Privacy Policy
Last updated: July 5, 2026
1. Introduction
Clorefy ("we," "us," or "our") is a global AI-powered document generation platform, used by businesses in India, the United States, the United Kingdom, the European Union, Canada, Australia, Singapore, the UAE, and many other countries. This Privacy Policy applies to all users of clorefy.com worldwide and explains how we collect, use, disclose, and safeguard your information. Section 11 sets out additional rights that apply if you are located in specific regions, such as the EEA/UK, California, or India.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, password when you create an account
- Business Profile: Business name, type, address, tax IDs, contact details collected during onboarding
- Document Content: Information you provide in prompts and the documents generated therefrom
- Payment Information: Billing details processed securely through Razorpay (we do not store card details)
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, document types generated, session duration
- Device Information: Browser type, operating system, IP address
- Cookies: Authentication tokens and session management cookies
3. How We Use Your Information
- To provide and maintain the Service, including AI document generation
- To personalize your experience and pre-fill business details in documents
- To process payments and manage subscriptions
- To communicate with you about your account, updates, and support
- To improve our AI models and Service quality (using anonymized, aggregated data only)
- To detect and prevent fraud, abuse, and security threats
- To comply with legal obligations
4. Data Storage and Security
Your data is stored securely on Supabase (PostgreSQL) with the following protections:
- Row Level Security (RLS) ensuring users can only access their own data
- Encrypted data transmission (TLS/SSL)
- Server-side JWT validation for all API requests
- Rate limiting to prevent abuse
- Regular security audits
5. Data Sharing
We do not sell or share your personal information for cross-context behavioral advertising. We may share data with:
- Payment Processors: Razorpay for processing payments (subject to their privacy policy)
- AI Service Providers: We generate documents using the DeepSeek and Kimi (Moonshot AI) foundation models, accessed through Amazon Web Services' Amazon Bedrock service. Per AWS's published policy, Amazon Bedrock does not share your prompts or outputs with the underlying model providers and does not use them to train or improve any foundation model.
- Infrastructure Providers: Supabase for database hosting, Amazon Web Services (Amazon Bedrock) for AI model hosting, and Cloudflare for hosting and content delivery
- Legal Requirements: When required by law, court order, or government request
6. Your Rights
Wherever you are located, you have the right to:
- Access: Request a summary and copy of the personal data we hold about you
- Correction: Update or correct inaccurate or incomplete information via your profile settings
- Deletion: Request deletion of your account and associated data
- Export: Download your documents in PDF, DOCX, or image format
- Withdraw Consent: Withdraw your consent to data processing at any time — this is as easy as giving it
To exercise these rights, contact us at info@clorefy.com. We respond to verified requests within the timelines required by applicable law. If you are in the EEA/UK, California, or India, Section 11 describes additional rights specific to your region.
7. Cookies
We use essential cookies for authentication and session management. These are necessary for the Service to function and cannot be disabled. We do not use third-party tracking or advertising cookies.
8. Data Retention
We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for analytics.
9. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.
10. International Data Transfers
Clorefy serves users globally, and your data may be processed in servers located outside your country of residence, including in the United States (where our AI and cloud infrastructure providers operate). Where required, we rely on appropriate safeguards for such transfers, such as Standard Contractual Clauses for transfers from the EEA/UK.
11. Region-Specific Rights
The rights below are in addition to, not instead of, the global rights described in Section 6.
11.1 European Economic Area & United Kingdom (GDPR / UK GDPR)
If you are located in the EEA or UK, Clorefy is the data controller of your personal data. We process your data on the following legal bases: your consent (e.g., at sign-up), performance of a contract (providing the Service you signed up for), and our legitimate interests (e.g., security and fraud prevention). In addition to Section 6, you have the right to restrict or object to certain processing and the right to data portability. You may lodge a complaint with your local data protection supervisory authority at any time.
11.2 California, USA (CCPA/CPRA)
If you are a California resident, in addition to Section 6 you have the right to know the categories of personal information we collect and disclose, and the right to non-discrimination for exercising your privacy rights. We do not sell or share personal information as defined under the CCPA/CPRA, so no opt-out is required.
11.3 India (Digital Personal Data Protection Act, 2023)
If you are located in India, Clorefy acts as the Data Fiduciary and you are the Data Principal under the DPDP Act, 2023. We process your personal data based on the consent you give at sign-up (a clear affirmative action) or, where applicable, for legitimate uses permitted under the Act. You may withdraw consent at any time — it is as easy as giving it — by deleting your account or contacting our Grievance Officer below; this does not affect the lawfulness of processing carried out before withdrawal.
Grievance Officer: Email info@clorefy.com. We will acknowledge and respond to your grievance within the period prescribed under the DPDP Act and its Rules. If unresolved, you may lodge a complaint with the Data Protection Board of India.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service.
13. Contact
For privacy-related inquiries, contact us at info@clorefy.com or visit our Contact page.