Legal

Privacy Policy

How Clareefai collects, uses, stores, and protects your information — including data obtained from Google and Microsoft when you connect an email account to send messages on your behalf.

Effective date: May 7, 2026

1. Introduction

Clareefai (“Clareefai”, “we”, “us”, or “our”) operates a referral, testimonial, survey, and rewards platform that helps vendors build relationships with their promoters and prospects. This Privacy Policy describes the information we collect when you use our application, why we collect it, how we use and share it, and the choices you have. By using Clareefai you agree to the practices described here.

2. Information We Collect

We collect the following categories of information:

  • Account information. Name, email address, company name, role, and authentication identifiers (Firebase UID).
  • Workspace content you create. Promoters, prospects, meetings, surveys, testimonials, referrals, rewards, use cases, and related notes you enter into the product.
  • Email integration data. When you connect a Google, Microsoft, or SMTP email account, we receive the connected email address, an OAuth refresh token (or SMTP credentials), and the categories of outbound mail you authorize us to send.
  • Usage and technical data. Log data, device and browser information, IP address, and error reports used to diagnose problems and improve the service.
  • Third-party integration data. If you choose to connect a CRM, video-meeting, or similar third-party service, we receive the data needed to perform the integration (e.g. contacts you choose to import, meeting metadata).

3. Google User Data and Gmail API

When you choose to send platform emails from your own Gmail address, Clareefai uses Google OAuth 2.0 to request your permission. We request the following scopes:

  • https://www.googleapis.com/auth/gmail.send — to send email on your behalf from your Gmail account.
  • openid email profile — to identify the connected account and display your email address in the application.

How we use Google user data. We use thegmail.sendscope solely to deliver email messages that you explicitly authorize the platform to send on your behalf — for example, promoter invitations, prospect invitations, survey invitations, referral invitations, testimonial notifications, reward notifications, meeting notifications, action reminders, and team invitations. You can enable or disable each category at any time from Settings → Email Integration.

What we do not do. We do not read your inbox, search your messages, or access any mail in your account. We do not use thegmail.readonly,gmail.modify, or any other Gmail scope beyondgmail.send.

Storage. We store the OAuth refresh token issued by Google so that the platform can send messages on your behalf without re-prompting you. Tokens are stored encrypted at rest in our database and are only accessible to the backend service that performs the send.

Limited Use compliance. Clareefai’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, do not use it for advertising, and do not allow humans to read it except (a) with your explicit consent, (b) for security purposes (e.g. investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.

4. Microsoft User Data

If you connect a Microsoft 365 / Outlook account, we request theMail.SendandUser.Readscopes (along withopenid email profile offline_access). The handling of Microsoft data mirrors our handling of Google data: we only send messages you have authorized, we do not read your inbox, and tokens are stored encrypted at rest.

5. How We Use Information

  • To provide, maintain, and operate the Clareefai platform.
  • To send the transactional messages you have explicitly enabled (invitations, notifications, reminders, survey requests, etc.) from your connected mail account.
  • To authenticate you and secure your account.
  • To diagnose problems, monitor reliability, and improve product features (using aggregated logs and error reports).
  • To comply with legal obligations and enforce our Terms of Service.

6. How We Share Information

We do not sell personal information. We share information only as described below:

  • Service providers (subprocessors). Infrastructure and tooling providers that process data on our behalf, in categories such as cloud hosting and file storage, managed database, authentication and real-time messaging, error monitoring, and rewards payout. Each provider is bound by contractual confidentiality and security obligations. We can provide the current list of subprocessors on request to support@clareefai.com.
  • Recipients you choose. When you send an invitation, survey, or notification, the recipient receives the email content you generated.
  • Legal requirements. When required by law, regulation, valid legal process, or to protect the rights, property, or safety of Clareefai, our users, or others.
  • Business transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.

7. Data Storage and Security

Application data and files are hosted with reputable cloud providers under industry-standard security commitments. OAuth refresh tokens and SMTP credentials are encrypted at rest. All traffic between your browser and our backend is protected by TLS. Access to production systems is restricted to authorized personnel and protected by strong authentication.

8. Data Retention

We retain your account and workspace data for as long as your account is active. When you disconnect an email integration, the associated OAuth refresh token (or SMTP credentials) is deleted from our systems. When you delete your account, we delete or anonymize the associated personal data within a reasonable period, except where retention is required to comply with legal obligations, resolve disputes, or enforce our agreements.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise most of these rights directly in the application (editing your profile, exporting data, deleting your account) or by contacting us at support@clareefai.com.

10. Revoking Access

You can disconnect Clareefai from your Google or Microsoft account at any time:

11. Children’s Privacy

Clareefai is a business tool not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, where appropriate, notify you through the application or by email.

13. Contact Us

Questions, requests, or complaints about this Privacy Policy or our data practices can be sent to support@clareefai.com.