Privacy Policy

Last updated: May 18, 2026

Clarion AI ("we", "our", "the extension") is operated by Clarion AI. This policy explains what data the Clarion AI Chrome extension and web dashboard collect, how that data is used, and your rights regarding it.

1. What Data We Collect

• Email metadata and content: Subject lines, sender/recipient addresses, email body text, timestamps, flag status, and attachment names from your Outlook inbox. This data is synced from Outlook to our backend for analysis.
• Outlook session token: The extension reads your existing Outlook Web session token from your browser to access your mailbox on your behalf. This token is stored locally in your browser's extension storage and is never sent to any third party.
• Account information: Your email address and a password you create when signing up for the Clarion AI service.
• Usage data: Sync timestamps, processing status, and error logs to maintain service reliability.

2. How We Use Your Data

• Email analysis: Synced emails are processed by AI (Anthropic Claude) to generate prioritization insights and draft replies.
• Draft generation: AI-generated draft replies are written back to your Outlook Drafts folder for your review before sending.
• Service operation: Account data is used for authentication and to associate your emails with your account.

3. How We Store Your Data

• Email data and account information are stored in a Supabase (PostgreSQL) database with row-level security. Each user can only access their own data.
• Your Outlook session token is stored only in your browser's local extension storage. It is never transmitted to our servers.
• All data transmission uses HTTPS/WSS encryption.

4. Third-Party Services

• Supabase: Database hosting and user authentication. Supabase Privacy Policy
• Anthropic (Claude): AI processing of email content for analysis and draft generation. Anthropic Privacy Policy
• Vercel: Web dashboard hosting. Vercel Privacy Policy

We do not sell, rent, or share your personal data with any other third parties.

5. SMS / Text Messaging Communications

If you opt in to receive text messages from Clarion AI by providing your mobile number and consenting on our SMS opt-in page, we will collect and process your mobile phone number and your consent record (timestamp, IP address, and opt-in source) solely for the purpose of delivering the messages you requested — including email summaries, calendar updates, deadline reminders, and critical email notifications.

Message frequency varies, up to 10 messages per day. Message and data rates from your mobile carrier may apply. You can reply HELP at any time for assistance, or STOP to unsubscribe.

No mobile information — including phone numbers, SMS opt-in data, or consent records — will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subcontractors supporting our SMS service (such as our messaging platform provider) is permitted solely to deliver the service. Mobile opt-in data and consent are excluded from all other information-sharing categories described in this policy and will not be sold, rented, or shared with any third parties.

You may withdraw consent at any time by replying STOP to any message, or by contacting us at contact@clarion-ai.app.

6. Permissions Explained

• Host access to Outlook domains: Required to read your Outlook session token and sync emails via the Outlook Web API.
• Host access to Supabase: Required to store and retrieve your synced email data and account information.
• Alarms: Used to schedule periodic email sync (every 5 minutes).
• Storage: Used to persist your authentication session and sync state locally.

7. Data Retention

Your email data is retained in our database while your account is active. You may request deletion of your account and all associated data at any time by contacting us.

8. Your Rights

• You can stop syncing at any time by logging out of the extension or uninstalling it.
• You can request a copy of your data or request its deletion by contacting us.
• Uninstalling the extension removes all locally stored data (tokens, session, sync state).

9. Security

We use industry-standard security measures including HTTPS encryption, row-level database security, and scoped API keys. Your Outlook token never leaves your browser.

Local storage limitation: Authentication tokens and session data stored within the browser extension use Chrome's built-in extension storage, which is not independently encrypted at rest. This is a standard limitation of the Chrome Extension platform (Manifest V3). Uninstalling the extension removes all locally stored data.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date.

11. Contact

For questions or data requests, contact us at: contact@clarion-ai.app