Privacy Notice — Claira

Last updated: 2026-05-23

Effective: 2026-05-12

1. Who we are

Claira is a productivity app published by SortedChaos LLC, a limited liability company organized in the State of New York, United States. SortedChaos LLC is the controller of personal data processed through Claira.

How to reach us:

• General privacy questions and data-subject requests: [email protected]
• Legal inquiries, takedowns, arbitration opt-out notices: [email protected]
• Product support: [email protected]

Mailing address: SortedChaos LLC c/o Northwest Registered Agent LLC 418 Broadway, Ste N Albany, NY 12207 United States

This notice applies to the Claira mobile application and our web properties at sortedchaos.ai and claira.sortedchaos.ai.

Where Claira is offered. Claira is currently available only in the United States. We do not direct the Service at users in the European Economic Area, the United Kingdom, Switzerland, or other regions outside the United States. If you nevertheless access the Service from outside the United States, you do so on your own initiative and your data will be processed in the United States as described below.

2. Summary (the short version)

• Claira is an adult-only (18+) productivity app.
• We collect the content you create (tasks, notes, spaces, folders, emails you forward to us, calendar events you import, files you upload, and content you share into Claira from other apps) and the minimum identifiers needed to make the app work.
• We use OpenAI to power Claira's AI features; under OpenAI's API terms, our API inputs are not used to train their models.
• We do not sell or share your data for advertising. We do not use third-party analytics SDKs. The app does not include any advertising tracking.
• You can delete your account and all associated content from inside the app at any time.
• You have rights over your data (access, correction, deletion, portability). See §8 for how to exercise them.

The rest of this notice explains the details.

3. What we collect and why

We group the data we process into the categories below. For each, we note what it is and why we process it.

3.1 Account identity

• What: your email address; if you sign in with Apple or Google, the identity token returned by that provider; if you sign in with email and password, the password (we never see your plaintext password — only a hash, stored by our authentication subprocessor); and your display name and avatar image shown in the app.
• Why: to authenticate you, associate your data with your account, and display your profile within the app.
• Apple Hide My Email. If you use Sign in with Apple's "Hide My Email" feature, the email address we receive is a private relay address ending in @privaterelay.appleid.com, not your direct email. We use that relay address the same way we'd use any account email.

3.2 Content you create

• What: the tasks, notes, spaces, folders, uploaded files, calendar events you import from your device calendar, emails you forward to your personalized Claira address, and content you share into Claira from other apps using the iOS Share Sheet (URLs, images, PDFs, and selected text).
• Why: to provide the Claira service — storing, syncing, and organizing your content across your devices.

3.3 Content we process with AI

• What: the text of notes and emails; the text content of attachments you add to notes (images via OCR, PDFs via text extraction, webpages via fetch and text extraction); voice recordings you dictate; and the outputs derived from them (summaries, topics, folder suggestions, task and event suggestions, OCR'd text, task conversions).
• Why: to power AI features you invoke.
  • Note post-processing. Notes you save are automatically sent to OpenAI for analysis; Claira uses the output to assign a topic/summary to the note and propose a folder.
  • Voice transcription. When you dictate, Claira sends the audio to OpenAI for transcription; the resulting text is saved as a task or a note depending on the capture context. We do not store the audio on Claira's infrastructure — only the transcribed text is retained on your account. OpenAI's handling of the audio is described in §5.
  • Image OCR. When you attach an image, Claira runs OCR on your device using Apple's Vision framework and uploads only the recognized text. The image is not sent to OpenAI for this step. You can tap "Extract Text" on an image attachment to send that image to OpenAI for higher-quality OCR (e.g. handwriting or low-contrast scans).
  • PDF summarization. When you add a PDF, Claira extracts the text from it before sending anything to OpenAI. Only the extracted text is sent; the PDF file itself is not.
  • Summarization and task conversion. When you explicitly ask Claira to summarize a note or email, or to convert one into a task, Claira sends the content to OpenAI for processing and shows you the resulting summary or task.
  • Webpage-link summarization. When you save a webpage link — whether by pasting it, sharing it into Claira from another app, or asking Claira to summarize a link you have already saved — our servers fetch the page contents at the URL you provided so we can extract its text and send that text to OpenAI for summarization and for the task/event suggestions described below. That outbound fetch is a request to a third-party server and may be visible to that server (e.g., in its access logs) as a request originating from Claira's infrastructure, not from your device.
  • Folder, task, and event suggestions. When you save a note, receive an email in Claira, or share content into Claira from another app, the content is sent to OpenAI for analysis. Based on OpenAI's output, Claira proposes a folder for it and surfaces any tasks or events mentioned in it — including the times, dates, and locations referenced within the text — so you can add them to your task list or calendar. The locations surfaced this way come from text within the content you saved; Claira does not collect device location (see §3.7). Your prior actions on these AI suggestions — accepting them, dismissing them, or letting them expire — are used to inform which suggestions you see next.
• Important: Under OpenAI's API terms, our API inputs are not used to train their models. See §5 for details.

