Privacy Notice — Claira
Last updated: 2026-06-03
Effective: 2026-06-03
1. Who we are
Claira is a productivity app published by SortedChaos LLC, a limited liability company organized in the State of New York, United States. SortedChaos LLC is the controller of personal data processed through Claira.
How to reach us:
- General privacy questions and data-subject requests: privacy@sortedchaos.ai
- Legal inquiries, takedowns, arbitration opt-out notices: legal@sortedchaos.ai
- Product support: support@sortedchaos.ai
Mailing address: SortedChaos LLC c/o Northwest Registered Agent LLC 418 Broadway, Ste N Albany, NY 12207 United States
This notice applies to the Claira mobile application and our web
properties at sortedchaos.ai and claira.sortedchaos.ai.
Where Claira is offered. Claira is currently available only in the United States. We do not direct the Service at users in the European Economic Area, the United Kingdom, Switzerland, or other regions outside the United States. If you nevertheless access the Service from outside the United States, you do so on your own initiative and your data will be processed in the United States as described below.
2. Summary (the short version)
- Claira is an adult-only (18+) productivity app.
- We collect the content you create (tasks, notes, spaces, folders, emails you forward to us, calendar events you import, files you upload, and content you share into Claira from other apps) and the minimum identifiers needed to make the app work.
- We use OpenAI and Anthropic to power Claira's AI features, including a chat assistant that can answer questions about the content in your account and search the web on your behalf. Under each provider's API terms, our API inputs are not used to train their models.
- We do not sell or share your data for advertising. We do not use third-party analytics SDKs. The app does not include any advertising tracking.
- You can delete your account and all associated content from inside the app at any time.
- You have rights over your data (access, correction, deletion, portability). See §8 for how to exercise them.
The rest of this notice explains the details.
3. What we collect and why
We group the data we process into the categories below. For each, we note what it is and why we process it.
3.1 Account identity
- What: your email address; if you sign in with Apple or Google, the identity token returned by that provider; if you sign in with email and password, the password (we never see your plaintext password — only a hash, stored by our authentication subprocessor); and your display name and avatar image shown in the app.
- Why: to authenticate you, associate your data with your account, and display your profile within the app.
- Apple Hide My Email. If you use Sign in with Apple's "Hide My
Email" feature, the email address we receive is a private relay
address ending in
@privaterelay.appleid.com, not your direct email. We use that relay address the same way we'd use any account email.
3.2 Content you create
- What: the tasks, notes, spaces, folders, uploaded files, calendar events you import from your device calendar, emails you forward to your personalized Claira address, and content you share into Claira from other apps using the iOS Share Sheet (URLs, images, PDFs, and selected text), and your conversations with the Claira chat assistant.
- Why: to provide the Claira service — storing, syncing, and organizing your content across your devices.
3.3 Content we process with AI
- What: the text of notes and emails; the text content of attachments you add to notes (images via OCR, PDFs via text extraction, webpages via fetch and text extraction); voice recordings you dictate; the messages you send to the Claira chat assistant together with any of your own content the assistant retrieves to answer them; web search queries and webpage content the assistant fetches on your behalf; facts the chat assistant remembers about you based on your conversations with it; and the outputs derived from all of the above (summaries, topics, folder suggestions, task and event suggestions, OCR'd text, task conversions, chat responses, and changes the assistant proposes to your content).
- Why: to power AI features you invoke.
- Note post-processing. Notes you save are automatically analyzed by an AI provider; Claira uses the output to assign a topic/summary to the note and propose a folder.
- Voice transcription. When you dictate, Claira sends the audio to an AI provider for transcription; the resulting text is saved as a task or a note depending on the capture context. We do not store the audio on Claira's infrastructure — only the transcribed text is retained on your account. See §5 for how our AI providers handle data.
- Image OCR. When you attach an image, Claira runs OCR on your device using Apple's Vision framework and uploads only the recognized text. The image itself is not sent to an AI provider for this step. You can tap "Extract Text" on an image attachment to send that image to an AI provider for higher-quality OCR (e.g. handwriting or low-contrast scans).
- PDF summarization. When you add a PDF, Claira extracts the text from it before sending anything to an AI provider. Only the extracted text is sent; the PDF file itself is not.
- Summarization and task conversion. When you explicitly ask Claira to summarize a note or email, or to convert one into a task, Claira sends the content to an AI provider for processing and shows you the resulting summary or task.
