Claryt

Privacy Policy

Last updated: June 11, 2026

This Privacy Policy describes how Claryt — Claryt Soluções em Tecnologia Ltda (CNPJ 37.148.585/0001-00), "we" — collects, uses, shares and protects personal data when operating the platform available at claryt.io and its applications (including Clipacast and Metricboy — the "Service"), in accordance with applicable data protection laws, including the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018) and, where applicable, the EU/UK General Data Protection Regulation (GDPR).

1. Our roles

  • For account, billing and usage data of our customers, Claryt acts as the data controller (LGPD: controladora).
  • For content and connected-platform data processed on a customer's instruction (publishing, scheduling, analytics), Claryt generally acts as a processor/service provider (LGPD: operadora) on behalf of the customer, with our infrastructure providers acting as sub-processors.

2. Data we collect

  • Account data: name, email and, where applicable, phone number and billing details.
  • Usage data: access logs, in-app actions and usage metrics.
  • Content: files and data you submit for processing (e.g., videos, transcripts and media generated from them).
  • Connected-platform data: when you connect a platform account we store the authorization tokens and access only the data needed for the features you enabled — typically your account/channel identity, the content you publish through the Service, the catalog of your published content, and its performance metrics. We do not access private messages.
  • Device data: strictly necessary cookies and similar identifiers used for authentication and session security (see section 11).

3. How we use data

  • provide, maintain and improve the Service;
  • authenticate access and protect account security;
  • perform the integrations, publications and analytics you request;
  • send operational communications (e.g., the email access link);
  • comply with legal and regulatory obligations and with the platforms' developer terms.

We publish or schedule content to your connected accounts only upon your express action, and we show you what will be published before it is sent. We do not use platform data for advertising, do not sell it, and do not use it to train AI or machine-learning models.

4. Legal bases

We process data based on performance of the contract, consent (e.g., when you connect a platform account), compliance with legal obligations, and legitimate interest (e.g., service security), as applicable under the LGPD and the GDPR.

5. Google and YouTube API Services

The Service uses YouTube API Services. By using the YouTube features you agree to the YouTube Terms of Service, and the Google Privacy Policy applies to Google's handling of your data. Through the YouTube API we access, with your authorization: your channel identity, the videos you upload through the Service (including their metadata and thumbnails), the catalog of your channel's content, and your channel's analytics data — used solely to provide the publishing and analytics features you enabled.

Claryt's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In addition to revoking access in the Service's settings, you can revoke Claryt's access to your Google data at any time via the Google security settings page.

YouTube data we store is refreshed or deleted at least every 30 days, except authorized analytics data retained to provide your historical reporting, whose authorization we re-verify at least every 30 days.

6. Other connected platforms

The same approach applies to the other platforms you may connect — Instagram, Facebook and Threads (Meta), TikTok, LinkedIn, X, Pinterest and Telegram: we access only what the feature needs, under each platform's developer terms, and their own privacy policies apply to their handling of your data. Platform-specific retention rules we honor include: LinkedIn member data is displayed in-product only and not retained beyond LinkedIn's prescribed limits; Pinterest content data is fetched on demand rather than stored (except your own analytics); and when an X integration is offered, content you delete on X is reflected in the Service within 24 hours.

7. Retention and deletion

  • Account data is retained while your account is active and as required by law (e.g., tax records) afterwards.
  • When you disconnect a platform account or revoke its authorization, we delete that platform's data within 7 days.
  • When you close your account, your data is deleted or anonymized, except where retention is legally required.
  • Detailed, step-by-step instructions are on our Data Deletion page.

8. Sharing and sub-processors

We do not sell personal data. We share it only with providers that support our operations, under written contracts that bind them to confidentiality, security and the same protections we owe you and the platforms. Current sub-processor categories:

  • Cloud hosting and storage: Google Cloud Platform (data hosted in the United States).
  • AI processing: AI model providers (e.g., OpenAI) used to transcribe and prepare your content — only your content, never platform credentials.
  • Payments and invoicing and email delivery providers.
  • Authorities, when required by law.

9. International data transfers

Our infrastructure is hosted on Google Cloud Platform in the United States. For data subject to the LGPD, transfers are based on the Standard Contractual Clauses approved by the Brazilian ANPD (Resolution CD/ANPD No. 19/2024), incorporated through our cloud provider's data processing terms. For data subject to the GDPR, transfers rely on the applicable Standard Contractual Clauses and supplementary measures.

10. Security and incidents

We apply technical and organizational measures to protect data: encryption in transit and at rest (with encryption keys stored separately from the data), access controls, per-organization isolation, and audit logging. No method is 100% secure, but we continuously work to mitigate risks. If a data breach affects your data, we will notify you and the competent authorities (including the ANPD where applicable) in accordance with applicable law, and the affected platforms where their terms require it.

11. Cookies

We use strictly necessary cookies for authentication and operation of the Service. We do not use cookies for advertising or cross-site tracking, and no third party serves ads in the Service.

12. Your rights

Subject to your local law (including the LGPD and the GDPR), you may request access, correction, anonymization, portability or deletion of your data, object to or restrict certain processing, and withdraw consent at any time. We do not sell or share personal data for cross-context behavioral advertising (as defined by US state privacy laws). To exercise these rights, contact privacy@claryt.io. You may also lodge a complaint with your supervisory authority (in Brazil, the ANPD).

13. Children

The Service is intended for businesses and is not directed to individuals under 18, nor may it be used to build apps or experiences directed at children under 13. Where a platform requires an audience declaration for content (e.g., YouTube's "Made for Kids"), that declaration is made by you, the publishing customer.

14. Changes

We may update this Policy. The "last updated" date reflects the current version; material changes will be communicated.

15. Controller, DPO & contact

The data controller is Claryt Soluções em Tecnologia Ltda (CNPJ 37.148.585/0001-00), Rua Jorge Czerniewicz, 927 — Czerniewicz, Jaraguá do Sul/SC, 89255-000, Brazil.

Our Data Protection Officer (LGPD Encarregado) can be reached at privacy@claryt.io. For any privacy question or complaint — including about our use of platform APIs — contact privacy@claryt.io or inbox@claryt.io.