3.4 Device and push-notification data

• What: a device identifier used only to deliver push notifications you've requested (task reminders, new-email alerts, shared-space activity, etc.).
• Why: to deliver push notifications.

3.5 Subscription and billing data

• What: your Claira subscription state (whether you have an active subscription) and, indirectly, the platform transaction identifiers that entitle you. Claira does not receive or store any payment-card data — all purchases are processed by the platform app store (the App Store on iOS).
• Why: to grant access to paid features and enforce the free-tier limit.

3.6 Diagnostic data

• What: application error events (stack traces, app version, device model/OS), sent to our error-monitoring provider (Sentry). We scrub or hash personal identifiers before sending. We do not send your note text or email bodies.
• Why: to detect and fix bugs that affect your experience. You can opt out at Settings → Privacy → Automatic error reports in the app.

3.7 What we do not collect

• We do not collect your location (no GPS, no precise or coarse location).
• We do not access your contacts.
• We do not include advertising trackers.
• We do not use third-party analytics SDKs.
• We do not access your camera or photo library except when you explicitly pick or capture an image to attach to a note or as your avatar (your OS will ask for permission at that moment).

3.8 Health-related content

Claira is a general-purpose productivity tool. It is not designed or marketed for the collection, processing, or analysis of consumer health data, and we do not infer health, medical, fitness, biometric, or reproductive information from your content. If you choose to write notes that touch on health topics, that text is treated like any other note content under this notice — stored on your account and processed by the AI features described in §3.3 in the same way as the rest of your notes. We do not separately categorize, share, or sell health-related content. This statement is provided in part to address Washington State's My Health My Data Act and similar U.S. state laws.

4. Who we share data with

We rely on two kinds of third parties to operate Claira: subprocessors that handle data on our behalf under a written data-processing agreement, and independent third parties whose own services Claira integrates with and who handle data under their own terms.

4.1 Subprocessors

These providers act on our behalf under a written contract (DPA) and are forbidden from using your data for their own purposes.

4.2 Independent third parties we integrate with

These providers are not our subprocessors. They handle the data described under their own terms and privacy policies, as independent controllers, and they may use that data for their own purposes (for example, fraud prevention, platform analytics, or service improvement).

When you choose Sign in with Apple or Google Sign In, the identity provider you choose receives the fact that you are signing into Claira and shares an identity token with us. When you make an in-app purchase, Apple processes the payment as merchant of record; Apple shares with us only the entitlement information needed to unlock paid features. When we send a push notification, Apple's APNs delivers it to your device under Apple's own platform terms.

4.3 Other disclosures

We do not share your personal data with any party other than those listed above, except when legally required (subpoena, court order, preservation demand) or when you explicitly direct us to (for example, sending a space-invitation email to a person you choose).

5. AI processing and model training

Claira routes certain content to OpenAI to provide AI-driven features. Specifically:

• Notes you save — whether typed, voice-transcribed, emailed in, or shared into Claira from another app — are sent to OpenAI for analysis; Claira uses the output to assign a topic/summary and propose a folder.
• Voice recordings are sent to OpenAI for transcription. The audio is not persisted on our side.
• Task and event suggestions surfaced on the home tab are derived from your notes, emails, and shared content based on analysis from OpenAI.
• When you save a webpage link to Claira — by pasting it, sharing it from another app, or asking Claira to summarize one you have saved — our servers fetch the page contents at the URL and send the extracted text to OpenAI for analysis. When you ask Claira to summarize a forwarded email or a PDF attachment, we send its content to OpenAI for processing. For PDFs, Claira extracts the text first and sends only the extracted text (the PDF file itself is not sent).
• For images, OCR runs on your device by default, and the image itself is not sent to OpenAI — only the recognized text is. You can override this default by tapping "Extract Text" on an image attachment, which sends the image to OpenAI for higher-quality OCR (useful for handwriting or low-contrast scans).

Model training. Under OpenAI's API terms, our API inputs are not used to train their models. We have additionally disabled all optional data-sharing settings in our OpenAI organization and have executed OpenAI's Data Processing Addendum.

OpenAI retention. OpenAI may retain API inputs for a limited period for abuse monitoring, as described in OpenAI's published API data usage policies. We have disabled optional logging that would retain inputs and outputs in our organization's account.

