Privacy Policy

Last Updated: March 8, 2026

Effective Date: March 8, 2026

This Privacy Policy explains how Clarion ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use the Clarion mobile application ("App").

By using the App, you consent to the data practices described in this Privacy Policy.

---

1. INFORMATION WE COLLECT

1.1 Information You Provide

Account Information:

Name

Email address

Password (encrypted)

Date of birth (for age verification)

Profile photo (optional)

Health and Wellness Data:

Daily check-in responses (mood, energy, sleep quality, etc.)

Filter assessments (stress, food fog, inflammation, etc.)

Progress tracking data (clarity percentage, streaks)

Quest completion records

Journal entries and chat messages with AI

Photos uploaded for Light Up List or Sacred Stations

Loved one account information (if applicable)

Payment Information:

Payment details are processed by Apple (App Store) or Google (Play Store)

We do NOT store your credit card information

We receive transaction confirmations and subscription status

User-Generated Content:

Messages sent to Clarion AI companion

Journal entries and notes

Photos and media uploads

Feedback and support requests

1.2 Information Collected Automatically

Usage Data:

Features used and time spent in App

Quest selections and completion rates

Screen views and navigation paths

In-app purchases and subscription changes

Crash reports and error logs

Device Information:

Device type and model

Operating system version

Unique device identifiers

IP address

Language and region settings

Mobile network information

Location Data:

Approximate location based on IP address (for crisis resource localization)

We do NOT collect precise GPS location

Screen Time Data (Optional):

App usage duration by category (social media, productivity, etc.)

Used to correlate screen time with mental clarity scores

Collected only if you grant Screen Time permission in iOS Settings

You can revoke Screen Time permission at any time in iOS Settings → Screen Time → See All App & Website Activity → Clarion

Cookies and Similar Technologies:

Firebase Analytics cookies

Session identifiers

Authentication tokens

1.3 Information from Third Parties

Firebase Services:

Google Analytics for Firebase (usage analytics)

Firebase Crashlytics (error reporting)

Firebase Authentication (account management)

Firebase Cloud Firestore (data storage)

Firebase Cloud Storage (media uploads)

Social Login Providers:

If you sign in with Apple, Google, or Facebook:

- Name and email from your social account - Profile picture (if permitted)

Payment Processors:

Apple App Store or Google Play Store subscription status

Purchase confirmation and transaction IDs

---

2. HOW WE USE YOUR INFORMATION

2.1 Primary Purposes

We use your information to:

Provide the App:

Create and manage your account

Deliver personalized AI responses and quest recommendations

Track your progress and display visualizations

Save your journal entries and uploaded content

Process subscriptions and manage billing

Sync data across your devices

Improve the App:

Analyze usage patterns to enhance features

Fix bugs and technical issues

Develop new features and content

Optimize performance and user experience

Communicate with You:

Send push notifications (if enabled)

Respond to support requests

Provide important updates and announcements

Send promotional offers (with your consent)

Legal and Security:

Comply with legal obligations

Enforce our Terms of Service

Detect and prevent fraud or abuse

Protect our rights and property

Ensure user safety (e.g., crisis event logging)

2.2 AI and Personalization

We use your data to power AI features:

Chat responses from Clarion AI companion

Personalized quest recommendations based on filter assessments

Adaptive content based on your progress and preferences

Pattern analysis to provide insights (e.g., correlations between sleep and clarity)

AI Processing:

Some AI features use third-party services (OpenAI or Anthropic Claude API)

Your messages are sent to these services to generate responses

We do NOT train public AI models on your identifiable data

Anonymized data may be used to improve our own models

---

3. HOW WE SHARE YOUR INFORMATION

3.1 We DO NOT Sell Your Data

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Service Providers

We share data with trusted third-party service providers who help us operate the App:

Firebase (Google):

Purpose: Cloud hosting, database, analytics, crash reporting

Data Shared: Usage data, device info, account info, health data

OpenAI / Anthropic:

Purpose: AI chat responses

Data Shared: Chat messages, user context (anonymized where possible)

RevenueCat:

Purpose: Subscription management

Data Shared: User ID, subscription status, purchase events

Apple / Google:

Purpose: Payment processing, app distribution

Data Shared: Transaction data, device info

Facebook, Inc.:

Purpose: Social login authentication (if you sign in with Facebook)

Data Shared: Name, email, profile picture (only if you use Facebook Login)

Note: Facebook SDK is used only for authentication. We do NOT share your health or wellness data with Facebook for advertising purposes.

