Who We Are

Clarissi ("we", "us", "our") provides operational automation skills for organizations. We are the data processor for operational data and the data controller for account and billing information. For questions about this policy, contact us at support@clarissi.com.

Information We Collect

Clarissi collects and stores three categories of data:

  • Integration credentials: API keys, tokens, and secrets needed to connect to your systems. Stored encrypted at rest using AES-256-GCM. Never logged or returned after intake.
  • Execution logs: the result of each automation run — whether it fired, what action was taken, and any errors. Retained for 90 days to support reporting and debugging. Source data from your systems is not stored — it is accessed at execution time and discarded.
  • Account data: account identifiers, plan information, and billing email provided during onboarding.

Data from your connected systems (such as records, transactions, or contact details) is accessed at execution time to evaluate automation conditions and is not stored persistently by Clarissi.

Customer Data

Clarissi processes limited personal data belonging to your customers (name, email address, order details) solely to execute the skills you have activated. We do not use customer data for advertising, profiling, or any purpose other than fulfilling the service you configured.

Service Operation

We access data from your connected systems solely to evaluate automation trigger conditions and execute configured actions. We do not sell, license, or share this data with third parties for their own purposes.

Third-Party Integrations

When you activate a skill that connects to a third-party service, Clarissi passes the minimum necessary data to that service to complete the action. You are responsible for reviewing the privacy policies of any third-party services you connect to Clarissi.

Analytics and Improvement

We collect aggregated, anonymized usage data (e.g., skill execution counts, error rates) to improve the reliability and performance of the platform. This data cannot be linked back to individual organizations or their customers.

Legal Obligations

We may disclose data if required by law, regulation, or valid legal process. We will notify you of such disclosures where legally permitted.

Data Retention

We retain execution logs for 90 days to support debugging and outcome reporting. Data accessed from your connected systems is not stored persistently — it is used at execution time and discarded. Connected credentials are stored encrypted and deleted immediately upon your request or upon account disconnect.

Data Deletion Requests

Clarissi responds to verified deletion and data access requests from account owners and applies retention and deletion controls as required by applicable law and contractual obligations, including:

  • Customer data deletion — deletes stored data associated with a customer record upon verified request
  • Account disconnect deletion — deletes account-scoped data within standard processing windows after account disconnect
  • Customer data access requests — provides a report of stored customer data upon request

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold. To exercise these rights, contact us at support@clarissi.com. We respond to all requests within 30 days.

Security

Clarissi encrypts all stored credentials at rest using AES-256-GCM (authenticated encryption) and transmits all data over HTTPS. One-time access tokens are stored as SHA-256 hashes — the raw token is never persisted. We perform regular security reviews and follow responsible disclosure practices.

Updates to This Policy

We may update this policy periodically. We will notify you of material changes via email or the Clarissi dashboard. This policy was last updated March 2026.