- Webpage-link summarization. When you save a webpage link — whether by pasting it, sharing it into Claira from another app, or asking Claira to summarize a link you have already saved — our servers fetch the page contents at the URL you provided so we can extract its text and send that text to an AI provider for summarization and for the task/event suggestions described below. That outbound fetch is a request to a third-party server and may be visible to that server (e.g., in its access logs) as a request originating from Claira's infrastructure, not from your device.
- Folder, task, and event suggestions. When you save a note, receive an email in Claira, or share content into Claira from another app, the content is sent to an AI provider for analysis. Based on the provider's output, Claira proposes a folder for it and surfaces any tasks or events mentioned in it — including the times, dates, and locations referenced within the text — so you can add them to your task list or calendar. The locations surfaced this way come from text within the content you saved; Claira does not collect device location (see §3.7). Your prior actions on these AI suggestions — accepting them, dismissing them, or letting them expire — are used to inform which suggestions you see next.
- Claira chat (conversational AI). When you ask Claira a question in chat, your message is sent to an AI provider to compose a response. To answer questions about your own content, Claira retrieves relevant excerpts from your notes, tasks, events, emails, and uploaded files and includes them in the request to the AI provider so the assistant can reason over them. Chat can also propose changes to your content (for example, creating or updating tasks, notes, events, or folders).
- Web search and webpage fetching in chat. The chat assistant can search the public web and fetch webpages on your behalf to answer your question. When that happens, the search query and any URLs the assistant decides to open are sent to an AI provider, which runs the search and fetch on its own servers (which may in turn use third-party search infrastructure) and returns the results to Claira. Third-party servers being searched or fetched may see the request as originating from that AI provider's infrastructure rather than from your device.
- Personalization across chats. To make chat more useful over time, Claira may remember a small set of facts about you based on your conversations with it (for example, preferences, recurring contexts, or details about ongoing projects). Some of these facts the assistant saves on its own as they come up in conversation; others it surfaces to you for confirmation before saving. Remembered facts are stored on your account and are included in future chat requests as context, which means they are sent to an AI provider with each new chat turn. You can remove specific remembered facts, and all remembered facts are removed when you delete your account.
- Embeddings for retrieval. To make the "retrieve from your content" step of chat work, Claira computes a numeric representation ("embedding") of your notes, tasks, events, and emails using an AI provider, and stores those embeddings on your account. Only the text being embedded is sent to the provider; the embedding itself is not shared further. Uploaded files are not routinely embedded; instead, the chat assistant reads a file's contents on demand when its answer requires it.
3.4 Device and push-notification data
- What: a device identifier used only to deliver push notifications you've requested (task reminders, new-email alerts, shared-space activity, etc.).
- Why: to deliver push notifications.
3.5 Subscription and billing data
- What: your Claira subscription state (whether you have an active subscription) and, indirectly, the platform transaction identifiers that entitle you. Claira does not receive or store any payment-card data — all purchases are processed by the platform app store (the App Store on iOS).
- Why: to grant access to paid features and enforce the free-tier limit.
3.6 Diagnostic data
- What: application error events (stack traces, app version, device model/OS), sent to our error-monitoring provider (Sentry). We scrub or hash personal identifiers before sending. We do not send your note text or email bodies.
- Why: to detect and fix bugs that affect your experience. You can opt out at Settings → Privacy → Automatic error reports in the app.
3.7 What we do not collect
- We do not collect your location (no GPS, no precise or coarse location).
- We do not access your contacts.
- We do not include advertising trackers.
- We do not use third-party analytics SDKs.
- We do not access your camera or photo library except when you explicitly pick or capture an image to attach to a note or as your avatar (your OS will ask for permission at that moment).
3.8 Health-related content
Claira is a general-purpose productivity tool. It is not designed or marketed for the collection, processing, or analysis of consumer health data, and we do not infer health, medical, fitness, biometric, or reproductive information from your content. If you choose to write notes that touch on health topics, that text is treated like any other note content under this notice — stored on your account and processed by the AI features described in §3.3 in the same way as the rest of your notes. We do not separately categorize, share, or sell health-related content. This statement is provided in part to address Washington State's My Health My Data Act and similar U.S. state laws.
4. Who we share data with
We rely on two kinds of third parties to operate Claira: subprocessors that handle data on our behalf under a written data-processing agreement, and independent third parties whose own services Claira integrates with and who handle data under their own terms.