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose your information if required to:

Comply with legal obligations (subpoenas, court orders)

Enforce our Terms of Service

Protect the rights, property, or safety of Clarion, our users, or others

Respond to emergencies or prevent harm (e.g., crisis situations)

3.4 Business Transfers

If we merge, are acquired, or sell assets, your information may be transferred to the new owner. We will notify you before your data is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your data for other purposes with your explicit consent (e.g., sharing anonymized case studies, testimonials).

3.6 Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably identify you:

Usage statistics and trends

Research and publications

Marketing and promotional materials

---

4. DATA RETENTION

4.1 How Long We Keep Your Data

Active Accounts: We retain your data as long as your account is active

Inactive Accounts: If you do not log in for 24 months, we may delete your account after notice

Deleted Accounts: When you delete your account, we delete your data within 90 days

Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., transaction records for tax purposes)

4.2 Backups

Deleted data may remain in backups for up to 90 days

Backups are securely stored and not accessible for normal operations

---

5. DATA SECURITY

5.1 Security Measures

We implement industry-standard security measures to protect your data:

Technical Safeguards:

Encryption in transit (HTTPS/TLS)

Encryption at rest for sensitive data

Secure authentication (Firebase Auth with bcrypt password hashing)

Regular security audits and vulnerability assessments

Firewalls and intrusion detection systems

Organizational Safeguards:

Access controls (role-based permissions)

Employee training on data privacy

Confidentiality agreements with staff and contractors

Incident response procedures

5.2 Limitations

No system is 100% secure. Despite our efforts:

Unauthorized access, hacking, or data breaches may occur

You are responsible for keeping your password confidential

Notify us immediately at security@clarion.app if you suspect a breach

5.3 Your Responsibilities

To protect your account:

Use a strong, unique password

Do not share your login credentials

Log out on shared devices

Enable two-factor authentication (if available)

Keep your device software up to date

---

6. YOUR RIGHTS AND CHOICES

6.1 Access and Portability

You have the right to:

Access: Request a copy of your personal data

Export: Download your data in a portable format (JSON)

Request: Email privacy@clarion.app to request your data

6.2 Correction and Deletion

You have the right to:

Correct: Update inaccurate or incomplete data in your profile settings

Delete: Request deletion of your account and data

To delete your account: 1. Go to Profile → Settings → Delete Account, OR 2. Email support@clarion.app with your request

Note: Deletion is permanent and cannot be undone. Some data may be retained for legal compliance.

6.3 Opt-Out of Communications

You can opt out of:

Push Notifications: Disable in device settings or app settings

Marketing Emails: Click "unsubscribe" in any marketing email

Promotional Offers: Adjust preferences in app settings

You cannot opt out of essential communications (account security, service updates, legal notices).

6.4 Opt-Out of Data Sharing

Analytics: You can limit analytics by disabling "Share Usage Data" in settings (some functionality may be reduced)

AI Features: You can disable chat features, but this will significantly limit the App experience

6.5 Do Not Sell (CCPA)

We do NOT sell your personal information. California residents can confirm this by visiting clarion.app/ccpa-notice.

---

7. CHILDREN'S PRIVACY

7.1 Age Requirement

The App is NOT intended for users under 18 years old.

We do not knowingly collect data from children under 13 (or 16 in the EU). If you are under 18, you must have parental consent to use the App.

7.2 Parental Notice

If we discover we have collected data from a child under 13 without parental consent, we will delete it immediately. If you believe your child has provided us with personal information, contact us at privacy@clarion.app.

---

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Storage Location

Your data is stored on servers located in:

United States (Firebase Cloud Firestore, Google Cloud Platform)

European Union (for EU users, if available)

8.2 Cross-Border Transfers

If you are located outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate.

By using the App, you consent to the transfer of your data to countries that may have different data protection laws than your country.

8.3 EU-U.S. Data Privacy Framework

For EU users, we comply with applicable data protection laws and rely on:

Standard Contractual Clauses (SCCs)

EU-U.S. Data Privacy Framework (if applicable)

Adequacy decisions by the European Commission

---

9. REGION-SPECIFIC RIGHTS

9.1 European Union (GDPR)

If you are in the EU, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Request a copy of your data

Right to Rectification: Correct inaccurate data

Right to Erasure: Request deletion ("right to be forgotten")

Right to Restrict Processing: Limit how we use your data

Right to Data Portability: Receive your data in a portable format

Right to Object: Object to certain data processing

Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)

Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing:

Contract: To provide the App and fulfill our Terms of Service

Legitimate Interests: To improve the App, ensure security, and analyze usage

Consent: For marketing communications and optional features

Legal Obligation: To comply with laws and regulations

To exercise your rights, email privacy@clarion.app with your request.

9.2 California (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of what personal information we collect, use, and share

Right to Delete: Request deletion of your personal information

Right to Opt-Out of Sale: We do NOT sell your data, so this does not apply

Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise your rights, email privacy@clarion.app or call [INSERT TOLL-FREE NUMBER - REQUIRED FOR CCPA COMPLIANCE - example: 1-800-CLARION].

