We disclose this information to subprocessors (listed in §7) solely to provide the service. We have not sold or shared personal information for cross-context behavioral advertising. We do not have actual knowledge of selling or sharing the personal information of consumers under 16.
To exercise CCPA rights: privacy@clearly.sh. We respond within 45 days (with a possible 45-day extension if needed; we'll tell you why).
You may also designate an authorized agent to act on your behalf. The agent must provide written authorization + we may require you to verify identity directly.
12. Children + COPPA
Clearly is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from minors.
If we learn we have collected personal information from a child under the applicable age, we delete it within 30 days. Parents or guardians who believe a child has created an account can request immediate deletion + verification at privacy@clearly.sh — please include the email address used and the child's name.
13. Data breach notification
If we experience a personal data breach that is likely to result in a risk to your rights and freedoms (GDPR Art 33), we will:
- Notify the relevant supervisory authority within 72 hours of awareness
- Notify affected users without undue delay when the breach is likely to result in a high risk — via the email address on your account
- Publish a notice at /security (and at status.clearly.sh once available) describing the nature of the breach, categories of affected data, likely consequences, and steps taken to mitigate
For potential security issues, contact security@clearly.sh. Responsible disclosure welcomed.
14. Mac daemon — special note
The Clearly Mac app runs a local daemon that handles your Claude subscription. Local-only data:
- Anthropic API key OR Claude Pro OAuth token in macOS Keychain
- Composition working directories at
~/.clearly/compositions/<id>/with auto-seededCLAUDE.md - Claude Code session transcripts under
~/.claude/projects/(managed by Anthropic's CLI, not us) - Daemon logs in
~/.beehaven/
When you sign out / uninstall the Mac app, the "Sign out & remove local data" option erases all of the above. Your cloud canvases are unaffected (delete those separately via Settings).
15. Hive avatar (if installed)
Hive is an optional desktop avatar that reacts to Claude Code lifecycle events. All voice playback happens locally from pre-rendered MP3s shipped with the Mac app — no microphone capture, no cloud voice synthesis. Claude Code hook events and tool-name summaries stay on your machine. The daemon transmits them ONLY if you opt in to telemetry (off by default).
16. Entity transfer + acquisition
If Clearly is acquired, merged, or undergoes a corporate restructuring, your personal information may transfer to the successor entity. We will notify you via the email address on your account at least 30 days before the transfer takes effect, with information on how to delete your account if you prefer not to continue with the new entity.
17. Changes to this policy
We'll email you about meaningful changes 30 days before they take effect. Minor edits (typos, broken links, restructuring) we just publish. The "Last updated" date at the top of this page is the source of truth.
A redline of prior versions is available on request from privacy@clearly.sh.
18. Contact
Questions about privacy or your rights? Email privacy@clearly.sh. We respond within 5 business days; statutory rights requests within 30 days (GDPR) or 45 days (CCPA).
For EU/UK GDPR data-protection requests: privacy@clearly.sh. We are not required to appoint a Data Protection Officer at our current scale (sole proprietor, < 250 employees, no large-scale processing of special-category data); the operator personally handles all privacy requests.
Legal service of process: contact legal@clearly.sh for our address on file (managed via Stripe's billing-account address record).