Privacy Policy – ClarityOS

Effective date: 1 January 2025Last updated: 20 March 2025

Controller: Aurion Dynamics, a sole proprietorship owned and operated by Jeroen Kopczinski (“Aurion Dynamics”, “we”, “our”, “us”)

Product: ClarityOS – web-based diagnostic application and related marketing sites.

This version of the policy applies from 1 January 2025 onward. It describes how we process information when you use ClarityOS, browse our websites (including the public support form at clarityos.space/support), and interact with our services. We may update this document; the “last updated” date at the top reflects the current version.

1. Introduction

This Privacy Policy explains how Aurion Dynamics processes personal and organizational information when you use ClarityOS, our web-based application for diagnosing and managing organizational clarity.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), as well as other applicable privacy laws (including CCPA/CPRA in California and UK GDPR).

By using ClarityOS, you agree to the terms of this Privacy Policy.

2. Data We Collect

We collect and process the following categories of data:

a. Account Information

  • Name, email address, and authentication details (via Clerk).
  • Organization name and role (if provided).

b. Workspace & Application Data

  • Workspace structures (strategic intents, signals, problems, decisions).
  • Free-text entries provided by you or your organization.
  • Metadata such as timestamps and user IDs.

c. AI Interaction Data

  • Content submitted for AI analysis (signals, problems, decisions, agent conversations).
  • Processed by configured AI providers (typically OpenAI and/or Anthropic, depending on feature and environment) to generate outputs.
  • Where supported, training is disabled so your data is not used by those providers to train models for general model improvement.

d. Payment Data

  • If you subscribe, payment details are processed securely by Stripe.
  • We do not store card numbers or sensitive payment data ourselves.

e. Usage & Analytics

  • Logs (via Supabase & Vercel).
  • Site analytics (Vercel Analytics, Google Analytics).
  • Device/browser information, IP address, session activity.

f. Support & contact (public form and email)

  • If you use the public support form, we collect what you submit (e.g. name, email, topic, message, optional reference label).
  • Messages are delivered by email (Resend). We use them only to respond to your request and to improve support quality where appropriate.
  • We may use Cloudflare Turnstile on the form to reduce spam; Turnstile processes minimal technical data to verify the request. We do not use it for marketing profiling.

3. How We Use Your Data

  • Provide, maintain, and improve ClarityOS.
  • Authenticate users and manage workspaces.
  • Run AI-based analysis on organizational inputs.
  • Process payments and subscriptions.
  • Respond to support requests and feedback.
  • Prevent fraud, abuse, or misuse.
  • Comply with legal obligations.

4. Legal Basis for Processing (GDPR)

  • Contract necessity – to deliver the ClarityOS service.
  • Consent – for optional analytics and cookies.
  • Legitimate interest – to improve functionality and security, and to handle proportionate support and abuse prevention (including bot protection on public forms).
  • Legal obligation – to comply with applicable laws (e.g., financial reporting).

5. Data Sharing and Processors

We share data only with trusted providers necessary to operate ClarityOS:

  • Supabase (France/EU): database and storage.
  • Clerk (US/EU): authentication and user management.
  • Vercel (US/EU): application hosting.
  • Stripe (US/EU): subscription and payment processing.
  • OpenAI (US) and/or Anthropic (US): AI model providers for analysis and agent features, depending on configuration.
  • Resend (US/EU): transactional email (e.g. support form delivery).
  • Cloudflare (global): Turnstile verification and related security/CDN services for our sites.

Where transfers outside the EU occur (e.g. AI providers, Stripe, Vercel, Clerk, Resend, Cloudflare), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) where required.

We do not sell your data.

6. Data Retention

  • Account data – retained while your account is active.
  • Workspace data – retained until you delete your workspace or request deletion.
  • AI interaction data – stored in our systems as needed for the product; content sent to AI providers is processed transiently for inference (not used for training where that option applies).
  • Support messages – retained only as long as needed to handle your request and for ordinary business records, unless a longer period is required by law.
  • Payment records – retained as required by law (e.g., 7 years for tax compliance in NL).
  • Logs/analytics – retained for a maximum of 12 months, unless needed for security.

We may anonymize and aggregate data for statistical or research purposes.

7. Sensitive Data Disclaimer

ClarityOS is not designed for processing sensitive personal data (such as health information, political opinions, or union membership). We strongly discourage including such data in signals, workspaces, or support messages. If you choose to do so, you remain the controller of that data.

8. Your Rights

Under GDPR and other privacy laws, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Lodge a complaint with your supervisory authority (Autoriteit Persoonsgegevens in NL).

Requests can be made via: j.kopczinski@auriondynamics.com

9. Children’s Data

ClarityOS is not directed to children under 16 years of age. We do not knowingly process children’s data.

10. Security

We implement appropriate technical and organizational measures including:

  • Hosting in the EU (Supabase).
  • Encrypted data transfer (TLS).
  • Role-based access controls.

We may expand these measures (such as audit logging or enhanced monitoring) as ClarityOS develops.

11. International Users

If you access ClarityOS from outside the EU, your information may be transferred and processed in the EU and the US. We apply equivalent protection under GDPR.

12. Changes

We may update this Privacy Policy to reflect changes in law or product features. We will notify you of material changes via the app or email.

13. Contact

Aurion Dynamics (sole proprietorship)

Owner: Jeroen Kopczinski

Cuppenpedje 10

5961 TM Horst

The Netherlands

Email: j.kopczinski@auriondynamics.com

Privacy Policy – ClarityOS | ClarityOS