Privacy Policy
Your Privacy Matters to Us
Explore our Privacy Policy to learn how we collect, use, and safeguard the information you share with us.
Privacy Policy
Your Privacy Matters to Us
Explore our Privacy Policy to learn how we collect, use, and safeguard the information you share with us.
Updated
December 2025
Privacy Policy
Effective Date: December 2, 2025
Last Updated: December 2, 2025
Introduction
This Privacy Policy describes how Claribi OÜ ("Claribi", "we", "our", or "us") collects, uses, and protects your personal information when you access our website at https://claribi.ai/ (the "Site") or use our AI-powered analytics platform (the "Service").
By accessing or using the Site or Service, you agree to the collection and use of information as described in this Privacy Policy, our Terms of Use, and our Data Processing Addendum (DPA).
Important: This Privacy Policy works together with three documents:
· Terms of Use (https://claribi.ai/terms): Service conditions, your responsibilities, disclaimers, security breach notification procedures
· Data Processing Addendum (https://claribi.ai/dpa): How we process data, subprocessors, retention schedules, security details
· This Policy: What we collect, why we collect it, how to exercise your rights
Our Services operates on a "zero-data-exposure" principle. We process only report metadata from your Power BI environment. We do not access, store, copy, or process the underlying raw business data in your reports.
1. Owner and Data Controller
Company: Claribi OÜ
Legal Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Register Code: 17294684
Country of Incorporation: Republic of Estonia
Privacy & Data Protection Contact:
Email: privacy@claribi.com
Response time: Within 5 business days
General Support:
Email: support@claribi.com
Legal Inquiries:
Email: legal@claribi.com
If you wish to object to the collection, processing, or use of your data in accordance with this Privacy Policy, either in its entirety or for specific measures, you may address your objection to privacy@claribi.com.
2. Claribi's Role: Data Controller vs. Data Processor
Claribi acts as Data Controller for:
· Account registration data (name, email address, Microsoft Tenant ID, User Object ID)
· Billing and payment information
· Aggregate usage analytics
· Marketing communications (if opted-in)
· Security and fraud prevention data
For this data, this Privacy Policy governs our processing.
Claribi acts as Data Processor for:
· Metadata you upload to Claribi Console (PBIX file metadata)
· Queries and content processed through Claribi End-User Service
· Data processed under your documented instructions
For this data, our Data Processing Addendum (https://claribi.ai/dpa) governs our obligations. The DPA is incorporated by reference into our Terms of Use.
A. Information You Voluntarily Provide
Contact and Professional Data:
When you request a demo, initiate a free trial, or contact us, we collect:
· Full name
· Email address
· Company name
· Job title
· Message content
Account Registration Data:
When you create an account via Microsoft Entra ID:
· Email address
· Name (from Microsoft profile)
· Microsoft Tenant ID
· Unique User Object ID (OID)
Important: Claribi does NOT store or process your Microsoft passwords or password hashes. Authentication is handled exclusively by Microsoft Entra ID.
Billing Data:
When you subscribe to a paid plan:
· Billing address
· Tax information
· Invoice records
Payment card data is processed exclusively by Paddle (our payment processor). We do NOT store or have access to full credit card details.
Service Metadata:
To provision the Service, you upload Power BI metadata:
· Report names
· Table names and structures
· Column identifiers
· Schema information
Critically: We do NOT collect or process the underlying business data within your reports. You are responsible for reviewing, anonymizing, or pseudonymizing sensitive metadata before uploading.
Support Communications:
· Emails and messages sent to support@claribi.com
· Attachments and ticket content
B. Information Collected Automatically
Log and Usage Data:
· Internet Protocol (IP) address
· Browser type and version
· Operating system and device information
· Pages viewed and access times
· Referring website addresses
· Aggregated and anonymized usage statistics
Cookies and Tracking Technologies:
See Section "Cookies Policy" below.
3.5 Minors and Age Restrictions
Age Requirement:
Our Services are intended for users aged 18 years and older. We do not knowingly collect personal information from children under the age of 18.
