Privacy Policy

Last updated: March 5, 2026

Clarion AI ("we", "our", "the extension") is operated by Arete Collective, L.P. This policy explains what data the Clarion AI Chrome extension and web dashboard collect, how that data is used, and your rights regarding it.

1. What Data We Collect

Email metadata and content: Subject lines, sender/recipient addresses, email body text, timestamps, flag status, and attachment names from your Outlook inbox. This data is synced from Outlook to our backend for analysis.
Outlook session token: The extension reads your existing Outlook Web session token from your browser to access your mailbox on your behalf. This token is stored locally in your browser's extension storage and is never sent to any third party.
Account information: Your email address and a password you create when signing up for the Clarion AI service.
Usage data: Sync timestamps, processing status, and error logs to maintain service reliability.

2. How We Use Your Data

Email analysis: Synced emails are processed by AI (Anthropic Claude) to generate prioritization insights and draft replies.
Draft generation: AI-generated draft replies are written back to your Outlook Drafts folder for your review before sending.
Service operation: Account data is used for authentication and to associate your emails with your account.

3. How We Store Your Data

Email data and account information are stored in a Supabase (PostgreSQL) database with row-level security. Each user can only access their own data.
Your Outlook session token is stored only in your browser's local extension storage. It is never transmitted to our servers.
All data transmission uses HTTPS/WSS encryption.

4. Third-Party Services

Supabase: Database hosting and user authentication. Supabase Privacy Policy
Anthropic (Claude): AI processing of email content for analysis and draft generation. Anthropic Privacy Policy
Vercel: Web dashboard hosting. Vercel Privacy Policy

We do not sell, rent, or share your personal data with any other third parties.

5. Permissions Explained

Host access to Outlook domains: Required to read your Outlook session token and sync emails via the Outlook Web API.
Host access to Supabase: Required to store and retrieve your synced email data and account information.
Alarms: Used to schedule periodic email sync (every 5 minutes).
Storage: Used to persist your authentication session and sync state locally.

6. Data Retention

Your email data is retained in our database while your account is active. You may request deletion of your account and all associated data at any time by contacting us.

7. Your Rights

You can stop syncing at any time by logging out of the extension or uninstalling it.
You can request a copy of your data or request its deletion by contacting us.
Uninstalling the extension removes all locally stored data (tokens, session, sync state).

8. Security

We use industry-standard security measures including HTTPS encryption, row-level database security, and scoped API keys. Your Outlook token never leaves your browser.

Local storage limitation: Authentication tokens and session data stored within the browser extension use Chrome's built-in extension storage, which is not independently encrypted at rest. This is a standard limitation of the Chrome Extension platform (Manifest V3). Uninstalling the extension removes all locally stored data.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date.

10. Contact

For questions or data requests, contact us at: nate@aretecollective.com