Privacy Policy

1. Overview

Clarity Analytics ("Clarity", "we", "us", "our") is operated by Skootle LLC. We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Clarity Analytics service.

2. Information We Collect

Account Information

When you sign in with Google, we receive:

• Your name and email address
• Your Google profile ID (for authentication)

Analytics Data Access

With your authorization, we access data from Google APIs:

• Google Analytics 4: Traffic, pageviews, user metrics
• Google Search Console: Search queries, rankings, indexing status
• PageSpeed Insights: Performance scores, Core Web Vitals

Important: We do not store your raw Google data on our servers. Data is fetched in real-time when you view your dashboard and is not retained after your session.

Usage Information

We collect basic usage data to improve our service, including pages visited within Clarity, features used, and error reports. This data is anonymized and aggregated.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. We receive only transaction confirmations and subscription status from Stripe.

3. How We Use Your Information

• To provide and maintain the Clarity service
• To authenticate your account and manage your subscription
• To send you service-related communications (billing, updates, support)
• To improve our service based on aggregated usage patterns
• To respond to your support requests

4. Legal Basis for Processing

If you are located in the European Union (EU) or European Economic Area (EEA), we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Contract Performance (Article 6(1)(b))

Processing necessary to fulfill our contract with you, including account management, accessing your Google Analytics data via authorized APIs, and delivering the Clarity dashboard service.

Legitimate Interest (Article 6(1)(f))

Processing based on our legitimate interests, including aggregated service improvement, security monitoring, and fraud prevention. We balance these interests against your rights and do not use your data in ways you would not reasonably expect.

Consent (Article 6(1)(a))

Where applicable, we rely on your consent for analytics cookies. You may withdraw consent at any time by adjusting your browser settings or contacting us.

Legal Obligation (Article 6(1)(c))

Processing necessary to comply with legal obligations, including the retention of billing records for tax and accounting purposes.

5. Google API Compliance

Clarity's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request read-only access scopes necessary for the service
• We do not use your data for advertising or sell it to third parties
• We do not use your data to build user profiles for unrelated services
• You can revoke access at any time via your Google account settings

6. Our Role in Data Processing

When you connect your Google Analytics account, we act as a data processor on your behalf. You remain the data controller for your website visitor data. We process this data solely to provide the Clarity dashboard and analytics features you requested.

For your account data (subscriber information, usage data, and payment records), we act as the data controller. This means we determine the purposes and means of processing your account information in order to provide, maintain, and improve Clarity.

7. Data Sharing

We do not sell your data. We may share limited information with the following service providers:

• Stripe: For payment processing and subscription management
• Google: To access your analytics data via their APIs
• Vercel and Brevo: For hosting infrastructure and email delivery
• AI providers (Anthropic, OpenAI, Google, xAI): For generating analytics insights and recommendations using Claude, GPT, Gemini, and Grok models. We send only aggregated, anonymized analytics data (page performance metrics, traffic patterns) to generate insights for your dashboard. No personally identifiable visitor data is sent to AI providers.
• Legal requirements: If required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property

8. Data Processing Agreement

Clarity processes analytics data on your behalf as described in Section 6 above. A formal Data Processing Agreement (DPA) is available upon request for customers who require one for their own compliance obligations.

To request a DPA, contact us at [email protected].

9. Data Security

We implement industry-standard security measures including HTTPS encryption, secure authentication via OAuth 2.0, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Our servers are located in the United States. If you are accessing Clarity from the European Union, European Economic Area, or the United Kingdom, your data will be transferred to and processed in the United States.

To protect your data during these transfers, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide safeguards for international data transfers
• EU-US Data Privacy Framework: Where applicable, we rely on the EU-US Data Privacy Framework for transfers to certified US organizations

For more information about our transfer mechanisms, contact us at [email protected].

11. Data Retention

• Account information is retained while your account is active
• Google analytics data is not stored; it is fetched in real-time
• After account deletion, your data is removed within 30 days
• Aggregated, anonymized data may be retained indefinitely for service improvement

12. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Below is a complete inventory of the cookies Clarity may set:

You can disable cookies in your browser settings, but this may affect service functionality, particularly authentication.

Do Not Track

We do not currently respond to Do Not Track (DNT) browser signals, as there is no industry-standard method for honoring DNT across all platforms. We will update this policy if a standard is adopted.

13. Your Rights

All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and data
• Revoke Google API access at any time via your Google account settings
• Export your data in a portable format

EU/EEA Residents (GDPR)

If you are located in the EU or EEA, you have additional rights under the GDPR:

• Right to restrict processing of your personal data
• Right to data portability (receive your data in a structured, machine-readable format)
• Right to object to processing based on legitimate interest
• Right to withdraw consent at any time (where processing is based on consent)
• Right to lodge a complaint with your local Data Protection Authority

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected about you
• Right to know whether your personal information is sold or disclosed, and to whom (we do not sell your data)
• Right to opt out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

Virginia Residents (VCDPA)

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act:

• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to delete your personal data
• Right to obtain a portable copy of your personal data
• Right to opt out of targeted advertising and sale of personal data (we do not engage in either)

If we decline your request, you may appeal within 60 days by contacting us at the email below. If you are unsatisfied with the outcome of your appeal, you may contact the Virginia Attorney General.

Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days for GDPR requests and within 45 days for CCPA and VCDPA requests.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach
• Notify the relevant supervisory authority where required under GDPR
• Provide a description of the nature of the breach, including the categories and approximate number of individuals affected
• Describe the categories of personal data involved
• Explain the measures taken or proposed to address the breach and mitigate its effects
• Comply with Virginia breach notification requirements where applicable

15. Children's Privacy

Clarity is not intended for users under 18 years of age. We do not knowingly collect information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

16. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised. Continued use of Clarity after changes are posted constitutes your acceptance of the updated policy.

17. Contact Us

For privacy questions, data subject access requests, or concerns about this policy, contact us at:

• Privacy inquiries: [email protected]
• General support: [email protected]

Skootle LLC
Richmond, Virginia, USA