4.1 Subprocessors
These providers act on our behalf under a written contract (DPA) and are forbidden from using your data for their own purposes.
| Subprocessor | What they do | Region |
|---|---|---|
| Supabase, Inc. | Primary backend: stores your content, handles authentication, and runs our server code. | United States |
| OpenAI, L.L.C. | AI processing for Claira's features (see §3.3 for what data is sent and why). | United States |
| Anthropic, PBC | AI processing for Claira's features (see §3.3 for what data is sent and why). | United States |
| Amazon Web Services, Inc. | Inbound-email receipt and processing infrastructure. Raw email is held briefly and then deleted (see §7). | United States |
| Resend, Inc. | Outbound transactional email delivery. | United States |
| Functional Software, Inc. (d/b/a Sentry) | Error and diagnostic monitoring (see §3.6). | United States |
4.2 Independent third parties we integrate with
These providers are not our subprocessors. They handle the data described under their own terms and privacy policies, as independent controllers, and they may use that data for their own purposes (for example, fraud prevention, platform analytics, or service improvement).
| Provider | What we use them for | Region |
|---|---|---|
| Apple Inc. | Sign in with Apple (where you choose it), push-notification delivery via APNs, in-app purchases, and App Store distribution. | United States |
| Google LLC | Google Sign In (OAuth ID token), where you choose it. | United States |
When you choose Sign in with Apple or Google Sign In, the identity provider you choose receives the fact that you are signing into Claira and shares an identity token with us. When you make an in-app purchase, Apple processes the payment as merchant of record; Apple shares with us only the entitlement information needed to unlock paid features. When we send a push notification, Apple's APNs delivers it to your device under Apple's own platform terms.
4.3 Other disclosures
We do not share your personal data with any party other than those listed above, except when legally required (subpoena, court order, preservation demand) or when you explicitly direct us to (for example, sending a space-invitation email to a person you choose).
5. AI processing and model training
Claira's AI features are powered by the AI subprocessors listed in §4.1. The data each can receive — and the purposes for which we send it — is described feature-by-feature in §3.3.
Model training. Under our AI subprocessors' standard API terms, the inputs we send through their APIs are not used to train their models. We have executed Data Processing Addenda with each AI subprocessor. Where a provider additionally exposes optional data-sharing settings in our organization account, we have disabled them.
Provider retention. Each provider may retain API inputs for a limited period for abuse monitoring, as described in that provider's published API data-usage policies. Where the provider exposes a setting to disable that retention, we have disabled it.
6. International transfers
Claira is operated from the United States, and all subprocessors listed in §4.1 are based in the United States. As stated in §1, the Service is offered only in the United States. If you nevertheless access the Service from the EU, EEA, UK, Switzerland, or another jurisdiction with cross-border transfer rules, your personal data will be transferred to and processed in the United States. For those edge cases, we rely on the following transfer mechanisms:
- Standard Contractual Clauses (SCCs) incorporated into the Data Processing Addenda we have executed with each subprocessor
- Subprocessors' own certifications where applicable (for example, under the EU-U.S. Data Privacy Framework)
You can request copies of the SCCs we rely on by emailing
privacy@sortedchaos.ai.
7. How long we keep your data
| Data category | Retention |
|---|---|
| Account content (notes, tasks, spaces, files, calendar events, email attachments, chat conversations, and facts Claira remembers about you from chat) | Until you delete the account, or sooner if you delete the item yourself |
| Items you've deleted | Visible in the in-app Recently Deleted view for 30 days, then permanently removed from our servers |
| Inbound emails during processing (before they reach your account) | 72 hours, then auto-deleted |
| Delivery records for emails we've sent you (metadata only, not content) | Deleted when you delete your account |
| Subprocessor operational logs and backups (Supabase, AWS, Resend, Sentry) | Typically 7–30 days, per each subprocessor's default retention policy |
| Apple crash diagnostics | Administered by Apple under Apple's policy |
Item deletion vs. account deletion. When you delete an individual item (a note, task, file, etc.) from inside the app, it moves to the in-app Recently Deleted view and is permanently removed from our servers after 30 days. When you delete your entire account from Settings, that is a different flow: your profile, notes, tasks, events, calendars, uploaded files, email attachments, subscription state, device notification tokens, records of your AI feature usage, chat conversations, facts Claira remembered about you from chat, and records of emails we sent on the app's behalf are removed without going through the 30-day Recently Deleted window — backups and operational logs follow the subprocessor retention windows in the table above. Spaces you share with other users have ownership transferred to another member rather than being deleted, so their data is preserved. Apple subscriptions are managed by Apple and must be cancelled separately in the App Store.
8. Your rights
Regardless of where you live, you can:
- Access the personal data we hold about you
- Correct inaccurate data (most is editable directly in the app)
- Delete your account and all associated content (see §7)
- Port your data to another service
We do not currently process any data on the basis of consent, so the right to "withdraw consent" doesn't apply unless we add consent-based processing in the future and notify you.
