Privacy Policy

ClearFox is operated by Ilya Pyatin (NIF 310540844), based in Lisbon, Portugal. For any privacy-related questions, contact us at privacy@clearfox.ai.

This policy covers two contexts:

• clearfox.ai website — the marketing site you are currently on. ClearFox is the data controller.
• ClearFox product — the self-hosted AI assistant deployed on customer infrastructure. The customer is the data controller; ClearFox does not have access to any data stored in the product.

3.1 Contact / lead forms

When you submit a contact form, we collect your name, email address, company name, team size, and message. Legal basis: legitimate interest (responding to your inquiry). This data is stored in our database and may be forwarded to our CRM tools.

3.2 License purchases

When you purchase a license, we store your license key and associated email. Legal basis: performance of a contract.

3.3 Analytics cookies (opt-in only)

We use Google Analytics (Google Ireland Limited) and Contentsquare for website analytics and session replay. These services are activated only after you accept cookies via the consent banner. No tracking occurs if you decline.

Google Analytics data is processed under Google's data processing terms. Contentsquare processes data under its own DPA. Both are GDPR-compliant processors.

3.4 reCAPTCHA

Our contact form uses Google reCAPTCHA v3 to prevent spam. This sends interaction data to Google for bot detection. Legal basis: legitimate interest (preventing abuse). See Google's Privacy Policy.

ClearFox is deployed entirely on the customer's own infrastructure. All data — user accounts, chat history, integration credentials, AI conversations — stays in the customer's MongoDB database on their servers.

ClearFox as a company has no access to customer data. The customer is the data controller and is responsible for:

• User data management (creation, deletion, export)
• Chat history retention and cleanup
• Compliance with applicable data protection laws
• Configuration of AI model providers (cloud or local)

4.1 License validation

The only data transmitted to ClearFox servers is the license key — for periodic validation. No user data, business data, or personal information is included in this request.

4.2 OAuth proxy

ClearFox provides an optional OAuth proxy (oauth.clearfox.ai) that facilitates one-click connections to third-party services (Jira, Google, Notion, etc.). The proxy temporarily handles OAuth tokens during the initial handshake (up to 60 seconds), then deletes them. It never accesses business data. Customers can self-host the proxy for full control. See our Data Processing Agreement for details.

4.3 AI model providers

When using cloud AI models (Anthropic, OpenAI), conversation context is sent to the provider under the customer's own API key and their data processing terms. Customers can use local models (Ollama, vLLM) for fully air-gapped operation where no data leaves their network.

If you are located in the EU/EEA, you have the following rights regarding data collected by ClearFox on this website:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — withdraw cookie consent at any time by clearing browser storage

To exercise these rights, email privacy@clearfox.ai. We will respond within 30 days.

For data stored in the self-hosted ClearFox product, contact your company's administrator — ClearFox does not have access to that data.

Website data: Lead form submissions are retained for as long as the business relationship is active. You can request deletion at any time.

License data: Retained for the duration of the license agreement plus legal retention requirements.

Product data: Managed entirely by the customer on their infrastructure. ClearFox has no control over retention.

Lead form data may be processed by sub-processors located outside the EU/EEA (Google Analytics — US, with EU data processing terms; Contentsquare — EU). These transfers are covered by Standard Contractual Clauses (SCCs) or EU adequacy decisions where applicable.

We use HTTPS encryption for all communications. Secrets in the self-hosted product are encrypted with AES-256-GCM. See our Security page for details on the product's security architecture.

We may update this policy from time to time. Material changes will be posted on this page with an updated date.

You have the right to lodge a complaint with your local data protection authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD) — cnpd.pt.

For privacy-related questions: privacy@clearfox.ai

Ilya Pyatin, NIF 310540844

Lisbon, Portugal