Klarv
Privacy Policy

Your data, your control.

We collect only what's necessary to provide our service and never sell your information.

What we collect
Salesforce metadata: We access automation definitions (flows, triggers, validation rules) via OAuth.
Process Analytics data (paid feature): For subscribers using Process Analytics, we access field history tracking records for picklist and status fields (e.g., Opportunity Stage, Lead Status, Case Status). This includes record IDs, old/new field values, and timestamps to analyze how records move through your business processes.
What we don't access: Contact names, email addresses, phone numbers, dollar amounts, revenue figures, free-text fields, notes, descriptions, or file attachments.
Account information: Your email address and name from Salesforce OAuth for authentication purposes.
Usage data: Anonymous, aggregated analytics (page views, feature usage) to improve the product.
How we use your data
Service delivery: To scan your Salesforce org, visualize automations, and provide AI-powered insights.
Product improvement: Anonymous analytics help us understand which features are most useful.
Communication: We may send important service updates. We don't send marketing emails unless you opt in.
Legal basis for processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the services you have subscribed to, including scanning your Salesforce org and delivering AI-powered insights.
  • Consent: When you connect your Salesforce org and agree to our Terms of Service, you consent to our data processing activities as described in this policy.
  • Legitimate interests: Processing for product improvement, security monitoring, and fraud prevention, where these interests do not override your fundamental rights.

You may withdraw consent at any time by disconnecting your Salesforce org from Settings. This will not affect the lawfulness of processing prior to withdrawal.

AI usage monitoring

We monitor your usage of AI-powered features to:

  • Ensure fair usage and prevent abuse
  • Optimize service performance and reliability
  • Improve our AI models (without using your Salesforce data)
  • Enforce usage limits and credit allocations

We reserve the right to adjust credit allocations, pricing, and usage limits at any time. Such changes will be communicated via email or in-app notification.

Cookies

We use a single session cookie for authentication. This is strictly necessary to keep you logged in and cannot be disabled.

Analytics

We use Vercel Analytics, which is cookieless and privacy-focused. It collects anonymous page view data without tracking individuals across sites.

Data sharing
We never sell your data. Your information is not sold to third parties, ever.
AI processing: Automation metadata may be sent to Anthropic's Claude API for AI insights. This data is processed according to Anthropic's privacy policy and is not used to train models.
Service providers: We use Vercel (hosting), Neon (database), and Stripe (payments). These providers only access data necessary for their services.
Data retention

Scan results and automation data are retained while your account is active. You can disconnect your org at any time to remove stored data.

Security

OAuth tokens are encrypted (AES-256-GCM), all data is transmitted over TLS, and we follow security best practices. See our Security page for details.

Your rights
Access: Request a copy of your data.
Deletion: Disconnect your org from Settings to delete all stored data instantly.
Correction: Update inaccurate information.
Portability: Export your data in a standard format.
Object: Object to processing based on legitimate interests.
Restrict: Request we limit processing while disputes are resolved.

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

International data transfers

Klarv is based in Canada. Your data may be transferred to and processed in Canada, the United States, or other countries where our service providers operate.

For EEA/UK users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for data transferred outside the European Economic Area.
Service provider locations: Vercel (US), Neon (US), Stripe (US), Anthropic (US). All providers maintain appropriate data protection measures.
California privacy rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: We do not sell personal information, so this right does not apply
  • Non-discrimination: We will not discriminate against you for exercising your rights

Categories of PI collected: Identifiers (email, name), commercial information (subscription data), and internet activity (usage analytics).

To exercise your rights, contact privacy@klarv.io.

Security incidents

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify affected users via email within 72 hours of discovery
  • Notify relevant supervisory authorities as required by law
  • Provide details about what data was affected and steps being taken
  • Offer guidance on protective measures you can take
Enterprise & Data Processing Agreement

For enterprise customers requiring a Data Processing Agreement (DPA) or additional compliance documentation, please contact us at legal@klarv.io.

We can provide DPAs that include Standard Contractual Clauses for international transfers and other contractual commitments as needed for your compliance requirements.

Contact & updates

We may update this policy periodically. Material changes will be communicated via email or in-app notification.

Last updated: January 2026

privacy@klarv.io