Privacy Policy

Effective date: March 17, 2026 — Last updated: March 17, 2026

Chanel Services ("we", "our") operates the Clarify IA mobile application. This policy describes how we collect, use and protect your data.

1. Data Collection

Core principle : Clarify IA is designed following the data minimization principle. No mail content is stored on our servers.

Data processed :

• OCR text: extracted entirely on your device (Google ML Kit, offline). Text is sent transiently to our cloud service for AI analysis, then immediately deleted.
• Anonymous identifier: an automatically generated unique ID (Firebase anonymous Auth) to manage your credit quota. It contains no personal information.
• Usage counter: the number of credits used this month, stored server-side to enforce the plan limit.
• Local history: your analysis results are stored locally on your device, encrypted with a key generated by FlutterSecureStorage. They never leave your phone.

2. Permissions

• Camera : to photograph your administrative mail.
• Photo gallery : to import existing images of mail.
• Notifications : for deadline reminders (optional, can be disabled).

3. Third-Party Services

• Google ML Kit : On-device OCR only (no data sent to Google).
• Firebase (Google) : anonymous authentication and quota management. No mail content is stored in Firebase.
• Anthropic (Claude API) : AI analysis of OCR text via our Cloud Function. Text is processed transiently and is not retained by Anthropic per their API data policy.
• RevenueCat : in-app subscription management. RevenueCat only receives necessary transaction data.

3b. Legal Basis for Processing

• Performance of contract (art. 6.1.b RGPD) : processing of OCR text through our AI analysis service is necessary for the provision of the service you use.
• Legitimate interest (art. 6.1.f RGPD) : managing credit quotas and anonymous authentication are necessary for the proper functioning and security of the service.

3c. Transfers Outside the European Union

Some of our subprocessors are located in the United States. Data transfers to these providers are governed by the European Commission's Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework (DPF):

• Google LLC (Firebase) — DPF certified
• Anthropic PBC — Standard Contractual Clauses
• RevenueCat Inc. — Standard Contractual Clauses

4. Data Retention

• Mail content: never stored server-side. Transient processing only.
• Local history: kept on your device until manual deletion.
• Quota counter: automatically reset each month.

5. Children's Privacy

Clarify IA is not intended for persons under 16 years of age. We do not knowingly collect data from minors.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights: access, rectification, erasure, portability, restriction of processing and objection. Since we do not store any personally identifiable data server-side, most of these rights are satisfied by design.

To delete your local history, go to Settings > Delete history.

You also have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr.

7. Contact