LEGAL
Privacy Policy
Last updated: April 16, 2026
This Privacy Policy describes how Financial Holding LLC ("ClareMesh", "we", "us") collects, uses, and protects information when you use the ClareMesh platform and services. We are committed to protecting your privacy and processing your data in compliance with applicable laws including GDPR, CCPA, and other data protection regulations.
1. Data we collect
Account data: When you create an account, we collect your email address, organization name, and hashed password. We store your role, plan selection, and onboarding preferences.
Usage data: We collect aggregated usage metrics including transform counts, API call volumes, and feature usage patterns. This data is used for plan enforcement and service improvement.
Technical data: We automatically collect IP addresses, browser type, and device information for security purposes (login activity logging, abuse prevention).
Customer financial data: ClareMesh's architecture is designed so that your customers' financial data (bank transactions, account balances, invoices) is processed within your own infrastructure. On the hosted sync tier, transforms run in your Supabase project. We do not have access to, store, or transmit your customers' financial data.
2. How we use your data
We use account data to provide and maintain the Service, authenticate your access, manage billing, and communicate service updates. Usage data is used for plan limit enforcement, performance monitoring, and product improvement. Technical data is used for security monitoring and abuse prevention. We do not sell your data to third parties.
3. Sub-processors
We use the following sub-processors to deliver the Service. A complete list with processing details is available at claremesh.com/security/sub-processors.
Supabase (database and authentication), Vercel (hosting and edge delivery), Stripe (payment processing), GitHub (source code hosting), Cloudflare (DNS and CDN), Resend (transactional email), and Sentry (error monitoring).
4. Data retention
We retain account data for the duration of your active subscription plus 30 days after account closure. Usage data is retained for 12 months. Audit logs are retained for 24 months or as required by your compliance framework. You may request data deletion at any time through the Settings page or by contacting us.
5. Your rights
Depending on your jurisdiction, you may have the right to: access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, object to or restrict processing of your data, receive your data in a portable format, and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at malik@claremesh.com or use the data export feature in your Settings page.
6. GDPR (European users)
For users in the European Economic Area, we process personal data on the following legal bases: contract performance (account data necessary to provide the Service), legitimate interest (usage analytics for service improvement), and consent (where required). Our Data Processing Agreement is available at claremesh.com/dpa.
7. CCPA (California users)
California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at malik@claremesh.com.
8. Security
We implement industry-standard security measures including encryption in transit (TLS), hashed credential storage, row-level security for data isolation, and regular security assessments. Our security posture is documented at claremesh.com/security with 61 documented controls across SOC 2, ISO 27001, GDPR, CCPA, PCI DSS, and SOX frameworks.
9. Cookies
We use essential cookies for authentication session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The only cookies set by ClareMesh are session tokens necessary for the Service to function.
10. Changes to this policy
We will notify you of material changes to this Privacy Policy at least 30 days before they take effect via email or in-app notification.
11. Contact
For privacy-related inquiries, contact our data protection team at malik@claremesh.com.