Privacy Policy – ClarityOS

Effective Date: August 20th

Controller: Aurion Dynamics, a sole proprietorship owned and operated by Jeroen Kopczinski (“Aurion Dynamics”, “we”, “our”, “us”)

Product: ClarityOS – web-based diagnostic application

1. Introduction

This Privacy Policy explains how Aurion Dynamics processes personal and organizational information when you use ClarityOS, our web-based application for diagnosing and managing organizational clarity.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), as well as other applicable privacy laws (including CCPA/CPRA in California and UK GDPR).

By using ClarityOS, you agree to the terms of this Privacy Policy.

2. Data We Collect

We collect and process the following categories of data:

a. Account Information

  • Name, email address, and authentication details (via Clerk).
  • Organization name and role (if provided).

b. Workspace & Application Data

  • Workspace structures (strategic intents, signals, problems, decisions).
  • Free-text entries provided by you or your organization.
  • Metadata such as timestamps and user IDs.

c. AI Interaction Data

  • Content submitted for AI analysis (signals, problems, decisions).
  • Processed temporarily by OpenAI API to generate outputs.
  • Training is disabled: your data is not used by OpenAI to train models.

d. Payment Data

  • If you subscribe, payment details are processed securely by Stripe.
  • We do not store card numbers or sensitive payment data ourselves.

e. Usage & Analytics

  • Logs (via Supabase & Vercel).
  • Site analytics (Vercel Analytics, Google Analytics).
  • Device/browser information, IP address, session activity.

3. How We Use Your Data

  • Provide, maintain, and improve ClarityOS.
  • Authenticate users and manage workspaces.
  • Run AI-based analysis on organizational inputs.
  • Process payments and subscriptions.
  • Prevent fraud, abuse, or misuse.
  • Comply with legal obligations.

4. Legal Basis for Processing (GDPR)

  • Contract necessity – to deliver the ClarityOS service.
  • Consent – for optional analytics and cookies.
  • Legitimate interest – to improve functionality and security.
  • Legal obligation – to comply with applicable laws (e.g., financial reporting).

5. Data Sharing and Processors

We share data only with trusted providers necessary to operate ClarityOS:

  • Supabase (France/EU): database and storage.
  • Clerk (US/EU): authentication and user management.
  • Vercel (US/EU): application hosting.
  • Stripe (US/EU): subscription and payment processing.
  • OpenAI (US): AI model provider for analysis.

Where transfers outside the EU occur (e.g., OpenAI, Stripe, Vercel, Clerk), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).

We do not sell your data.

6. Data Retention

  • Account data – retained while your account is active.
  • Workspace data – retained until you delete your workspace or request deletion.
  • AI interaction data – stored in Supabase and sent transiently to OpenAI (not retained by OpenAI).
  • Payment records – retained as required by law (e.g., 7 years for tax compliance in NL).
  • Logs/analytics – retained for a maximum of 12 months, unless needed for security.

We may anonymize and aggregate data for statistical or research purposes.

7. Sensitive Data Disclaimer

ClarityOS is not designed for processing sensitive personal data (such as health information, political opinions, or union membership). We strongly discourage including such data in signals or workspaces. If you choose to do so, you remain the controller of that data.

8. Your Rights

Under GDPR and other privacy laws, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability.
  • Lodge a complaint with your supervisory authority (Autoriteit Persoonsgegevens in NL).

Requests can be made via: j.kopczinski@auriondynamics.com

9. Children’s Data

ClarityOS is not directed to children under 16 years of age. We do not knowingly process children’s data.

10. Security

We implement appropriate technical and organizational measures including:

  • Hosting in the EU (Supabase).
  • Encrypted data transfer (TLS).
  • Role-based access controls.

We may expand these measures (such as audit logging or enhanced monitoring) as ClarityOS develops.

11. International Users

If you access ClarityOS from outside the EU, your information may be transferred and processed in the EU and the US. We apply equivalent protection under GDPR.

12. Changes

We may update this Privacy Policy to reflect changes in law or product features. We will notify you of material changes via the app or email.

13. Contact

Aurion Dynamics (sole proprietorshop)

Owner: Jeroen Kopczinski

Cuppenpedje 10

5961 TM Horst

The Netherlands

Email: j.kopczinski@auriondynamics.com