6. International transfers

Claira is operated from the United States, and all subprocessors listed in §4.1 are based in the United States. As stated in §1, the Service is offered only in the United States. If you nevertheless access the Service from the EU, EEA, UK, Switzerland, or another jurisdiction with cross-border transfer rules, your personal data will be transferred to and processed in the United States. For those edge cases, we rely on the following transfer mechanisms:

• Standard Contractual Clauses (SCCs) incorporated into the Data Processing Addenda we have executed with each subprocessor
• Subprocessors' own certifications where applicable (for example, under the EU-U.S. Data Privacy Framework)

You can request copies of the SCCs we rely on by emailing [email protected].

7. How long we keep your data

Item deletion vs. account deletion. When you delete an individual item (a note, task, file, etc.) from inside the app, it moves to the in-app Recently Deleted view and is permanently removed from our servers after 30 days. When you delete your entire account from Settings, that is a different flow: your profile, notes, tasks, events, calendars, uploaded files, email attachments, subscription state, device notification tokens, records of your AI feature usage, and records of emails we sent on the app's behalf are removed without going through the 30-day Recently Deleted window — backups and operational logs follow the subprocessor retention windows in the table above. Spaces you share with other users have ownership transferred to another member rather than being deleted, so their data is preserved. Apple subscriptions are managed by Apple and must be cancelled separately in the App Store.

8. Your rights

Regardless of where you live, you can:

• Access the personal data we hold about you
• Correct inaccurate data (most is editable directly in the app)
• Delete your account and all associated content (see §7)
• Port your data to another service

We do not currently process any data on the basis of consent, so the right to "withdraw consent" doesn't apply unless we add consent-based processing in the future and notify you.

If you nevertheless access the Service from the EU, EEA, UK, or Switzerland (despite our scope statement in §1), the GDPR / UK GDPR also gives you the right to:

• Object to or restrict certain processing based on our legitimate interests
• Lodge a complaint with your national data protection supervisory authority (for example, Ireland's DPC, Germany's BfDI, the UK's ICO)

If you're a California resident, the CCPA / CPRA also gives you:

• The right to know what personal information we collect and how we use it (this notice)
• The right to delete personal information (see §7)
• The right to correct inaccurate personal information
• The right to opt out of sale or sharing of personal information for cross-context behavioral advertising — we do not sell or share your personal information for those purposes, so there is nothing to opt out of
• The right not to receive discriminatory treatment for exercising any of these rights
• The right, under California Civil Code §1798.83 ("Shine the Light"), to request information about our disclosure of personal information to third parties for their own direct marketing. We do not make such disclosures.

To exercise any right, email [email protected], or mail your request to the address in §1. We will verify your identity by confirming you control the account's email address, respond within the timeframes required by the law applicable to you (generally 30 days under GDPR, 45 days under CCPA), and act without charge except as permitted by applicable law.

9. Security

We protect your data with:

• TLS encryption for all network traffic
• Encryption at rest for data stored with our backend subprocessors
• Principle-of-least-privilege access controls, with only authorized SortedChaos LLC personnel able to access production systems
• Device-level secure storage for authentication tokens on your device

No security system is perfect. If you believe your account has been compromised or discover a vulnerability in Claira, please email [email protected] promptly.

Breach notification. If we experience a personal-data breach that creates a risk to your rights and freedoms, we will notify affected users and our supervisory authority within the timeframes required by applicable law (72 hours under GDPR for high-risk incidents).

10. Human access to your content

From time to time, authorized SortedChaos LLC personnel bound by confidentiality obligations may access your account content to:

• Reproduce and fix a bug you have reported
• Investigate AI output quality when users flag issues
• Review abuse or safety reports on shared content
• Comply with a valid legal process (subpoena, preservation order)

We do not use your content for advertising or marketing purposes.

11. Children

Claira is intended for adults 18 or older. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has created an account, email [email protected]. We will look into the report — typically by contacting the account holder at the email address associated with the account, and giving them a reasonable opportunity to respond — before deleting the account, except where we have clear evidence that the user is under 18 (in which case we may act immediately).

12. Cookies and the Claira website

The sortedchaos.ai and claira.sortedchaos.ai websites serve static informational pages and do not use advertising trackers, analytics cookies, or any other cross-site tracking technology. The sites are hosted on Cloudflare Pages (Cloudflare, Inc., United States); Cloudflare may receive visitor IP addresses and may set strictly-necessary cookies for security and operation of the CDN. No consent banner is required because no non-essential tracking is performed.

13. Changes to this notice

We may update this notice over time. When we do:

• The "Last updated" date at the top will change
• A brief changelog at the bottom of the page will summarize what changed
• For material changes (changes to how we process your data, new subprocessors handling sensitive functions, changes to your rights), we will notify you at least 30 days in advance by email and with an in-app notice before the change takes effect

We will not retroactively apply new terms to claims or disputes relating to periods before the update took effect.

14. How to contact us

Our mailing address is in §1.

Changelog