Privacy Policy

Last updated: April 20, 2026

ClearPolicy (“we,” “our,” or “us”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, the third parties and integrations involved in providing the service, and how we protect it.

Information We Collect

We collect only the information necessary to provide the service and operate, secure, support, and improve ClearPolicy.

For account holders (organizations):

  • Name
  • Email address
  • Organization name
  • Login and account information
  • Password hash and authentication/security settings, such as email verification status and two-factor authentication status, when enabled
  • Account preferences and settings
  • Billing and subscription information, including subscription status, trial status, Stripe customer identifier, payment method type, and payment method last four digits, as provided by our billing processor
  • Social login and connected account information when you choose to use third-party sign-in or integrations, such as provider account identifier, email address, profile image, access scopes, and encrypted access or refresh tokens

For contacts (policy recipients):

  • Name
  • Email address
  • Phone number (if provided)
  • Policy and document activity, including sent, viewed, reminded, expired, acknowledged, and signed timestamps
  • Recipient message content included by the sending organization, if any

Automatically collected information:

  • IP address
  • Browser and device information
  • Access timestamps
  • Session and security-related data needed to authenticate users, maintain sessions, and protect the service
  • Usage and analytics information collected through our analytics tools, which may include page visits, navigation events, referring pages, and user or organization-level identifiers used to understand product usage

For electronic signatures and acknowledgments:

  • Typed name (for signatures, where applicable)
  • Signature or acknowledgment timestamp
  • IP address at time of signature or acknowledgment
  • Browser/user agent information at time of signature or acknowledgment
  • Document version signed
  • Activity log history associated with the request, such as viewed, reminded, expired, signed, or acknowledged events
  • A document integrity hash used to confirm the signed or acknowledged file matches the version presented at the time of completion

Document content and files

  • Documents, revisions, uploaded PDFs, editor content, exported PDFs from supported import integrations, and related file metadata
  • Source metadata for imported or synced records, such as the originating provider or external record identifier

Google Drive Integration (Optional Feature)

When you choose to connect your Google Drive account to import documents:

What Google data we collect:

  • Your Google account email address (for authentication)
  • Google Doc IDs and names of documents you explicitly select via the Google Picker
  • Google account profile information made available during sign-in, such as your name and profile image, if you choose Google sign-in
  • We do not access, scan, or collect any other files or data from your Google Drive beyond the files you explicitly authorize or select for use with the feature

How we use Google data:

  • We export the Google Docs you select as PDF files for policy management and signature collection
  • Exported PDFs are stored in our secure infrastructure and treated as policy documents
  • We only access Google Docs you explicitly choose through our document picker interface
  • Google authentication tokens are encrypted and stored securely

How Google data is shared:

  • We do not sell Google Drive data
  • We do not disclose Google Drive content to third parties except as necessary to provide the service, comply with law, or where you separately authorize an integration or API client to access your ClearPolicy data
  • Google data is used solely to provide the document import feature you requested
  • Your Google authentication can be disconnected at any time from your account settings

Google data protection:

  • All Google authentication tokens are encrypted in our database
  • Access to Google Drive is limited to read-only permissions for document export
  • We use industry-standard encryption (HTTPS/TLS) for all data transmission
  • You can revoke ClearPolicy's access to your Google Drive at any time through your Google Account settings

Google data retention:

  • Once a Google Doc is exported as a PDF, we no longer access the original Google Doc unless you later choose to reconnect or refresh the import
  • We store the Google Doc ID only to allow you to refresh the document if needed
  • If you disconnect Google Drive access, the Google Drive scope and related access needed for Drive import are removed. If you also disconnect Google sign-in entirely, associated Google authentication credentials are deleted from our systems.
  • Exported PDFs remain in your ClearPolicy account as policy documents (subject to standard data retention)
  • You can delete any document or your entire account at any time, subject to product constraints and any records retained or deleted under our standard deletion processes

Planning Center Integration (Optional Feature)

When you choose to connect your Planning Center account to sync people and lists:

What Planning Center data we collect:

  • Your Planning Center account identifier (for authentication)
  • Names, email addresses, and phone numbers of people in lists you explicitly choose to sync
  • List names you map to ClearPolicy groups
  • Access scopes and encrypted authentication tokens needed to maintain the connection

How we use Planning Center data:

  • To create and update people records in your ClearPolicy organization
  • To assign documents based on group membership
  • We only access lists you explicitly connect through integration settings

How Planning Center data is shared:

  • We do not sell Planning Center data
  • We do not disclose Planning Center-sourced data to third parties except as necessary to provide the service, comply with law, or where you separately authorize an integration or API client to access your ClearPolicy data
  • Data is used solely to provide the sync feature you requested
  • Your Planning Center connection can be disconnected at any time from Settings → Integrations

Planning Center data protection:

  • Authentication tokens are encrypted and stored securely
  • Access is limited to permissions required for authentication and, if enabled by you, people/list sync
  • All data transmission uses industry-standard encryption (HTTPS/TLS)

Planning Center data retention:

  • People synced from Planning Center remain in ClearPolicy until archived or deleted in accordance with your organization's actions and our deletion processes
  • If you disconnect Planning Center sync, sync-related access is removed. If you disconnect Planning Center entirely, associated Planning Center authentication credentials are deleted from our systems.
  • People records and attestation history are retained subject to standard data retention policy

Other third-party sign-in and integration providers

We may also support optional third-party sign-in or connected account features with providers such as Microsoft and LinkedIn. If you choose to use those features, we may collect and store your provider account identifier, email address, name, profile image, access scopes, and encrypted authentication tokens as necessary to authenticate you and maintain the connection.

