Clarita Technology Inc. (“Clarita,” “we,” “us,” or “our”) is committed to protecting the privacy and security of the personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our website at clarita.app, use our cloud-based certificate of insurance management platform (the “Service”), or otherwise interact with us.
Clarita is a Quebec-based company and is subject to Canadian federal and provincial privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec’s Act respecting the protection of personal information in the private sector (Quebec Privacy Act, as amended by Law 25). We also comply with applicable U.S. state privacy laws when processing the personal information of U.S. residents.
Data Protection Officer
Nicholas Martin
Email: privacy@clarita.app
Clarita Technology Inc., 342 Penn, Beaconsfield, QC H9W 1B6, Canada
This Privacy Policy applies to personal information we collect from or about:
When our customers (“Customers”) use the Service to upload, store, or process certificates of insurance and related documents, those documents may contain personal information about third parties (such as named insureds, brokers, and agents). In these circumstances, the Customer is the data controller (or equivalent under applicable law), and Clarita processes such personal information on the Customer’s behalf as a data processor (or service provider). Our processing of such personal information is governed by our Data Processing Agreement with the applicable Customer. If you are a Data Subject whose information has been processed through the Service by a Clarita Customer, please direct any privacy inquiries to that Customer in the first instance.
This Privacy Policy does not apply to: (a) information collected by third-party websites, services, or platforms linked from or integrated with the Service; (b) the practices of our Customers with respect to the personal information they process through the Service; or (c) employment-related information of Clarita employees, which is governed by separate internal policies.
| Category | Examples | When Collected |
|---|---|---|
| Account Information | Name, email address, job title, company name, phone number, billing address | Account creation, subscription, profile updates |
| Payment Information | Credit card number, billing address, tax identifiers | Subscription purchase or renewal (processed by our third-party payment processor) |
| Customer Data | Certificates of insurance, policy documents, and related attachments uploaded to the Service | Use of the Service |
| Communications | Messages, support requests, feedback, survey responses | Customer support, sales inquiries, feedback submissions |
| Category | Examples | How Collected |
|---|---|---|
| Device and Browser Information | IP address, browser type and version, operating system, device identifiers, screen resolution | Automatically via server logs and analytics tools |
| Usage Data | Pages visited, features used, clickstream data, session duration, time stamps, referring URLs | Automatically via analytics and product telemetry |
| Location Data | Approximate geographic location derived from IP address | Automatically via server logs |
We may receive personal information about you from third-party sources, including: (a) identity verification and fraud prevention services; (b) business intelligence providers for sales and marketing purposes; (c) third-party integrations you choose to connect through the Service; and (d) publicly available sources. We will use such information in accordance with this Privacy Policy and the applicable legal basis for processing.
We use personal information for the following purposes:
| Purpose | Description |
|---|---|
| Providing the Service | Creating and managing your account, processing and storing Customer Data, enabling platform features, facilitating integrations, and delivering the core functionality of the Service. |
| Billing and Payments | Processing subscription payments, issuing invoices, managing billing inquiries, and enforcing payment terms. |
| Customer Support | Responding to support requests, troubleshooting issues, and providing technical assistance. |
| Product Improvement | Analyzing usage patterns, conducting product research, improving Service functionality, and developing new features. |
| Communications | Sending transactional messages (account confirmations, security alerts, service notifications), and, where you have consented or where permitted by law, marketing communications about our products and services. |
| Security and Fraud Prevention | Detecting, preventing, and responding to security incidents, fraud, abuse, and violations of our Terms of Service. |
| Legal Compliance | Complying with applicable laws, regulations, legal processes, and governmental requests. |
| Analytics and Aggregation | Generating aggregated, de-identified data for benchmarking, analytics, and business intelligence purposes that does not identify any individual. |
We process personal information based on the following legal grounds, as applicable under Canadian, Quebec, and other applicable privacy legislation:
| Legal Basis | When It Applies |
|---|---|
| Consent | Where you have provided express or implied consent, such as for marketing communications or optional data collection. You may withdraw consent at any time, subject to legal or contractual restrictions, by contacting us at privacy@clarita.app. |
| Contractual Necessity | Where processing is necessary to perform our contract with you, including providing the Service, managing your account, and processing payments. |
| Legitimate Interest | Where processing is necessary for our legitimate business interests, such as product improvement, security, fraud prevention, and analytics, provided these interests are not overridden by your privacy rights. We conduct a balancing assessment to ensure fairness. |
| Legal Obligation | Where processing is necessary to comply with applicable laws, regulations, court orders, or governmental requests. |
We do not sell personal information. We share personal information only in the following circumstances:
We engage third-party service providers to assist in operating the Service, including cloud hosting, payment processing, analytics, customer support tools, and email delivery. These providers are contractually obligated to process personal information solely on our behalf and in accordance with our instructions, and are bound by confidentiality and data protection obligations at least as protective as those set forth in this Privacy Policy. A list of our current sub-processors is available at clarita.app/sub-processors.
