Privacy Policy

Last updated: 2026-05-24 · Effective: 2026-05-24

The short version

Your canvas content lives in our cloud infrastructure, encrypted at rest. Where Claude runs from your Mac daemon (the primary canvas flow), your prompts go directly to Anthropic; we never see them. Where Claude runs from our cloud worker (the FAB chat, voice, image generation), prompts pass through us. Both paths are governed by data-processing agreements. We charge for the canvas; Anthropic charges you for AI. Delete your account anytime — we erase your data within 30 days; backups within 90.

1. Who we are

Clearly is operated by Jinri Hong as a sole proprietorship based in the Commonwealth of Virginia, USA.

General contact: hi@clearly.sh. Privacy + data-protection requests: privacy@clearly.sh. DMCA + IP claims: dmca@clearly.sh. For legal service of process, write to the operator's business address on file with Stripe — request via legal@clearly.sh.

2. What we collect

Account data: email address, display name, hashed password (if email signup) OR Google profile (if SSO). Stored in Firebase Authentication.

Canvas content: the blocks you create (text, images, brand assets, comments) live in our cloud databases (SQLite) and object storage, both with AES-256 encryption at rest. We do not read your canvas content for analytics or training.

Subscription data: tier, trial status, Stripe customer ID. Card numbers go directly to Stripe — we never see them.

Usage telemetry: page views and product events. See §8 for current and planned analytics providers.

Mac daemon (if installed): local-only state in ~/.clearly/ and ~/.beehaven/. Your Claude API key is stored in macOS Keychain. The daemon sends canvas-block operations to our worker — never the Claude prompts themselves (those go directly from the daemon to Anthropic).

3. AI prompts — what we DO and DON'T see

Critical distinction. Clearly has multiple AI surfaces with different data flows:

Canvas Send (primary flow) — we do NOT see your prompts. When you hit Send on the canvas with the Mac app installed, your daemon talks directly to Anthropic using your subscription. Block content and your prompt text NEVER pass through our servers.

Floating terminal — we do NOT see your prompts. Same daemon-direct path as canvas Send.

Cloud FAB chat (the floating chat panel) — prompts DO pass through us. The FAB uses OpenRouter via our worker, so we see request bodies in transit. We do not store them after the request completes; logs are deleted within 7 days.

Voice agent (if enabled) — voice frames pass through us. Audio streams via Gemini Live API through our worker. Transcripts are stored on YOUR canvas where you can delete them; the voice stream itself is not retained.

Image generation — prompts DO pass through us. Vertex AI image generation runs from our worker. Prompts + generated images live in your cloud storage; we don't use them for training.

To use only the no-prompt-visibility paths, work via canvas Send + the floating terminal. Avoid the FAB chat and image generation if you need zero-trust prompt isolation from Clearly.

4. What we DON'T collect

  • Your Anthropic subscription billing (paid directly to Anthropic)
  • Your computer's filesystem content beyond what you explicitly drag into a canvas
  • Camera footage; webcam frames; biometric data
  • Browsing history outside Clearly's surfaces
  • Cross-site tracking — no Facebook Pixel, no Google Ads pixel, no LinkedIn Insight Tag
  • Voice/microphone data outside voice-agent sessions you explicitly start

5. How we use your data

To run the product: show you your canvases, share canvases with collaborators when you opt in, deliver Claude-generated blocks back to your canvas.

To bill you (paid tiers): we send your subscription tier + customer ID to Stripe. Stripe handles all card processing.

To support you: if you email us, we read the email. If we need to look at your canvas to debug, we ask first.

To improve the product: aggregate, anonymized usage patterns. Never individual content.

We do NOT: sell your personal information, train AI models on your canvas content, share your canvases with marketers, or sync data to ad networks. If our position on any of these changes in the future, we will notify you 30 days in advance and give you the option to delete your account before the change takes effect.

6. Automated decision-making (GDPR Article 22)

Clearly uses Anthropic's Claude as a core feature — Claude generates code, content, designs, and recommendations based on your canvas inputs. This constitutes automated processing.