If you nevertheless access the Service from the EU, EEA, UK, or Switzerland (despite our scope statement in §1), the GDPR / UK GDPR also gives you the right to:
- Object to or restrict certain processing based on our legitimate interests
- Lodge a complaint with your national data protection supervisory authority (for example, Ireland's DPC, Germany's BfDI, the UK's ICO)
If you're a California resident, the CCPA / CPRA also gives you:
- The right to know what personal information we collect and how we use it (this notice)
- The right to delete personal information (see §7)
- The right to correct inaccurate personal information
- The right to opt out of sale or sharing of personal information for cross-context behavioral advertising — we do not sell or share your personal information for those purposes, so there is nothing to opt out of
- The right not to receive discriminatory treatment for exercising any of these rights
- The right, under California Civil Code §1798.83 ("Shine the Light"), to request information about our disclosure of personal information to third parties for their own direct marketing. We do not make such disclosures.
To exercise any right, email privacy@sortedchaos.ai, or mail your
request to the address in §1. We will verify your identity by
confirming you control the account's email address, respond within the
timeframes required by the law applicable to you (generally 30 days
under GDPR, 45 days under CCPA), and act without charge except as
permitted by applicable law.
9. Security
We protect your data with:
- TLS encryption for all network traffic
- Encryption at rest for data stored with our backend subprocessors
- Principle-of-least-privilege access controls, with only authorized SortedChaos LLC personnel able to access production systems
- Device-level secure storage for authentication tokens on your device
No security system is perfect. If you believe your account has been
compromised or discover a vulnerability in Claira, please email
privacy@sortedchaos.ai promptly.
Breach notification. If we experience a personal-data breach that creates a risk to your rights and freedoms, we will notify affected users and our supervisory authority within the timeframes required by applicable law (72 hours under GDPR for high-risk incidents).
10. Human access to your content
From time to time, authorized SortedChaos LLC personnel bound by confidentiality obligations may access your account content to:
- Reproduce and fix a bug you have reported
- Investigate AI output quality when users flag issues
- Review abuse or safety reports on shared content
- Comply with a valid legal process (subpoena, preservation order)
We do not use your content for advertising or marketing purposes.
11. Children
Claira is intended for adults 18 or older. We do not knowingly
collect personal data from anyone under 18. If you believe a person
under 18 has created an account, email privacy@sortedchaos.ai. We
will look into the report — typically by contacting the account
holder at the email address associated with the account, and giving
them a reasonable opportunity to respond — before deleting the
account, except where we have clear evidence that the user is under
18 (in which case we may act immediately).
12. Cookies and the Claira website
The sortedchaos.ai and claira.sortedchaos.ai websites serve static
informational pages and do not use advertising trackers, analytics
cookies, or any other cross-site tracking technology. The sites are
hosted on Cloudflare Pages (Cloudflare, Inc., United States);
Cloudflare may receive visitor IP addresses and may set
strictly-necessary cookies for security and operation of the CDN. No
consent banner is required because no non-essential tracking is
performed.
13. Changes to this notice
We may update this notice over time. When we do:
- The "Last updated" date at the top will change
- A brief changelog at the bottom of the page will summarize what changed
- For material changes (changes to how we process your data, new subprocessors handling sensitive functions, changes to your rights), we will notify you at least 30 days in advance by email and with an in-app notice before the change takes effect
We will not retroactively apply new terms to claims or disputes relating to periods before the update took effect.
14. How to contact us
| Topic | Address |
|---|---|
| Privacy questions, data-subject requests | privacy@sortedchaos.ai |
| Legal inquiries, takedowns, arbitration opt-out notices | legal@sortedchaos.ai |
| Product support | support@sortedchaos.ai |
| General / press | hello@sortedchaos.ai |
Our mailing address is in §1.
Changelog
| Version | Date | Change |
|---|---|---|
| 1.1 | 2026-06-03 | Added Anthropic as a subprocessor for the Claira chat feature, including web search and webpage fetching the chat performs on your behalf. Added §3.3 disclosures for the chat assistant, web search and webpage fetching in chat, cross-chat personalization, and embeddings used for retrieval. Restructured §5 to describe AI processing generically rather than enumerating which subprocessor handles which feature — per-feature routing is an implementation choice and not material to data handling. Named chat conversations and remembered facts in §7 alongside other account content. Listed your chat conversations in §3.2 as content you create. |
| 1.0.1 | 2026-05-23 | §3.4 clarification: shared-space activity is named as an example of push notifications you've requested. Non-material — no change in data processing, no new subprocessor, no change in rights. |
| 1.0 | 2026-05-12 | Initial version. |