Who we are
Klarr Stack is a personal assistant and operating system for high-output women with complex lives. Operated as an enkeltmandsvirksomhed (sole trader) in Denmark (CVR 45490343). Data controller: Tala Maria Aabø Contact: contact@klarrstack.com
What we collect
Account data: your email address, collected by Supabase Auth on sign-in. Context data: your name, city, household information, and preferences, collected during onboarding to personalise the assistant. Conversation data: messages you send to the assistant and responses generated. Priority and goal data: text you enter or speak. Health and wellness data (Article 9 special category): energy level, sleep quality, mood, cycle day, and menstrual phase. Collected only after explicit consent. Calendar data: event titles and times from your connected Google or Microsoft calendar, read-only unless you explicitly create an event. Consent records: timestamped record of what you agreed to and when. Onboarding progress timestamps: server-side records of when you started and completed each part of the onboarding flow, used to measure and improve the flow itself. WhatsApp number: where you link your WhatsApp number to your Klarr account, we store your phone number in E.164 format as an account identifier. This number is used solely to route messages between WhatsApp and your Klarr account and is never shared with third parties. Email data: where you connect Google or Microsoft, Klarr reads unread inbox messages to populate the unified inbox. Subject lines, sender names, email addresses, and a short summary are stored in Klarr's database. Full email bodies are processed in memory for AI extraction and are not stored permanently. You can revoke email access at any time from Settings → Integrations. Conversation memory: Klarr periodically compresses older conversation history into short summaries to provide continuity across sessions. These summaries are stored in your account and used to personalise future responses. You can delete them via Settings → Data (Delete account).
Why we collect it
Contract performance (Article 6(1)(b)): account, context, conversation, and calendar data are necessary to provide the service. Explicit consent (Article 9(2)(a)): health and wellness data is only stored after a specific, informed consent step separate from the general terms. This consent covers the storage, processing, and return of that data to you on request, including via the Article 20 data export function.
AI processing
The assistant uses Anthropic's Claude API (Anthropic PBC, San Francisco, USA). Relevant context is sent to Anthropic for each response. This context is not anonymised. It includes identifiable personal information: your name and details about your household, including your children and the people you work with, together with your calendar event titles and priorities. Where you have given consent, it also includes your health and cycle data. This is sent so the assistant can generate your briefs and replies. Anthropic processes data under Standard Contractual Clauses (SCCs) as the EU-to-US transfer mechanism. When you drop a screenshot or PDF into the assistant, the image is sent to Anthropic to read out the dates and details it contains. It is processed in memory only and is never stored by Klarr. When you delete your account, all your data is removed from Klarr's systems immediately. Conversation data previously sent to Anthropic's API may be retained by Anthropic for up to 30 days for trust and safety monitoring, after which Anthropic deletes it automatically. Anthropic does not train models on API data. See anthropic.com/privacy for Anthropic's full retention policy.
Where data is stored
All data is stored in Supabase on EU servers (eu-central-1 or eu-west-1). Each user's data is isolated via row-level security. No user can access another's data. Data is encrypted at rest and in transit. Not shared. Not sold.
Data processors
Klarr uses the following sub-processors. Each has signed a Data Processing Agreement (DPA) under GDPR Article 28. Links are to each processor's current DPA. Klarr may enable error monitoring to diagnose faults. If enabled, it would be provided by a US sub-processor under the same DPA and Standard Contractual Clauses basis as the processors listed above. It is not active by default.
Your rights
Access: request a copy at any time from Settings → Data. Delete (Article 17 GDPR): Settings → Delete account removes all your data immediately and permanently, including health data. Conversation data previously sent to Anthropic's API may be retained by Anthropic for up to 30 days for trust and safety monitoring, after which it is deleted automatically. Export (Article 20): download your full data as JSON from Settings → Data. Withdraw health consent: Settings → Privacy. Object or restrict: contact@klarrstack.com For access, object, and restrict requests we respond within 2 to 5 business days.
Complaints
Contact contact@klarrstack.com first. You may also contact Datatilsynet (datatilsynet.dk), Carl Jacobsens Vej 35, 2500 Valby, Denmark.
This policy updates as the product develops. Material changes are notified in the app before they take effect.