API, automation, and AI-connected integrations

ClearPolicy may allow organizations to connect authorized API clients, automation platforms, and AI-enabled tools. Depending on the permissions granted, these integrations may access organization data such as people, documents, document status, and signing or acknowledgment request information. We process and disclose that data only as needed to provide the authorized integration and subject to the permissions granted by the organization.

How We Use Information

We use information to:

  • Deliver policy acknowledgment requests
  • Track acknowledgment activity
  • Send notifications and reminders
  • Maintain account security
  • Improve the service
  • Authenticate users and connected accounts
  • Provide billing, subscription management, and customer support
  • Generate receipts, reports, exports, and audit history
  • Detect, prevent, and investigate fraud, abuse, unauthorized access, and other security incidents

We do not sell personal data or use it for advertising.

Policy Content

Policies uploaded or written in ClearPolicy belong to the organization that created them. We do not review, modify, or reuse policy content for any other purpose except as necessary to store, display, process, secure, transmit, export, and support the service features you use

Email Communications

We send emails only for:

  • Account access
  • Policy acknowledgment requests
  • Notifications and reminders
  • Important service updates
  • Billing and subscription-related notices
  • Integration or security notices when action is required

Recipients can stop receiving reminder emails by contacting the organization that sent the request or by contacting us at [email protected] where applicable.

Data Sharing

We do not share, sell, or transfer personal data to third parties except:

  • When required to operate the service (email delivery, infrastructure providers, payment processing, analytics, authentication providers, and integration providers)
  • When you authorize an API client, automation, AI integration, or other connected service to access your data
  • When required by law
  • In connection with enforcing our terms, protecting rights and safety, preventing fraud or abuse, or responding to security incidents

We never sell your data to third parties for advertising, marketing, or any other commercial purpose.

Data Security

We use reasonable administrative, technical, and physical safeguards to protect your data. Access is limited to authorized systems and personnel.

Sensitive credentials and integration tokens are encrypted at rest where supported by our systems. We also use HTTPS/TLS in transit and role-based access controls within the product.

Third-Party Services

ClearPolicy uses third-party services to operate:

  • Stripe for payment processing and billing management
  • Email delivery providers for sending policy requests
  • Cloud infrastructure providers for hosting and file storage
  • Analytics services, including tools that may use cookies or user-level identifiers, to understand and improve service usage
  • Authentication and identity providers such as Google, Microsoft, LinkedIn, and Planning Center when you choose to use those connections

We also use Zapier and may provide API access , MCP access, to authorized third-party integrations and AI-enabled tools. Data accessed through these integrations is limited to what is necessary for the integration to function and is subject to the third party's own privacy policy.

These providers have their own privacy policies and security measures. All data is stored in the United States unless a service provider processes limited data in another jurisdiction on our behalf.

Data Retention

Account data: Data is retained as long as an account is active or as required to provide the service.

Document and acknowledgment records: Organizations may archive or delete certain contacts, policies, or acknowledgment-related records through the ClearPolicy interface, subject to product rules and data integrity safeguards. In some parts of the product, documents, revisions, or people with attestation history cannot be deleted through the standard interface. In other cases, organization-level deletion may permanently remove related documents, requests, attestations, files, and logs.

Google Drive integration: If you connect Google Drive, authentication tokens are retained until you disconnect the relevant Google connection or access scope. Removing only Google Drive access may revoke Drive permissions while leaving Google sign-in connected.

Planning Center integration: If you connect Planning Center, authentication tokens are retained until you disconnect the relevant Planning Center connection or access scope. Removing only sync access may revoke sync permissions while leaving the base Planning Center connection connected.

Account deletion: When you delete your ClearPolicy account or organization, associated personal data may be permanently deleted from our active systems, including documents, files, requests, attestations, activity logs, subscriptions, and access tokens, subject to the deletion workflow used and any legal or operational retention obligations that apply.

Data deletion requests: You may request deletion of your data at any time by contacting us at [email protected]. We will review the request in light of your role, the organization's instructions, our product constraints, and any legal, security, fraud-prevention, or recordkeeping obligations.

Your Rights

You may request:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of your data
  • Export of your data
  • Information about authorized third-party integrations connected to your account, where applicable

To exercise these rights, contact us at [email protected].

Contacts (policy recipients): If you received a policy acknowledgment request and have questions about your data, you may contact the organization that sent the request or reach us directly at [email protected].

In some cases, the organization that uses ClearPolicy is the party primarily responsible for responding to requests relating to recipient data it controls.

Your Responsibilities

Organizations using ClearPolicy are responsible for:

  • The content of their policies
  • How acknowledgment data is used internally
  • Compliance with applicable laws and regulations
  • Ensuring they have an appropriate legal basis, notice, and consent where required for the personal data they upload, import, sync, or collect through ClearPolicy
  • Managing the third-party integrations, API clients, and automation tools they authorize to access their ClearPolicy data

ClearPolicy does not provide legal advice.

Children’s Privacy

ClearPolicy is not intended for use by children. We do not knowingly collect personal data directly from children.

Cookies and Analytics

We use cookies and similar technologies for authentication, session management, security, user preferences, and analytics.

  • Essential cookies help keep users signed in, maintain secure sessions, and protect the service
  • Preference cookies may remember settings such as interface appearance or navigation state
  • Analytics tools may collect information about page visits, navigation, device/browser details, and user or organization-level identifiers to help us understand and improve product usage

We do not use advertising cookies, cross-site advertising trackers, or sell analytics data for advertising purposes.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: [email protected]