GDPR Commitment
clarife is fully committed to GDPR compliance. As a company processing data of EU residents, we implement all required technical and organizational measures to protect personal data.Your Rights Under GDPR
| Right | How clarife supports it |
|---|---|
| Right of access (Art. 15) | Export your data anytime as a ZIP file |
| Right to rectification (Art. 16) | Edit your profile and data directly |
| Right to erasure (Art. 17) | Delete your account with 30-day grace period |
| Right to data portability (Art. 20) | Data export in structured JSON format |
| Right to restriction (Art. 18) | Contact support to restrict processing |
| Right to object (Art. 21) | Contact support to object to specific processing |
| Right to withdraw consent (Art. 7) | Revoke cookie consent, disable optional features |
Data Export (Right of Access & Portability)
Data exports include all personal data, documents, screenshots, and metadata. The format is structured JSON, fulfilling the “machine-readable” requirement of Article 20.
Account Deletion (Right to Erasure)
- Request deletion from Settings > Account
- 30-day grace period allows cancellation
- After 30 days, all data is permanently erased from all systems
- Billing records retained for legal compliance (6 years per tax law)
Data Processing
| Role | Entity |
|---|---|
| Data controller | clarife (SQLIK) |
| Data processors | Supabase, Backblaze, Paddle, AWS, Google Cloud, Vercel |
Data Processing Agreement (DPA)
A DPA is available for Business plan customers upon request. Contact legal@clarife.app to receive a copy.Cookie Consent
clarife implements cookie consent:| Cookie type | Purpose | Consent required |
|---|---|---|
| Essential | Authentication, preferences | No (legitimate interest) |
| Analytics | Anonymized usage (Umami) | Yes |
Minimal Data Collection
clarife follows the principle of data minimization:- Only data necessary for the service is collected
- Analytics are privacy-friendly (Umami, no PII)
- IP addresses and device fingerprints are hashed before storage
- No data is sold or shared for marketing
Security Measures (Article 32)
| Measure | Implementation |
|---|---|
| Encryption in transit | TLS 1.2+ |
| Encryption at rest | AES-256 |
| Access control | Row Level Security, role-based permissions |
| Authentication | Bcrypt, TOTP 2FA |
| Regular testing | Internal + independent security audits |
| Incident response | Monitoring, alerting, documented procedures |
Is clarife GDPR compliant?
Is clarife GDPR compliant?
Yes. clarife implements all required technical and organizational measures, supports all data subject rights, stores data in the EU, and uses GDPR-compliant data processors.
Can I get a Data Processing Agreement (DPA)?
Can I get a Data Processing Agreement (DPA)?
Yes. DPAs are available for Business plan customers. Contact legal@clarife.app.
How long does it take to respond to a GDPR request?
How long does it take to respond to a GDPR request?
We respond to all GDPR data subject requests within 30 days, as required by the regulation.
Where can I find the privacy policy?
Where can I find the privacy policy?
The full privacy policy is available at clarife.app/privacy.