However:

  • No legal or significant effects without your explicit action. Claude produces drafts and suggestions; nothing is shipped or applied to the world without you clicking Approve, Send, or Deploy.
  • You can disable AI features. Disconnect your Claude credential in /settings → Claude. The canvas continues to work as a static workspace.
  • You can request human review. If you believe an automated decision (e.g. tier downgrade after trial expiry, account flag for abuse) has materially affected you, email privacy@clearly.sh and a human will review.

None of Clearly's automated processing currently produces legal effects on you (no employment decisions, no credit decisions, no insurance underwriting). If we ever add such features, we will require explicit consent + provide opt-out before activation.

7. Subprocessors + where your data lives

Third-party services we use to deliver Clearly. We have signed Data Processing Agreements with each. New subprocessors get 30-day advance notice via email (Pro+ tier) or banner (Free tier); you can object by deleting your account before the new subprocessor takes effect.

SubprocessorPurposeRegion(s)
Cloud infrastructureEdge compute + databases + object storage + key-value storeGlobal edge, primary in US-East
Firebase Authentication (Google)Email + Google SSO auth tokensUS, EU mirror
StripeSubscription billing, payment processingUS, EU, UK
ResendTransactional email deliveryUS (Vercel infra)
AnthropicClaude AI (your subscription; daemon-direct or worker-proxied per §3)US
Google Cloud (Vertex AI)Image generation (Imagen/Flux), optional voice (Gemini Live)US
OpenRouterCloud FAB chat completions (when used)US
Plausible Analytics (planned)Cookieless page-view countsEU
Sentry (planned)Error stack traces, no canvas contentUS, EU regional

EU/UK data transfers to US-based subprocessors are covered by the EU Standard Contractual Clauses (Commission Decision 2021/914) plus supplementary measures (encryption at rest + transit).

8. Cookies + local storage

We use cookies + localStorage for:

  • Authentication (HttpOnly, secure, session-only cookie) — keeps you signed in
  • CSRF protection (HttpOnly cookie) — anti-forgery for state-changing requests
  • UI preferences (localStorage) — theme, sidebar state, tour-seen flag, cookie consent state

No third-party tracking cookies. No advertising cookies. Our planned analytics provider (Plausible) is cookieless by design. EU/UK users see a consent banner on first visit per the ePrivacy Directive — accepting unlocks no additional tracking today, it's purely transparency.

9. Data retention

Data categoryRetention
Canvas content, brands, filesUntil you delete OR account deletion + 30 days (then erased)
Account profile, email, settingsUntil account deletion + 30 days
Backups of the abovePurged within 90 days of account deletion
Subscription + invoice records7 years (tax/legal requirement; in Stripe)
Stripe customer ID + tier (for refund/recovery)7 years (anonymized to email hash on account delete)
Cloud FAB chat request bodies7 days then deleted from logs
Error logs (Sentry, when installed)90 days
Page-view logs (Plausible, when installed)Indefinite anonymous aggregates; no per-user records
Waitlist email + invite codesUntil launch + 60 days OR until you unsubscribe
DMCA + abuse reports7 years (legal hold)

10. Your rights

Under GDPR (EU/UK), CCPA (California), and similar laws, you have the right to:

  • Access (GDPR Art 15) / Know (CCPA): download all your canvases + account data via /settings → Your data → Download my data. You get a JSON archive immediately; no waiting period.
  • Correction (GDPR Art 16): edit any account data at /settings.
  • Deletion (GDPR Art 17) / Delete (CCPA): delete your account anytime at /settings → Delete account. We erase canvas content + account data within 30 days. Backups purge within 90 days. Anonymized billing records (email hash only) retained for 7 years per tax law.
  • Portability (GDPR Art 20): same as Access — JSON export covers it.
  • Object (GDPR Art 21): to any processing you don't agree with. Email privacy@clearly.sh.
  • Restriction (GDPR Art 18): request we pause processing pending a dispute.
  • Opt-out of automated decisions (GDPR Art 22): see §6 — none of our automated processing currently has legal/significant effects, but the right applies.
  • Right to Opt-Out of Sale / Sharing (CCPA): we do NOT sell personal information or share for cross-context behavioral advertising. There is no opt-out toggle because there is nothing to opt out of.
  • Non-discrimination (CCPA): exercising any of these rights does not affect your service quality or pricing.
  • Complaint: to your local data-protection authority. EU users — your national DPA. UK users — the ICO. California users — the CPPA.

