Privacy Policy

1. Who we are

Clarity Stream ("we", "us") provides a multi-tenant operational intelligence platform. This Privacy Policy explains how we process personal data when you use our website and product.

2. Data we process

• Account data: email, name, organization, role.
• Authentication data: hashed passwords, session tokens, IP, user-agent.
• Tenant content: device identifiers, telemetry, configuration you submit.
• Usage data: pages viewed, feature events, error reports.
• Support communications you send us.

3. Legal bases (GDPR)

• Contract — to provide the service.
• Legitimate interest — security, fraud prevention, product analytics.
• Consent — optional marketing communications.
• Legal obligation — tax, accounting, lawful requests.

4. Roles

For tenant content uploaded by customers (telemetry, device data, user records), Clarity Stream acts as a data processor on behalf of the customer (the controller). For account and usage data, Clarity Stream acts as a controller.

5. Sub-processors

A current list of sub-processors is maintained at /legal/subprocessors.

6. International transfers

We rely on Standard Contractual Clauses (SCCs) for transfers of personal data outside the EEA/UK, supplemented with technical and organizational measures.

7. Retention

Account data is retained for the life of the account and 30 days after deletion. Tenant content retention is controlled by the customer. Audit logs are retained for at least 12 months.

8. Your rights

• Access, rectification, deletion, restriction, portability, and objection.
• Right to lodge a complaint with a supervisory authority.
• To exercise your rights, email privacy@clarity-stream.example.

9. Security

We use TLS 1.3 in transit, AES-256 at rest, row-level security, principle of least privilege, and independent security testing. See /security for details.

10. Contact

Email: privacy@clarity-stream.example