Back to ClaryBook

Privacy Policy

Last updated: February 28, 2026

1. Introduction

ClaryBook ("we", "our", or "us") operates the ClaryBook web application and Telegram bot (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, name (optional), and password (stored as a cryptographic hash). If you link a Telegram account, we store your Telegram user ID and username.

2.2 Financial Data

We collect and store the business financial data you provide, including expenses, receipts (photos), mileage trips, hours worked, bank transaction data you import, and related metadata such as vendors, categories, amounts, dates, and descriptions.

2.3 Telegram Messages

When you interact with our Telegram bot, we process the text and images you send to extract financial data. We do not store the raw messages after processing; only the structured financial data is retained.

2.4 Usage Data

We collect standard technical information such as IP addresses, browser type, and access times for security monitoring and service improvement.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process and categorize your financial data
  • Generate reports, summaries, and tax documentation
  • Send transactional emails (verification, password reset, welcome)
  • Detect and prevent fraud, abuse, and security incidents
  • Respond to your questions and support requests

4. Third-Party Services

We use the following third-party services to operate ClaryBook:

  • Anthropic (Claude AI) — to process natural language inputs and extract structured financial data from your messages and receipt images. Data sent to Anthropic is processed per their API terms and is not used to train their models.
  • Telegram — to provide the messaging bot interface. Subject to Telegram's privacy policy.
  • Resend — to deliver transactional emails. Only your email address and message content are shared.
  • Railway — for hosting and infrastructure. Data is stored in the United States.

5. Data Storage and Security

Your data is stored in an encrypted PostgreSQL database hosted in the United States. Receipt images are stored in encrypted storage. All data transmission uses TLS/HTTPS encryption.

We implement industry-standard security measures including password hashing (bcrypt), JWT-based authentication, rate limiting, account lockout protection, and multi-tenant data isolation to ensure your data is not accessible by other users.

While we take reasonable precautions, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Financial records are retained for at least 7 years to support tax compliance requirements.

You may delete your account and export your data at any time from your account settings. Upon account deletion, your personal data and financial records will be permanently removed, subject to any legal retention requirements.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Export your data in a portable format (CSV/PDF reports)
  • Export your data as a downloadable archive (ZIP)
  • Delete your account and all associated data via self-service
  • Withdraw consent for data processing

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at privacy@clarybook.com.