Your family's data, handled with care.
Clara is the operating system your family runs on. That means you're inviting us into some of the most personal parts of your life — your inbox, calendar, and the people you love. Here's exactly how we treat that trust.
This page is maintained by the Clara team. It describes current practices and is not a certification or independent audit. For the full legal document, see our Privacy Policy. For anything not covered here, email us at privacy@clara-chief-of-staff.lovable.app.
Gmail & Calendar access
When you connect Gmail or Google Calendar, we request only the scopes we need to power Clara's features (reading messages, listing events, creating tracked to-dos). You can revoke access at any time from Settings, or directly in your Google Account. We only read messages needed to identify tasks — we do not scan your entire inbox for other purposes.
Encryption
All connections to Clara use HTTPS (TLS). Data is encrypted at rest at the platform layer, and Google OAuth refresh and access tokens are additionally encrypted at the application layer using AES-256-GCM with a server-only key before being written to the database. Tokens are stored server-side and never exposed to the browser.
Google API Services — Limited Use
Clara's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Gmail and Calendar data is used only to provide user-facing features in Clara (surfacing to-dos, showing your day). We do not use it to serve ads, sell it, transfer it to third parties for unrelated purposes, or allow humans to read it — except with your explicit consent, to comply with law, or for security/abuse investigations.
No advertising, ever
We do not sell your data. We do not share it with advertisers, data brokers, or third-party marketers. Clara is funded by subscriptions from families like yours — that is the whole business model.
Where your data lives — subprocessors
Clara runs on Lovable Cloud, backed by Supabase (Postgres storage and auth) and Cloudflare (compute and edge network). We call Google APIs for Gmail and Calendar, use a Lovable-managed AI gateway (currently routing to Google Gemini) for the daily brief, chat, and voice notes, and use Stripe for payments. That's the full list of subprocessors your data flows through.
Delete your account
You can delete your Clara account and everything associated with it at any time from Settings → Privacy → Delete account. Deletion is immediate: your profile, todos, lists, people, chat history, calendar events, email-to-do suggestions, and Google connections are erased, and your Google OAuth tokens are revoked with Google. If you'd rather email us, write to privacy@clara-chief-of-staff.lovable.app.