11. CCPA-specific disclosures (California residents)

In the prior 12 months, we have collected the categories of personal information listed in §2 above. We disclose this information to subprocessors (listed in §7) solely to provide the service. We have not sold or shared personal information for cross-context behavioral advertising. We do not have actual knowledge of selling or sharing the personal information of consumers under 16.

To exercise CCPA rights: privacy@clearly.sh. We respond within 45 days (with a possible 45-day extension if needed; we'll tell you why).

You may also designate an authorized agent to act on your behalf. The agent must provide written authorization + we may require you to verify identity directly.

12. Children + COPPA

Clearly is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from minors.

If we learn we have collected personal information from a child under the applicable age, we delete it within 30 days. Parents or guardians who believe a child has created an account can request immediate deletion + verification at privacy@clearly.sh — please include the email address used and the child's name.

13. Data breach notification

If we experience a personal data breach that is likely to result in a risk to your rights and freedoms (GDPR Art 33), we will:

  • Notify the relevant supervisory authority within 72 hours of awareness
  • Notify affected users without undue delay when the breach is likely to result in a high risk — via the email address on your account
  • Publish a notice at /security (and at status.clearly.sh once available) describing the nature of the breach, categories of affected data, likely consequences, and steps taken to mitigate

For potential security issues, contact security@clearly.sh. Responsible disclosure welcomed.

14. Mac daemon — special note

The Clearly Mac app runs a local daemon that handles your Claude subscription. Local-only data:

  • Anthropic API key OR Claude Pro OAuth token in macOS Keychain
  • Composition working directories at ~/.clearly/compositions/<id>/ with auto-seeded CLAUDE.md
  • Claude Code session transcripts under ~/.claude/projects/ (managed by Anthropic's CLI, not us)
  • Daemon logs in ~/.beehaven/

When you sign out / uninstall the Mac app, the "Sign out & remove local data" option erases all of the above. Your cloud canvases are unaffected (delete those separately via Settings).

15. Hive avatar (if installed)

Hive is an optional desktop avatar that reacts to Claude Code lifecycle events. All voice playback happens locally from pre-rendered MP3s shipped with the Mac app — no microphone capture, no cloud voice synthesis. Claude Code hook events and tool-name summaries stay on your machine. The daemon transmits them ONLY if you opt in to telemetry (off by default).

16. Entity transfer + acquisition

If Clearly is acquired, merged, or undergoes a corporate restructuring, your personal information may transfer to the successor entity. We will notify you via the email address on your account at least 30 days before the transfer takes effect, with information on how to delete your account if you prefer not to continue with the new entity.

17. Changes to this policy

We'll email you about meaningful changes 30 days before they take effect. Minor edits (typos, broken links, restructuring) we just publish. The "Last updated" date at the top of this page is the source of truth.

A redline of prior versions is available on request from privacy@clearly.sh.

18. Contact

Questions about privacy or your rights? Email privacy@clearly.sh. We respond within 5 business days; statutory rights requests within 30 days (GDPR) or 45 days (CCPA).

For EU/UK GDPR data-protection requests: privacy@clearly.sh. We are not required to appoint a Data Protection Officer at our current scale (sole proprietor, < 250 employees, no large-scale processing of special-category data); the operator personally handles all privacy requests.

Legal service of process: contact legal@clearly.sh for our address on file (managed via Stripe's billing-account address record).