In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information may be transferred to the acquiring entity or successor. We will provide notice of any such transfer and any choices you may have regarding your personal information.
We may disclose personal information where we reasonably believe disclosure is necessary to: (a) comply with applicable law, regulation, or legal process; (b) respond to lawful requests from public authorities, including law enforcement or national security requirements; (c) protect the rights, property, or safety of Clarita, our Users, or the public; or (d) enforce our Terms of Service or other agreements.
We may share personal information with third parties where you have provided your explicit consent to such sharing.
We may share aggregated, anonymized, or de-identified data that does not identify any individual with third parties for analytics, research, benchmarking, or marketing purposes. Such data is not considered personal information under applicable privacy legislation.
Clarita is headquartered in Quebec, Canada. Our Service infrastructure, sub-processors, and service providers may be located in Canada, the United States, and other jurisdictions. As a result, personal information may be processed and stored in countries outside of your jurisdiction of residence.
When transferring personal information across borders, we implement appropriate safeguards to ensure that your personal information receives a level of protection consistent with applicable privacy legislation, including:
Under Quebec’s privacy legislation, before transferring personal information outside Quebec, we conduct a privacy impact assessment to evaluate whether the receiving jurisdiction provides adequate protection for personal information. Details of our cross-border transfer practices and impact assessments are available upon request by contacting privacy@clarita.app.
For U.S.-based Users, personal information may be processed in Canada. Canada has been recognized by various jurisdictions as providing an adequate level of data protection.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements.
| Category | Retention Period |
|---|---|
| Account Information | Duration of the account relationship plus three (3) years, or as required by law. |
| Customer Data | Duration of the subscription. Upon termination, Customer Data is available for export for thirty (30) days, after which it is deleted in accordance with our Terms of Service. |
| Payment Information | As required for tax, audit, and legal compliance (typically seven (7) years). Note: full payment card details are processed and stored by our third-party payment processor and are not stored on Clarita systems. |
| Usage and Analytics Data | Up to twenty-four (24) months in identifiable form, after which it is aggregated or deleted. |
| Communications and Support Records | Three (3) years from the date of the last interaction, or as required for legal purposes. |
| Marketing Preferences | Until you withdraw consent or unsubscribe, plus a suppression record to honor your opt-out preference. |
When personal information is no longer required, we securely delete or de-identify it using commercially reasonable methods. Backup copies may persist for a limited period in accordance with our backup retention schedule but will not be actively processed.
We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, destruction, or loss. Our security program includes:
While we take reasonable precautions to protect personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access resulting from circumstances beyond our reasonable control.
