Privacy Policy

Last updated: May 2026

1. Overview

ClearPen is operated by PKDM Services OÜ, a company registered in Estonia (registry number 17198549), with its registered address at Juhkentali 8, 10132 Tallinn, Estonia ("we", "us", "our"). We are committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal information when you use the ClearPen service at clearpen.ai ("the Service").

By using the Service, you agree to the collection and use of information as described in this policy.

2. Data We Collect

2.1 Account Information

When you create an account, we collect information through our authentication provider, Clerk:

• Email address (required)
• Name (optional, from your sign-up provider such as Google or GitHub)
• Profile image (optional, from your sign-up provider)
• Authentication tokens and session data

2.2 Payment and Billing Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We store:

• Your Stripe customer ID
• Subscription plan and status
• Billing cycle dates
• Transaction history (amounts and dates)

2.3 Text Data

When you use the humanizer or AI detector, we process and store:

• The text you submit for humanization or detection (input text)
• The humanized output text generated by the Service
• AI detection scores (before and after humanization)
• Settings used (tone selection)

This data is stored to provide your request history feature and to enable you to revisit previous results.

2.4 Usage Metrics

• Word counts consumed per billing period
• Number of requests made
• Feature usage (tone selections)
• Processing times

2.5 Technical Data

• IP address
• Browser type and version
• Device information
• Pages visited and interaction patterns
• Referral source

3. How We Use Your Data

We use the data we collect to:

• Provide the Service — process your text through our humanization engine and AI detection tools.
• Manage your account — authenticate your identity, enforce usage limits, and maintain your subscription.
• Process payments — bill you for your subscription and handle upgrades, downgrades, and refunds.
• Maintain request history — store your past humanization requests so you can access them from your dashboard.
• Send transactional emails — receipts, billing notifications, account security alerts, and service updates.
• Improve the Service — analyze anonymized, aggregated usage patterns to improve performance, features, and user experience.
• Prevent abuse — detect and prevent fraudulent use, rate limit violations, and Terms of Service violations.

We do not sell your personal data or text content to third parties. We do not use your submitted text to train AI models.

4. Third-Party Services

We share data with the following third-party providers as necessary to operate the Service:

• Clerk — Authentication and user management. Clerk receives your email, name, and authentication data. Privacy policy: clerk.com/legal/privacy
• Stripe — Payment processing and subscription management. Stripe receives your payment information directly. Privacy policy: stripe.com/privacy
• Anthropic— AI text processing. Your submitted text is sent to the Claude API for humanization. Anthropic's API usage policy states that API inputs are not used to train their models. Privacy policy: anthropic.com/privacy
• GPTZero— AI detection scoring. Your text is sent to GPTZero's API for analysis. Privacy policy: gptzero.me/privacy
• Vercel — Application hosting and edge infrastructure. Privacy policy: vercel.com/legal/privacy-policy
• Neon — PostgreSQL database hosting. Your account data, usage metrics, and request history are stored in a Neon database. Privacy policy: neon.tech/privacy

5. Data Retention

• Account data is retained for as long as your account is active and for up to 30 days after account deletion.
• Request history (submitted and processed text) is retained for 90 days, then automatically deleted.
• Usage metrics are retained for the duration of your account for billing and analytics purposes.
• Payment records are retained as required by tax and financial regulations (typically 7 years).

You may request deletion of your data at any time by contacting us at privacy@clearpen.ai.

6. Cookies and Tracking

We use cookies for:

• Essential cookies — authentication, session management, and security. These are required for the Service to function.
• Analytics cookies — to understand how the Service is used, which pages are visited, and where users encounter issues. This data is aggregated and anonymized.

We do not use advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent the Service from functioning correctly.

7. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure— request deletion of your personal data ("right to be forgotten").
• Right to data portability — request your data in a structured, commonly used, machine-readable format.
• Right to restrict processing — request that we limit how we use your data.
• Right to object — object to processing of your data for certain purposes.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@clearpen.ai. We will respond within 30 days.

Our legal bases for processing personal data include: performance of a contract (providing the Service), legitimate interest (improving the Service and preventing abuse), and consent (where applicable).

8. CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know — request information about the categories and specific pieces of personal data we have collected.
• Right to delete — request deletion of your personal data.
• Right to opt-out of sale — we do not sell personal data, so this right is already satisfied.
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise your CCPA rights, contact privacy@clearpen.ai.

9. Children's Privacy

ClearPen is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that data promptly. If you believe a child under 13 has provided us with personal data, please contact us at privacy@clearpen.ai.

10. Security Measures

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using HTTPS/TLS.
• Database connections are encrypted and access-controlled.
• Authentication is managed by Clerk with secure session tokens.
• Payment data is handled by Stripe, a PCI DSS Level 1 certified processor.
• We apply the principle of least privilege for internal access.

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or an in-app notification. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Data Controller

The data controller for the purposes of this Privacy Policy is:

• PKDM Services OÜ
• Registry number: 17198549
• Juhkentali 8, 10132 Tallinn, Estonia

14. Contact

For privacy-related questions, data requests, or concerns, contact us at:

• Privacy inquiries: privacy@clearpen.ai
• General support: support@clearpen.ai

We aim to respond to all privacy-related requests within 30 days.