Clara

Privacy Policy for Clara

Last Updated: June 17, 2025

1. Introduction

Clara ("Clara," "we," "us," or "our") is committed to protecting the privacy and confidentiality of our users, particularly given the sensitive nature of legal documents and attorney-client privileged information. This Privacy Policy explains how we collect, use, protect, and disclose information when you use our AI-powered legal document analysis service.

2. Information We Collect

2.1 Legal Documents and Content

  • Documents uploaded to our platform for analysis
  • Text extracted from uploaded documents
  • Chat conversations and queries related to document analysis
  • Insights, summaries, and annotations generated through our AI system

2.2 Account Information

  • Professional contact information (name, law firm, email address, phone number)
  • Bar admission details and professional credentials
  • Billing and payment information
  • Account preferences and settings

2.3 Technical Information

  • IP addresses and device identifiers
  • Browser type and version
  • Operating system information
  • Usage patterns and platform interactions
  • Log files and system performance data

2.4 Communication Data

  • Support ticket correspondence
  • Feedback and survey responses
  • Training session recordings (with consent)

3. How We Use Your Information

3.1 Primary Service Functions

  • Document Analysis: Process uploaded documents using our AI/ML algorithms
  • Insight Generation: Extract relevant legal insights, patterns, and summaries
  • Search and Retrieval: Enable efficient document search and information retrieval
  • Platform Optimization: Improve AI accuracy and user experience

3.2 Administrative Purposes

  • Account management and authentication
  • Billing and payment processing
  • Customer support and technical assistance
  • Legal compliance and regulatory requirements

3.3 Service Improvement

  • Platform performance optimization
  • AI model training and enhancement (using anonymized data only)
  • Feature development and testing
  • Security monitoring and threat detection

4. Attorney-Client Privilege and Confidentiality

4.1 Privilege Protection

  • We recognize that uploaded documents may contain attorney-client privileged information
  • Clara operates as a tool extension of your legal practice
  • We implement technical and administrative safeguards to maintain privilege
  • No waiver of attorney-client privilege occurs through use of our service

4.2 Confidentiality Measures

  • All uploaded documents are treated as confidential legal information
  • Access is restricted to authorized personnel on a need-to-know basis
  • We maintain detailed access logs and audit trails
  • Confidentiality obligations extend to all employees and contractors

5. Data Security and Protection

5.1 Technical Safeguards

  • Encryption: End-to-end encryption for data in transit and at rest
  • Access Controls: Multi-factor authentication and role-based permissions
  • Infrastructure: Enterprise-grade cloud infrastructure with industry-standard security practices
  • Monitoring: Continuous security monitoring and threat detection
  • Backup: Secure, encrypted backup systems with geographic redundancy

5.2 Organizational Measures

  • Regular security audits and assessments
  • Employee background checks and confidentiality agreements
  • Incident response procedures and breach notification protocols
  • Ongoing security training and awareness programs
  • Working toward SOC 2 Type II and ISO 27001 compliance certifications

6. Data Sharing and Disclosure

6.1 Limited Sharing

We do not sell, rent, or share your confidential legal documents with third parties, except:

  • Service Providers: Vetted cloud infrastructure and security providers under strict confidentiality agreements
  • Legal Requirements: When required by court order, subpoena, or applicable law
  • Consent: With your explicit written consent

6.2 Third-Party Services

  • Cloud storage and computing providers (AWS/Azure/GCP)
  • Payment processing services
  • Customer support platforms
  • Security and monitoring tools

All third-party providers are bound by confidentiality agreements and must meet our security standards.

7. Data Retention and Deletion

7.1 Retention Periods

  • Active Accounts: Documents retained for duration of subscription plus 90 days
  • Inactive Accounts: Data purged after 12 months of inactivity
  • Billing Records: Maintained per legal and tax requirements (typically 7 years)
  • Support Records: Maintained for 3 years for service continuity

7.2 Deletion Rights

  • Users may request immediate deletion of specific documents
  • Account closure triggers complete data purge within 30 days
  • Secure deletion methods ensure data cannot be recovered
  • Deletion certificates provided upon request

8. International Data Transfers

  • Data may be processed in facilities located in the United States and European Union
  • All international transfers comply with applicable data protection laws
  • Standard contractual clauses and adequacy decisions govern cross-border transfers
  • Users in the EU benefit from GDPR protections regardless of processing location

9. Your Rights and Choices

9.1 Access and Control

  • Access: Request copies of your personal information and documents
  • Correction: Update or correct inaccurate information
  • Deletion: Request removal of specific documents or account data
  • Portability: Export your documents in standard formats

9.2 Communication Preferences

  • Opt-out of marketing communications
  • Choose notification preferences
  • Control data processing for analytics (anonymized only)

10. Compliance and Certifications

  • Working toward SOC 2 Type II certification for security, availability, and confidentiality
  • Implementing ISO 27001 information security management standards
  • GDPR compliant for European users
  • CCPA compliant for California residents
  • Regular compliance audits and assessments

11. Incident Response and Breach Notification

In the event of a data security incident:

  • Immediate containment and investigation procedures
  • Notification to affected users within 72 hours
  • Coordination with relevant regulatory authorities
  • Detailed incident reports and remediation plans
  • Post-incident security enhancements

12. Children's Privacy

Clara is designed exclusively for legal professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Users will be notified of material changes via:

  • Email notification to registered users
  • Prominent notice in the Clara platform
  • 30-day advance notice for significant changes

14. Contact Information

For privacy-related inquiries, complaints, or requests:

Clara Inc.
4438 Ingraham St, San Diego, CA 92109
Email: support@claralegal.ai

15. Effective Date and Acknowledgment

This Privacy Policy is effective as of June 17, 2025. By using Clara, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

This Privacy Policy is designed to comply with applicable privacy laws including GDPR, CCPA, and professional responsibility rules governing attorney confidentiality. Users should consult with their own legal counsel regarding specific compliance requirements.