Privacy
Public privacy posture for payroll-sensitive operations.
A buyer-safe summary of how ClaraOps handles public contact details, payroll and practice operations data, SimplePractice and Google Workspace source context, support access, retention workflows, subprocessors, analytics, and privacy contact paths.
Public lead capture
Public forms should collect only basic contact, role, readiness, source-system, and workflow context; they should not request PHI, payroll files, employee SSNs, raw payroll rows, credentials, or sensitive compliance details.
Protected app boundary
Payroll and practice operations data belongs behind authenticated, tenant-scoped app routes with owner or delegated-operator review.
Source systems
SimplePractice and Google Workspace source context is used only when a customer authorizes it for payroll-readiness review, export, support, and audit workflows.
Support access
support access requires consent or reviewed break-glass approval; customer-visible support audit entries should stay redacted.
Retention and rights
reviewed export, retention, deletion, and backup-window workflows keep requests accurate instead of instant unreviewed changes. Privacy questions and rights requests go through brent@claracaps.com during beta.
Subprocessors and destinations
Hosted application, database/storage, Google Drive when configured, and approved email/provider workflows are the current vendor/destination categories. Customer-controlled destinations, such as an exported Google Drive folder, are governed by the customer after export.
Analytics
Analytics stays conservative: public-site telemetry must avoid PHI, payroll files, employee SSNs, raw payroll rows, and credential-derived values. Analytics stays conservative: no session replay, heatmaps, ad pixels, cross-site retargeting, third-party behavioral profiling, keystroke capture, form-field analytics, PHI, payroll files, employee SSNs, raw payroll rows, credential-derived values, raw query strings, or free-text form answers. Non-essential cookies, persistent browser identifiers, third-party identifiers, and tracking on demo/fit-check/contact/legal/security/privacy/pricing/support paths require opt-in and a documented implementation plan before implementation. Current plan: aggregate cookie-free page/CTA counts and first-party security/abuse/debug logs only; see docs/legal/public-tracking-consent-plan.md.
Last updated
May 27, 2026
This is public policy posture for paid-beta evaluation, not a DPA, BAA, legal terms document, certification claim, or instant deletion promise.
Beta scope
Current paid-beta privacy scope
Public forms stay buyer-safe and protected payroll/practice operations data stays behind authenticated, tenant-scoped workflows. Public pages explain the current paid-beta privacy posture without creating a DPA, BAA, instant deletion promise, or certification claim.
Contact
Privacy or rights requests
Email privacy@claracaps.com without PHI, payroll files, employee SSNs, credentials, raw payroll rows, exploit payloads, or sensitive customer data.
Runtime smoke boundary
What was checked for paid-beta readiness
Source-backed launch smoke checks confirm privacy, terms, and security routes are public; protected app routes remain auth/no-store bounded; public demo paths avoid sensitive fields; robots and sitemap keep public policy pages separate from protected app surfaces.