Depending on your jurisdiction of residence, you may have the following rights with respect to your personal information:
| Right | Description |
|---|---|
| Access | You may request access to the personal information we hold about you, including information about the categories of personal information collected, the purposes of processing, and any third parties to whom it has been disclosed. |
| Rectification | You may request correction of inaccurate or incomplete personal information. |
| Deletion | You may request deletion of your personal information, subject to legal retention requirements and legitimate business needs. |
| Withdrawal of Consent | Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal. |
| Portability | Under Quebec’s privacy legislation, you may request a copy of your personal information in a structured, commonly used, and technological format, or request its transfer to another organization where technically feasible. |
| De-indexing | Under Quebec’s privacy legislation, you may request that we cease disseminating your personal information or de-index any hyperlink associated with your name where dissemination contravenes the law or a court order. |
If you are a resident of a U.S. state with applicable privacy legislation (including California, Colorado, Connecticut, Virginia, and others), you may have additional rights, including:
To exercise any of your privacy rights, please contact our Data Protection Officer:
Privacy Rights Requests
Nicholas Martin, Data Protection Officer
Email: privacy@clarita.app
Clarita Technology Inc., 342 Penn, Beaconsfield, QC H9W 1B6, Canada
We will respond to your request within the timeframe required by applicable law (generally within thirty (30) days under Canadian law, or forty-five (45) days under U.S. state privacy laws, with extensions where permitted). We may need to verify your identity before processing your request. If we are unable to fulfill your request, we will provide you with a written explanation of the reasons.
If you believe we have handled your personal information in a manner that does not comply with applicable privacy legislation, you may file a complaint with us at privacy@clarita.app. You also have the right to lodge a complaint with the applicable supervisory authority, including:
We use cookies, web beacons, pixels, and similar tracking technologies on our website and within the Service. These technologies help us operate and improve the Service, analyze usage, and deliver relevant content.
| Category | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Essential for the Service to function. Cannot be disabled. | Session cookies, authentication tokens, security cookies |
| Functional | Remember your preferences and settings. | Language preference, display settings |
| Analytics | Help us understand how the Service is used and improve performance. | Google Analytics, product telemetry |
| Marketing | Used to deliver relevant advertising and measure campaign effectiveness. | Advertising pixels, conversion tracking |
When you first visit our website, we will present you with a cookie consent banner that allows you to accept or decline non-essential cookies. You can also manage your cookie preferences at any time through our cookie settings panel or through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service.
Some browsers transmit “Do Not Track” (DNT) signals. There is currently no industry standard for how online services should respond to DNT signals. We do not currently respond to DNT signals, but we honor the cookie preferences you set through our consent mechanism.
The Service is not directed at and is not intended for use by individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete such information. If you believe a child has provided us with personal information, please contact us at privacy@clarita.app.
The Service may contain links to third-party websites, services, or applications that are not owned or controlled by Clarita. This Privacy Policy does not apply to any third-party services. We encourage you to review the privacy policies of any third-party services you access through the Service. Clarita is not responsible for the privacy practices or content of any third-party services.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email or through an in-app notification at least thirty (30) days before the changes take effect and update the “Effective Date” at the top of this page.
We encourage you to periodically review this Privacy Policy. Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with any changes, you should discontinue use of the Service.
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Data Protection Officer
Nicholas Martin
Email: privacy@clarita.app
Clarita Technology Inc.
342 Penn
Beaconsfield, QC H9W 1B6
Canada
In accordance with Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25):
For individuals outside Quebec, our collection, use, and disclosure of personal information is governed by PIPEDA and any applicable provincial privacy legislation. We adhere to the ten fair information principles set out in PIPEDA, including accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.
If you are a California resident, the following supplemental disclosures apply under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or another U.S. state with applicable comprehensive privacy legislation, you may have similar rights to those described in Section 10.2. We will process your requests in accordance with the requirements of your state’s applicable law. For any questions or to exercise your rights, contact us at privacy@clarita.app.
This Privacy Policy is provided in English. A French-language version may be made available upon request. In the event of any conflict between the English and French versions, the English version shall prevail to the extent permitted by applicable law. La présente politique de confidentialité est rédigée en anglais. Une version en français peut être fournie sur demande.