ClarisTXM — AI-Powered Transformation Execution Management

1. Information We Collect

When you create an account and use ClarisTXM, we collect the following categories of data:

Account Information

Full name
Email address
Password (stored as a cryptographic hash; we never store your plaintext password)

Project Data

Project blueprints and configuration
Source documents you upload
AI-generated artifacts
Chat messages and conversation history within projects

Usage Data

Log data (timestamps, IP addresses, browser type)
Feature usage patterns (aggregated and anonymized)

2. How We Use Your Data

We use the data we collect for the following purposes:

Provide the service: Authenticate your account, store your projects, and generate AI-powered artifacts.
Process payments: Manage subscriptions and billing through our payment processor.
Send transactional emails: Account verification, password resets, and billing notifications.
Improve the platform: Analyze aggregated usage patterns to enhance features and performance.
Ensure security: Detect and prevent unauthorized access and abuse.

3. AI Processing Disclosure

Important: When you generate artifacts in ClarisTXM, your project content (including source documents, blueprints, and chat messages) is sent to third-party AI providers for processing. Specifically, we use the OpenAI API and Anthropic API to generate transformation management artifacts.

These AI providers process your content according to their own data handling policies. However, both providers commit to not using API input data for model training. Your content is used solely to generate the requested artifacts and is not retained by these providers beyond the scope of the API request.

By using ClarisTXM and consenting during account creation, you acknowledge and agree to this processing.

4. Data Storage & Security

All user data is stored on server-side encrypted storage hosted on Render infrastructure.
Our servers and databases are located in the United States.
Data is encrypted at rest and in transit using industry-standard encryption protocols.
We implement access controls, monitoring, and regular security reviews to protect your data.

5. Data Retention

Scenario	Retention Period
Active account	Data retained for the lifetime of the account
Account deletion requested	All personal data deleted within 30 days
Billing records	Retained as required by tax and financial regulations

6. Third-Party Services

We share data with the following third-party service providers, solely for the purposes described:

Provider	Purpose	Data Shared
Stripe	Payment processing	Email, billing details
OpenAI	AI artifact generation	Project content submitted for generation
Anthropic	AI artifact generation	Project content submitted for generation
Resend	Transactional email delivery	Email address, email content

7. Your Rights (GDPR/CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Erasure

Request deletion of your personal data and account.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Restriction

Request that we limit the processing of your data.

Right to Object

Object to certain types of data processing.

8. Exercising Your Rights

You can exercise your data rights through the following methods:

Data Export: Use the Settings page to export a copy of all your data.
Account Deletion: Use the Settings page to permanently delete your account and all associated data.
Email Request: For any other data rights requests, contact us at support@claristxm.com. We will respond within 30 days.

9. Notice at Collection (CCPA/CPRA)

If you are a California resident, this section provides the required “Notice at Collection” under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

We collect the following categories of personal information at or before the point of collection:

Category	Examples	Business Purpose	Sold/Shared?
Identifiers	Name, email address, account ID	Account creation, authentication, support	No
Commercial Information	Subscription plan, payment history	Billing, subscription management	No
Internet Activity	IP address, browser type, usage logs	Security, rate limiting, audit trail	No
Professional Information	Uploaded documents, blueprints, project data	Provide AI-powered artifact generation service	No
Inferences	AI-generated artifacts from your content	Core service delivery	No

ClarisTXM does not sell or share your personal information. We do not use your data for cross-context behavioral advertising. No “Do Not Sell/Share” opt-out is required because we never sell or share data.

10. California Privacy Rights

Under the CCPA/CPRA, California residents have the following rights regarding their personal information:

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected about you.

Right to Delete

Request deletion of your personal information. Use the Delete Account feature in Settings, or email us.

Right to Correct

Request correction of inaccurate personal information. Update your profile in Settings or email us.

Right to Opt-Out of Sale/Sharing

Not applicable — ClarisTXM does not sell or share personal information.

Right to Limit Use of Sensitive PI

Not applicable — we do not collect sensitive personal information beyond account credentials.

Right to Non-Discrimination

We will not discriminate against you for exercising any of these rights.

How to submit a request: Use the data export and account deletion features in your Settings page, or email support@claristxm.com. We will verify your identity and respond within 45 days as required by law.

11. Cookies

ClarisTXM uses only essential session cookies required for the platform to function properly. These cookies are used to maintain your authenticated session and remember your preferences.

We do not use any tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in cross-site tracking or behavioral advertising.

12. Security Measures

We implement industry-standard security measures to protect your data:

Password Hashing: All passwords are hashed using PBKDF2-SHA512 with a unique salt per user. We never store plaintext passwords.
Encryption in Transit: All communications between your browser and our servers are encrypted using HTTPS/TLS.
Session Management: User sessions are managed using signed JSON Web Tokens (JWT) with expiration controls.
Infrastructure Security: Our hosting infrastructure enforces encryption at rest, network isolation, and automated security patching.

13. Policy Updates

We may update this Privacy Policy from time to time. When we do:

The updated policy will be posted on this page with a revised effective date.
For material changes that significantly affect how we handle your data, we will request your consent again via email or an in-app notification.
Continued use of the platform after non-material updates constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@claristxm.com