ClearWork
Legal

Privacy Policy

Effective date: June 15, 2025 ·  Last updated: June 15, 2025

Contents

  1. 1. Introduction
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Data Sharing and Disclosure
  5. 5. Data Storage and Security
  6. 6. Data Retention
  7. 7. Your Rights
  8. 8. Cookies and Tracking
  9. 9. Children's Privacy
  10. 10. Third-Party Links
  11. 11. Changes to This Policy
  12. 12. Governing Law
  13. 13. Contact Us

1. Introduction

This Privacy Policy describes how ClearWork (operated by Maharshi Vaghela) ("ClearWork", "we", "us", or "our") collects, uses, discloses, and protects information about you when you use our website at https://getclearwork.in and our web application at https://app.getclearwork.in (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account we collect your name, email address, and optionally your phone number and business name.

2.2 Business Data You Create

We store the content you create using our Service, including client records, proposals, contracts, invoices, time entries, expenses, and any other documents you upload or generate.

2.3 Google Account Data (OAuth Integrations)

If you choose to connect your Google account via our optional integrations, we request access to the following scopes only with your explicit consent:

  • Google Calendar — to create calendar events and Google Meet links when you schedule client calls. We read and write calendar events on your behalf. We do not access personal or pre-existing calendar events.
  • Google Sheets — to create and update a ClearWork-owned spreadsheet in your Google Drive that tracks your leads, invoices, and clients. We only read and write files that ClearWork created.
  • Google Docs — to export proposals and contracts to a Google Doc in your Google Drive. We only create new files; we do not read or modify pre-existing documents in your Drive.
  • Google Forms — to receive lead submissions from a form you set up. We read form responses to create leads in your ClearWork account.

We do not store your Google OAuth tokens beyond what is required to maintain the live integration. You can revoke access at any time from your Google Account security settings or from Settings → Integrations inside ClearWork.

2.4 Payment Data

We do not store payment card details. All payment processing is handled by PCI-DSS-certified third-party gateways (Razorpay). We receive only a transaction reference and status.

2.5 Usage Analytics

We collect anonymised usage data (page views, feature interactions) to understand how the product is used. No personally identifiable information is included in analytics data.

2.6 Log Data

Our servers automatically record standard log data including your IP address, browser type, pages visited, and timestamps when you access the Service. This data is used solely for security monitoring and debugging.

3. How We Use Your Information

  • Provide, operate, and improve the Service
  • Process your transactions and manage your subscription
  • Send transactional emails (invoice reminders, account activity, security alerts)
  • Respond to your support requests
  • Detect, prevent, and address security incidents and abuse
  • Comply with legal obligations under Indian law
  • Send product updates and announcements (you may opt out at any time)

4. Data Sharing and Disclosure

We do not sell your personal data. We share information only in these limited circumstances:

4.1 Service Providers

We use trusted third-party providers to operate the Service: Supabase (database and authentication), Fly.io (API hosting), Vercel (frontend hosting), Razorpay (payment processing), Google (OAuth integrations — only when you opt in), Resend/email providers (transactional email). Each provider is bound by data processing agreements.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or a lawful government request under the Information Technology Act, 2000 or other applicable Indian legislation.

4.3 Business Transfer

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you before your data is subject to a different privacy policy.

5. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) servers hosted on AWS ap-south-1 (Mumbai, India). Data does not leave Indian jurisdiction during normal operations.

  • All data at rest is encrypted using AES-256
  • All data in transit is encrypted via TLS 1.2+
  • Sensitive fields (GSTIN, bank account details) are encrypted at the application layer
  • Daily automated backups with 30-day retention
  • Database is not exposed to the public internet

While we implement robust security measures, no system is completely secure. Please keep your account credentials confidential.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law (e.g. financial records under the Income Tax Act, 1961 or GST regulations which require record-keeping for a minimum of 6 years). Business documents you have shared with clients are your responsibility.

7. Your Rights

Subject to applicable Indian law, you have the right to:

  • Access — request a copy of personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your account and personal data
  • Portability — request an export of your data in a machine-readable format
  • Withdraw consent — disconnect any Google OAuth integration at any time
  • Opt out — unsubscribe from marketing communications at any time

To exercise these rights, email us at hello@getclearwork.in. We will respond within 30 days.

8. Cookies and Tracking

We use minimal cookies required to keep you logged in (authentication token). We also use anonymised analytics (Vercel Analytics or similar) that do not set tracking cookies or collect personally identifiable information. We do not use third-party advertising cookies.

9. Children's Privacy

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for material changes, notify you by email or an in-app notice. Continued use of the Service after changes constitutes your acceptance of the revised policy.

12. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Information Technology (Amendment) Act, 2008. Any disputes shall be subject to the exclusive jurisdiction of courts located in Gujarat, India.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: hello@getclearwork.in