Privacy Policy

Last updated: December 27, 2025

1. Data Controller

The data controller for clariBI is:

• Name: Darek Černý
• IČO: 01378091
• Address: Laudova 1386/33, Řepy, 163 00 Praha 6, Czech Republic
• Email: privacy@claribi.com

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and business intelligence services.

This policy applies to all users of clariBI's website (claribi.com) and our software-as-a-service platform. We obtain your consent to process personal data during account registration.

2. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide our analytics services, manage your account, and fulfill our contractual obligations to you.
• Consent (Article 6(1)(a)): Where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, where these interests do not override your rights.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements, such as tax and accounting obligations.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Name and email address
• Company name and role
• Password (encrypted and not readable by us)
• Billing information (processed securely through Stripe)
• Profile preferences and settings

3.2 Business Data

When you use our analytics platform, you may upload or connect various types of business data, including:

• Sales and financial data
• Customer and marketing information
• Operational and performance metrics
• Any other data you choose to analyze with our platform

Important: Your business data remains your property. We do not claim ownership or sell your data to third parties.

3.3 Usage Information

We automatically collect information about how you use our service:

• Log data (IP address, browser type, access times)
• Feature usage and interaction patterns
• Performance metrics and error reports
• Device and browser information

3.4 Cookies and Tracking

We use cookies and similar technologies to:

• Keep you logged in to your account
• Remember your preferences and settings
• Analyze website usage and performance
• Provide customer support

You can control cookie settings through your browser preferences. However, disabling cookies may limit some functionality.

4. How We Use Your Information

4.1 Service Provision

We use your information to:

• Provide and maintain our analytics platform
• Process and analyze your business data as requested
• Generate insights, reports, and visualizations
• Facilitate collaboration features
• Provide customer support and technical assistance

4.2 Platform Improvement

We may use aggregated, anonymized data to:

• Improve our AI algorithms and analytics capabilities
• Develop new features and functionality
• Optimize platform performance and reliability
• Conduct research and development

4.3 Communication

We may use your contact information to:

• Send important service updates and security notices
• Respond to your support requests
• Send billing and account information
• Share relevant product updates (you can opt out)

5. Information Sharing and Disclosure

5.1 What We Don't Share

We do not sell, rent, or trade your personal information or business data to third parties for marketing purposes.

5.2 Service Providers (Sub-processors)

We share information with the following third-party service providers who help us operate our platform:

• OpenAI: AI language model provider. When you request analysis or ask questions, the data you provide is sent to OpenAI for processing. You control what data is analyzed. (USA)
• DigitalOcean: Cloud hosting and infrastructure (USA/EU)
• Stripe: Payment processing - we do not store your payment card details (USA)
• SendGrid: Transactional email delivery (USA)

All sub-processors are contractually bound through Data Processing Agreements to protect your information, process it only for specified purposes, and comply with applicable data protection laws. We will notify you of any changes to our sub-processors with at least 30 days notice.

5.3 Legal Requirements

We may disclose information if required by law or if we believe such action is necessary to:

• Comply with legal process or government requests
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Protect the security of our platform and users

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such change and ensure the new entity honors this privacy policy.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: AES-256 encryption at rest and TLS 1.3 in transit
• Access Controls: Role-based permissions and multi-factor authentication
• Infrastructure: Secure cloud hosting
• Monitoring: Security monitoring and incident response

6.2 Data Backups

We maintain secure backups of your data to prevent loss and ensure service continuity. Backups are encrypted and stored in geographically distributed locations.

6.3 Incident Response

In the unlikely event of a data breach, we will notify affected users within 72 hours and take immediate steps to secure the platform and prevent further unauthorized access.

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access and review your personal information
• Update or correct inaccurate information
• Export your data in standard formats
• Delete your account and associated data
• Opt out of marketing communications

7.2 Data Portability

You can export your data at any time through our platform or by contacting support. We provide data in common formats (CSV, JSON, Excel) for easy migration.

7.3 Account Deletion

When you delete your account, we will permanently delete your personal information and business data within 30 days, except where required to retain information for legal or regulatory purposes.

8. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Improve our services (using anonymized data only)

When you cancel your subscription, we retain your data for 30 days to allow for reactivation, then permanently delete all personal and business data.

9. International Data Transfers

We are based in the European Union. However, some of our sub-processors (OpenAI, Stripe, SendGrid) are located in the United States. When your data is transferred to these processors, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Assessment of the legal framework in the destination country
• Additional technical and organizational measures where necessary

You can request a copy of the safeguards we use by contacting us at privacy@claribi.com.

10. Children's Privacy

Our services are designed for business use and are not intended for children under 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Your Privacy Rights

11.1 GDPR (European Union)

Under the GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
• Right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ) or another EU supervisory authority

To exercise any of these rights, contact us at privacy@claribi.com. We will respond within 30 days.

11.2 CCPA (California)

California residents have rights under the CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell personal information)
• Right to non-discrimination for exercising privacy rights

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Name: Darek Černý
• Email: privacy@claribi.com
• Address: Laudova 1386/33, Řepy, 163 00 Praha 6, Czech Republic

Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů - ÚOOÚ):

• Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
• Website: www.uoou.cz

13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Czech Republic. Any disputes arising from or related to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of the Czech Republic.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Sending an email to your registered email address
• Posting a notice on our website
• Displaying a notification in our platform

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.