Privacy Policy
Last updated: 10 March 2026
Claire ("we", "us", "our") is a WhatsApp-based AI productivity assistant operated by Claire AI ("the Company"), based in Ireland. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.
1. Data Controller
Claire AI
Ireland
Email: privacy@heyclaire.ai
2. Data We Collect
| Data Category | Examples | Purpose |
|---|---|---|
| Account identifiers | WhatsApp phone number | Identify your account, deliver the service |
| Connected account data | Email address, calendar events, task lists, email metadata | Provide AI-assisted summaries and management |
| OAuth tokens | Google/Microsoft access and refresh tokens | Authenticate with your connected services on your behalf |
| Conversation history | Messages you send to Claire and Claire's responses | Maintain context for ongoing conversations |
| Usage metadata | Timestamps, feature usage counts, token consumption | Billing, rate limiting, service improvement |
We do NOT collect:
- Email body content beyond what is needed to fulfil your specific request
- Contacts or address books
- Location data
- Payment card details (payments are handled by our payment processor)
3. Lawful Basis for Processing (GDPR Art. 6)
| Processing Activity | Lawful Basis |
|---|---|
| Providing the Claire service | Performance of contract (Art. 6(1)(b)) |
| Sending WhatsApp messages in response to your requests | Performance of contract (Art. 6(1)(b)) |
| Proactive features (e.g., daily briefing) | Consent (Art. 6(1)(a)) — you opt in to each proactive feature |
| Usage analytics and service improvement | Legitimate interest (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Data
We use your data to:
- Deliver the service: process your WhatsApp messages, execute tool calls (read email, check calendar, manage tasks), and send responses
- Maintain conversation context: store recent conversation history so Claire can understand follow-up messages
- Connect third-party accounts: securely store OAuth tokens so Claire can access your email, calendar, and task services
- Improve the service: analyse aggregate usage patterns to improve Claire's responses and features
- Enforce usage limits: track per-user consumption for billing and fair-use enforcement
We do not use your data to:
- Train AI models
- Sell or share data with advertisers
- Profile you for marketing purposes
5. Data Storage and Security
Where your data is stored
All data is stored in Google Cloud Platform (GCP), region europe-west1 (Belgium), within the EU.
Security measures
- Encryption at rest: All Firestore data is encrypted at rest by Google Cloud
- Encryption in transit: All communications use TLS 1.2+
- Application-level encryption: OAuth tokens are additionally encrypted using Google Cloud KMS before storage
- Access control: Service accounts follow the principle of least privilege
- No credential exposure: OAuth tokens and API keys are never exposed to the AI model
6. Data Sharing and Sub-processors
We share data with the following sub-processors, solely to provide the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure (Firestore, Cloud Run, Cloud KMS) | EU (europe-west1) |
| Google Vertex AI (Gemini) | AI language model for processing your requests | EU |
| Meta (WhatsApp Business API) | Message delivery | EU/US |
| Google APIs (Gmail, Calendar, Tasks) | Access your connected Google account | Global |
| Microsoft APIs (Outlook, Calendar, To Do) | Access your connected Microsoft account | Global |
| Cloudflare | DNS management | Global |
We do not sell your personal data to any third party.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Conversation history | 90 days from last message, then automatically deleted |
| Connected account tokens | Until you disconnect the account or delete your Claire account |
| Account identifiers | Until you delete your Claire account |
| Usage metadata | 12 months |
You can request earlier deletion at any time (see Section 9).
8. International Data Transfers
Your data is primarily stored in the EU. Where sub-processors process data outside the EU (e.g., Meta, Microsoft), transfers are protected by:
- EU Standard Contractual Clauses (SCCs)
- The sub-processor's own GDPR compliance frameworks
- The EU-US Data Privacy Framework, where applicable
9. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data — ask Claire "what data do you have about me?"
- Rectification — correct inaccurate data
- Erasure ("right to be forgotten") — ask Claire "delete my data" or email privacy@heyclaire.ai
- Restrict processing — limit how we use your data
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time for consent-based processing
To exercise any of these rights, message Claire directly on WhatsApp or email privacy@heyclaire.ai. We will respond within 30 days.
You also have the right to lodge a complaint with the Data Protection Commission (Ireland): www.dataprotection.ie.
10. Children's Privacy
Claire is not intended for use by anyone under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@heyclaire.ai.
11. Cookies and Tracking
The Claire service is delivered via WhatsApp — we do not use cookies in the messaging experience. Our OAuth authentication pages and landing page may use strictly necessary cookies for session management. We do not use advertising or analytics cookies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via WhatsApp message. The "last updated" date at the top of this page reflects the most recent revision.
13. Contact Us
For any questions about this Privacy Policy or our data practices:
Email: privacy@heyclaire.ai
WhatsApp: Message Claire directly