Privacy Policy.
How ClearBot collects, uses, stores, and safeguards the data you entrust to us.
Scope & Who We Are
This Privacy Policy explains how ClearBot Systems (“ClearBot,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our websites, hosted automation services, client workspaces, and any related applications (collectively, the “Services”).
This policy applies to individuals who visit our marketing site, create an account, sign in through our authentication portal at login.clearbot.io, or interact with workflows our clients build on top of our platform. Where a business customer operates a workspace, that customer is the controller of end-user data in that workspace, and ClearBot acts as a processor under their instructions.
Information We Collect
We collect information in three ways: directly from you, automatically from your device as you use the Services, and from third parties you authorize to connect.
Information you provide
- Account data — email address, hashed password, display name, and authentication identifiers from OAuth providers (e.g., GitHub) when you choose single sign-on.
- Profile & workspace data — organization name, role, time zone, and preferences you set.
- Content — files, prompts, workflow definitions, messages, and any other material you upload or generate through the Services.
- Billing data — where paid plans apply, we receive the last four digits of the payment card, billing address, and tax ID via our payment processor; we do not store full card numbers.
- Support correspondence — emails, transcripts, and attachments you send when contacting us.
Information collected automatically
- Device & log data — IP address, browser type and version, operating system, referring URL, pages viewed, and timestamps.
- Usage data — feature interactions, click events, workflow execution metadata, error traces, and performance telemetry.
- Cookies & similar technologies — see Section 06 for details.
Information from third parties
- Integrations — data pulled from services you connect (e.g., Slack, Google Workspace, Notion, GitHub), strictly scoped to the permissions you grant.
- Identity providers — basic profile data returned by OAuth providers when you sign in.
- Analytics & fraud prevention — aggregated signals used to detect abuse and improve reliability.
How We Use Information
We process personal information to:
- Provide, operate, and maintain the Services, including authenticating sessions and running your workflows.
- Personalize your experience and remember your settings across devices.
- Process transactions, manage subscriptions, and send billing notices.
- Respond to requests, provide customer support, and troubleshoot issues.
- Send service announcements, security alerts, and (where permitted) product updates.
- Monitor performance, investigate bugs, and prevent fraud, abuse, or security incidents.
- Comply with legal obligations, enforce our Terms of Service, and protect the rights, property, and safety of ClearBot, our users, and the public.
- Improve existing features and develop new ones using aggregated, de-identified data.
We do not sell your personal information, and we do not use customer content to train foundation models without explicit, opt-in consent from the workspace administrator.
Legal Bases for Processing
For users in the European Economic Area, the United Kingdom, and other jurisdictions with similar frameworks, we rely on the following legal bases:
- Contract — to deliver the Services you or your organization has requested.
- Legitimate interests — to secure our Services, prevent fraud, improve functionality, and communicate with you, balanced against your rights.
- Consent — for optional analytics, marketing communications, and any processing that law requires consent for. You may withdraw consent at any time.
- Legal obligation — to comply with applicable law, regulation, or valid legal process.
Cookies & Tracking
We use a small set of cookies and local storage items:
- Strictly necessary — session tokens, CSRF tokens, and auth refresh cookies required for sign-in to function.
- Preferences — theme, language, and interface choices so the app remembers you.
- Analytics — aggregated usage data to understand which features help and which need work; loaded only where we have a permitted legal basis.
You can control non-essential cookies through your browser settings or any in-product cookie banner we surface. Blocking strictly necessary cookies will prevent parts of the Services from working.
Data Retention
We retain personal information for as long as your account is active or as needed to provide the Services. After account closure, we delete or anonymize personal data within 90 days, except where a longer period is required or permitted by law — for example, to resolve disputes, enforce agreements, or comply with tax, audit, or security requirements.
Backups are rotated on a fixed schedule; residual data in backups is purged during normal rotation and is not restored except for disaster recovery.
Security Practices
We take a defense-in-depth approach:
- Transport encryption via TLS 1.2+ for all network traffic.
- At-rest encryption for databases, object storage, and backups.
- PKCE-based OAuth flows and short-lived session tokens with automatic rotation.
- Least-privilege access for personnel, gated by single sign-on and MFA.
- Continuous logging, anomaly detection, and third-party penetration tests.
- A documented incident-response process with notification timelines aligned to applicable law.
No system is impenetrable, and we cannot guarantee absolute security. If we become aware of a breach that materially affects you, we will notify you without undue delay.
Your Rights & Choices
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your personal information, subject to legal retention obligations.
- Restrict or object to certain processing.
- Port your data in a structured, machine-readable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data-protection authority.
You can exercise most of these rights from within your account settings or by emailing privacy@clearbot.io. We respond within the timelines required by applicable law — typically within 30 days.
International Transfers
ClearBot is operated from, and our primary infrastructure is located in, regions that may be outside your country of residence. Where we transfer personal information across borders, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent safeguards. A copy of the relevant mechanism is available on request.
Children’s Privacy
The Services are not directed to children under 16 (or the age of digital consent in your jurisdiction, whichever is higher). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@clearbot.io and we will promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we revise the “Effective” date at the top and, for material changes, provide prominent notice (for example, by email or an in-app banner) at least 30 days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.
Contact Us
Questions, requests, or concerns? We’d rather hear from you than have you guess.