Privacy Policy

Clario reads short snippets of your Gmail to find school, sports, and family events. We never sell your data. We never store full email message bodies. You can disconnect Gmail or delete your account at any time.

• Your email address and display name (from sign-in)
• Family member names you add (including children's first names)
• Calendar events extracted from your Gmail
• OAuth tokens for connected Gmail accounts (encrypted at rest)
• Basic usage info such as last sign-in time and last email scan time

We do not collect: full email bodies, contacts, or any Gmail content unrelated to family scheduling.

When you connect Gmail, Clario fetches recent messages and sends short snippets (subject lines and short body excerpts) to Anthropic Claude, which extracts events, dates, and locations. We store only the parsed result, never the full message. The original message stays on Google's servers.

We use the https://www.googleapis.com/auth/gmail.readonly scope. This is read-only — we cannot send, delete, or modify your emails.

We use the following service providers to operate Clario:

• Anthropic — AI parsing of email snippets. Anthropic does not retain or train on customer data submitted via their API.
• Supabase — Database, authentication, and file hosting. SOC 2 Type II certified.
• Vercel — Web application hosting and CDN.
• Google — OAuth authentication and Gmail data source.

• Account data: kept while your account is active
• Email scan logs: 90 days, then automatically deleted
• Parsed event metadata: 180 days, then automatically deleted
• OAuth tokens: deleted when you disconnect Gmail or close your account
• Account deletion: 30-day grace period, then permanent deletion

You can access, export, correct, or delete your data at any time from Settings inside the app. Email privacy@clarioaiplanner.com for requests we cannot complete in-app.

California residents (CCPA/CPRA): You have the right to know, delete, correct, and opt out of the sale of personal information. We do not sell personal information.

EU/UK residents (GDPR): You have the rights to access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is your consent and contract performance.

Clario is intended for adults managing family schedules. We store only the first names of children, supplied by a parent or guardian, for the purpose of organizing the family calendar. We do not knowingly collect any other information from or about children under 13.

TODO: COPPA compliance language to be reviewed by counsel before launch.

OAuth tokens are encrypted with AES-256-GCM before being stored. All traffic uses TLS 1.2 or higher. Database access is restricted by row-level security policies. Read more on our Security page.

If we make material changes, we will notify connected users by email at least 14 days before the changes take effect.

Privacy questions: privacy@clarioaiplanner.com
Security concerns: security@clarioaiplanner.com
General support: support@clarioaiplanner.com

TODO: Once LLC is formed, add registered business name and mailing address.