Privacy Policy
Last updated: December 19, 2025
This Privacy Policy describes how Vedin Labs AB (“we”, “us”, “our”) collects, uses, discloses, and protects personal data in connection with our services, including the website https://useclara.ai (together, the “Service”). We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
By accessing or using the Service, you agree to the terms of this Privacy Policy.
1. Data Controller
Unless otherwise stated, data collected through the Service is controlled by:
Vedin Labs AB
Email: support@useclara.ai
When we process personal data on behalf of a Customer as a data processor, the customer remains the data controller and our processing is governed by the Data Processing Addendum (DPA).
2. Personal Data We Collect
We collect personal data in two different roles:
As a Controller — when you interact with our public website, support, billing, marketing, or job application processes.
As a Processor — when a Customer uses the Service and we process personal data on their behalf (e.g., metadata from email/calendar or desktop activity).
Below is a breakdown of categories we collect.
2.1 Personal Data We Collect as Controller
We collect personal data when you voluntarily provide it, such as:
Contact information (name, email address, phone number)
Company and job title
Billing and payment information
Support inquiries and correspondence
Cookies and usage data from our website
2.2 Personal Data We Process as Processor
When our Customers connect data sources (e.g., Gmail, Outlook, calendars, desktop activity), we process:
User identifiers (names, email addresses, phone numbers)
Email metadata (sender, recipient, subject, timestamps)
Calendar metadata (event titles, start/end, attendees)
Desktop activity metadata (application name, window title, optional URL, timestamps)
Client/project/contact records created by the Customer
Summaries generated from the above data
We do not collect email bodies, attachment contents, or calendar descriptions unless a Customer explicitly configures such a connection.
3. How We Use Personal Data
3.1 As a Controller
We use personal data to:
Provide, operate, maintain, and improve the Service
Communicate with you (account, billing, support)
Respond to inquiries and requests
Send marketing communications (with consent)
Comply with legal obligations
3.2 As a Processor
We process data only to provide the Service as instructed by our Customers. This includes:
Capturing and organising activity metadata
Generating time entries and summaries
Enabling review, reporting, and export features
Processing on behalf of Customers is governed by the Data Processing Addendum.
4. Legal Bases for Processing (GDPR)
4.1 As a Controller
We rely on the following legal bases:
Performance of a contract — to fulfil our agreement with you
Consent — where you have given consent (e.g., marketing emails)
Legitimate interests — for improving our Service, analytics, fraud prevention, and internal operations
Legal obligations — to comply with laws and regulations
4.2 As a Processor
We process personal data on behalf of our Customers under the controller’s instructions and in accordance with the Data Processing Addendum. The Customer is responsible for establishing a legal basis for the processing they initiate through the Service.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website for:
Essential functionality
Performance and analytics
Preferences and personalization
You can manage your cookie preferences through your browser or device settings.
6. How We Share Personal Data
6.1 Sub-processors
We use trusted third-party service providers (“sub-processors”) to support the operation of the Service, such as providers of cloud infrastructure, authentication, analytics, monitoring, and machine learning inference.
Where Clara processes personal data on behalf of Customers as a data processor, the use of sub-processors is governed by the Data Processing Addendum, which includes an up-to-date list of approved sub-processors and further details about their role and location.
6.2 Other Disclosures
We may also share personal data:
To comply with legal obligations
To protect rights and safety
With your consent
7. International Data Transfers
We primarily process data within the European Economic Area (EEA). If personal data is transferred outside the EEA, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure compliance with applicable data protection laws.
8. Data Retention
We retain personal data only as long as necessary to:
Provide the Service
Comply with legal obligations
Resolve disputes
Enforce agreements
When retention is no longer required, we securely delete or anonymise the data.
9. Your Rights Under GDPR
If you are located in the EU, you may have the following rights:
Access your personal data
Rectify inaccurate data
Erase data (“right to be forgotten”)
Restrict or object to processing
Data portability
Withdraw consent (where applicable)
To exercise your rights, contact us at support@useclara.ai. We will respond in accordance with applicable law.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
Encryption in transit and at rest
Secure key management
Role-based access controls
Monitoring and incident response
For details about our security measures as a processor, see the Data Processing Addendum (Annex II).
11. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from persons under 16.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the Service or by other means.
13. Contact Us
If you have questions about this Privacy Policy or how we handle personal data, please contact:
Vedin Labs AB
Email: support@useclara.ai