We will verify your identity before processing requests to protect your privacy.

California Shine the Light Law: We do not share personal information with third parties for their direct marketing purposes.

9.3 Other Jurisdictions

If you are in another jurisdiction with privacy laws (Australia, Canada, Brazil, etc.), you may have similar rights. Contact us at privacy@clarion.app to learn more.

---

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Technologies Used

Cookies: Small text files stored on your device

Local Storage: Data stored locally in the app

Analytics SDKs: Firebase Analytics, Crashlytics

Authentication Tokens: For secure login sessions

10.2 Purposes

Essential: Required for the App to function (authentication, session management)

Analytics: To understand usage patterns and improve the App

Performance: To monitor crashes and errors

10.3 Managing Cookies

You can control cookies through:

Device settings (clear app data)

App settings (disable analytics)

Browser settings (for web version, if available)

Note: Disabling essential cookies may prevent the App from functioning properly.

---

11. THIRD-PARTY LINKS

The App may contain links to third-party websites or services (e.g., crisis resources, befrienders.org). We are NOT responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

---

12. CHANGES TO THIS PRIVACY POLICY

12.1 Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our data practices

New features or services

Legal or regulatory requirements

12.2 Notice of Changes

We will notify you of material changes via:

In-app notification

Email to your registered address

Notice on our website (clarion.app/privacy)

Changes will be effective 30 days after notice for material changes, or immediately for non-material changes.

12.3 Continued Use

Your continued use of the App after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the App and delete your account.

---

13. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: privacy@clarion.app Support: support@clarion.app Legal: legal@clarion.app

Mailing Address: Clarion, Inc. [INSERT ACTUAL REGISTERED AGENT ADDRESS - REQUIRED BEFORE LAUNCH] [Example: 123 Main Street, Suite 456] [Wilmington, DE 19801]

⚠️ ACTION REQUIRED BEFORE LAUNCH: Replace brackets above with your actual registered business address. This is legally required for GDPR/CCPA compliance.

Data Protection Officer (EU): dpo@clarion.app

Response Time: We aim to respond to all inquiries within 30 days.

---

14. ADDITIONAL DISCLOSURES

14.1 Sensitive Information

We collect health and wellness data, which may be considered sensitive information. We implement enhanced security measures for this data and limit access to authorized personnel only.

14.2 Automated Decision-Making

We use AI and algorithms to:

Generate personalized quest recommendations

Provide chat responses

Detect crisis keywords

You have the right to:

Understand how decisions are made

Request human review of automated decisions

Object to automated decision-making

14.3 Crisis Event Logging

If our system detects crisis keywords (suicide, self-harm), we log the event to Firebase for safety monitoring. This helps us:

Improve crisis detection algorithms

Monitor for patterns requiring intervention

Comply with potential legal requirements to report imminent harm

This data is highly confidential and accessed only by authorized personnel.

14.4 HealthKit Data (iOS Only)

IMPORTANT: Clarion is NOT a HIPAA-covered entity or medical device.

If you choose to connect Apple Health (entirely optional), HealthKit data is:

Stored locally on your device via Apple HealthKit secure enclave

NEVER shared with third parties (including our AI providers)

Used only for personalized quest recommendations based on sleep, activity, and heart rate variability

Subject to Apple's HealthKit Terms: https://apple.com/legal/privacy/healthkit

You can revoke access anytime: iOS Settings → Health → Data Access & Devices → Clarion

Data collected (if you grant permission):

Heart Rate Variability (HRV) - nervous system regulation

Sleep analysis - sleep quality and duration

Activity level - steps, calories burned

Resting heart rate

How we use it:

Low HRV → Suggest nervous system regulation quests

Poor sleep → Suggest sleep hygiene quests

Low activity → Suggest movement quests

We do NOT:

Diagnose medical conditions based on HealthKit data

Provide medical advice or treatment based on health metrics

Share HealthKit data with insurance companies, employers, or advertisers

Store HealthKit data on our servers (processed locally on your device)

---

15. SUMMARY OF KEY POINTS

✅ We collect: Account info, health data, usage data, device info ✅ We use it to: Provide the App, personalize features, improve services, ensure safety ✅ We share with: Service providers (Firebase, AI providers, payment processors) ✅ We do NOT sell your data to third parties ✅ You can: Access, correct, delete, export, or opt out of certain data uses ✅ Your data is secure: Encrypted in transit and at rest, with industry-standard protections ✅ You have rights: Especially if you're in the EU (GDPR) or California (CCPA)

For full details, read the complete Privacy Policy above.

---

End of Privacy Policy