Clarity Movement Co.Sign in

Privacy Policy

Last updated: May 1, 2026

This policy is a service-specific supplement covering the Proposal Resources platform. It sits alongside Clarity’s general Privacy Policy, which describes how Clarity Movement Co. handles personal data across its products and services. Where the two overlap, this supplement governs use of the Proposal Resources platform specifically.

Data Controller

Clarity Movement Co. (“Clarity,” “we,” “us”) operates the Proposal Resources platform at this website. For questions about this policy, contact us at support@clarity.io.

Information We Collect

Account information: Email address, name, organization, and role (provided at sign-in or by your administrator).

Project content: Documents, maps, Gantt charts, project files (RFPs, budgets, reference materials) and other content you create or upload to the platform.

Exported documents: When you export a proposal as PDF or Word, we retain a copy of the generated file on our servers so administrators can later confirm what was produced. When you export to Google Drive, we retain the same Word file we generated for the upload.

Usage events: We log actions you take in the platform, including copying content, exporting documents, viewing sections, searching, and sending messages to the AI assistant. These events include timestamps and the resource you interacted with.

Chat conversations: Messages you send to the built-in AI assistant are stored to provide context and improve your experience.

AI-extracted memories: The assistant may extract contextual notes from your conversations (e.g., grant type, organization focus, writing style) to personalize future responses.

Page analytics: We collect anonymized, cookieless page-view analytics via Vercel Web Analytics, including page URL, referrer, browser type, operating system, device type, and country-level geolocation. This data is not linked to your identity.

Preferences: Theme preference (light/dark) is stored locally in your browser via localStorage.

Internal Access

Clarity Movement Co. employees may access your content to provide support, investigate issues, and improve the service. Each access is recorded in an internal audit log.

Legal Basis for Processing

We process your data under the following legal bases (GDPR Art. 6):

  • Contract performance: To provide you with access to the platform and its features.
  • Legitimate interest: To operate, secure, and improve the service, and to understand how the platform is used.

Third-Party Processors

We share data with the following service providers, who process it on our behalf:

  • Supabase— Hosting, authentication, and database (United States)
  • Google— OAuth sign-in, Google Drive export (when you initiate it), and a fallback AI chat model
  • Anthropic— Primary AI chat processing
  • OpenAI— Text embeddings for search
  • Mapbox— Map tile rendering for the site-map feature (receives map view coordinates)
  • PartyKit— Real-time collaborative editing (receives document edits while collaborators are connected)
  • Vercel— Hosting, deployment, and anonymized cookieless page-view analytics

Cookies

This site uses only strictly necessary cookies for authentication (Supabase session cookies). We do not use third-party tracking cookies or advertising cookies. Page-view analytics are collected by Vercel Web Analytics using a cookieless, privacy-friendly approach.

Data Retention

  • Account information— for the life of your account.
  • Project content(documents, maps, Gantt charts, uploaded files) — until you move it to trash. Trashed items remain recoverable for 30 days, after which they are permanently deleted.
  • Exported document copies— retained while your account is active. You may request deletion at any time.
  • Chat conversations and AI memories— until you delete the conversation. You may request deletion of additional chat history by contacting us.
  • Activity events(copies, exports, views, searches) — retained while your account is active to support troubleshooting and product improvement.
  • Administrator audit log— retained indefinitely as a security record. Entries are not user-deletable.

You may request deletion of your account and associated content at any time by contacting us.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request a portable copy of your data
  • Object to or restrict certain processing

To exercise any of these rights, email support@clarity.io.

International Data Transfers

Your data is processed and stored in the United States via Supabase. Where required by law, we rely on Standard Contractual Clauses (SCCs) to safeguard transfers of personal data outside your jurisdiction.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used. We do not sell or share your personal information as defined by the CCPA/CPRA.

Children's Privacy

This platform is not directed at children under 16. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

Contact

For any questions or concerns about this policy or your data, contact us at support@clarity.io.