If You Are Under 18:
· Do not use our Services
· Do not provide any personal information to Claribi
· If you have already provided information, please contact privacy@claribi.com immediately
Parental/Guardian Consent:
If you believe a minor has created an account or provided information to Claribi, please contact privacy@claribi.com and we will delete the account and associated data without undue delay.
For EU Users (GDPR Article 8):
In some EU countries, different age thresholds may apply (e.g., 13-16 years old). In such cases, we require parental/guardian consent for users below the country-specific age threshold.
We comply with local age of digital consent requirements in all jurisdictions.
4. How We Use Your Information
Service Provision:
· Create and manage your account
· Deliver Service functionalities
· Process transactions and manage subscriptions
· Provide technical support
Service Improvement:
· Diagnose technical issues
· Understand usage patterns
· Develop new features
· Enhance platform performance
Critical: Your specific report metadata is NOT used to train AI models for other customers or third parties.
Communication:
· Respond to inquiries
· Send administrative updates
· Send marketing communications (you can opt-out anytime)
Security and Legal Compliance:
· Maintain platform security and prevent fraud
· Enforce Terms of Use and policies
· Comply with legal and regulatory obligations
· Respond to lawful government requests
· Protect rights and safety of Claribi, users, and the public
Purpose Limitation and Data Use Restrictions
We process your personal data ONLY for the purposes explicitly described in this Privacy Policy. We do NOT use your data for:
· Training or improving AI models without your explicit consent
· Selling, trading, or renting your personal information
· Behavioral profiling or surveillance beyond what is necessary for the Service
· Marketing purposes if you have opted out
· Any purpose not stated in this Policy
If we intend to process your data for a purpose not listed here, we will provide notice and obtain your consent where required by law.
Contractual and Pre-Contractual Processing
We process the following personal data to establish and fulfill our contractual relationship with you:
· Full name
· Email address
· Billing address
· Company information
· Subscription plan selected
· Payment information (processed via Paddle, not stored by us)
· Usage data related to your subscription
Legal Basis: Article 6(1)(b) GDPR (performance of contract)
This data is necessary for:
· Account creation and management
· Billing and invoice generation
· Providing contracted Services
· Technical support and issue resolution
· Service updates and security notifications
Pre-Contractual and Support Communications
When you contact us via email, support form, or other channels, we process your contact information to:
· Respond to your inquiry or request
· Provide technical support or sales information
· Handle service-related issues
· Process your feedback
Legal Basis:
· If you are inquiring about our Services before becoming a customer: Article 6(1)(f) GDPR (legitimate interest to respond to inquiries)
· If you request a demo or trial: Article 6(1)(b) GDPR (pre-contractual measures at your request)
· If you are an existing customer: Article 6(1)(b) GDPR (contractual obligation to provide support)
Support communications are retained for 2 years for legal compliance and dispute resolution purposes.
Marketing Communications and Preferences
We may send you marketing communications about our Services, new features, promotions, and events. This includes newsletters, product updates, and webinar invitations.
Your Consent:
· Marketing communications are sent only to contacts who have opted-in or are existing customers
· You can opt-out of marketing communications at any time
How to Opt-Out:
Option 1: Click the "Unsubscribe" link at the bottom of any marketing email
Option 2: Contact us at marketing@claribi.com with subject "[Unsubscribe Request]"
Option 3: Update your preferences in your account settings (if you have an account)
Legal Basis: Article 6(1)(f) GDPR (legitimate interest in promoting our Services)
Important: Even if you opt-out of marketing communications, we will still send you:
· Service-related announcements (account updates, security alerts)
· Billing and invoice notifications
· Service suspension or termination notices
· Legal and compliance communications
We will honor your opt-out request within 10 business days.
5. Third-Party Services and Data Sharing
We do NOT sell, rent, or trade your personal information. We share data with trusted service providers only for the purposes described in this Policy.
Data Shared:
· Email address
· Billing address
· Tax information
· Payment method information
Purpose: Process subscriptions, calculate taxes, issue invoices
Paddle's Role: Merchant of Record (handles all payment processing)
Paddle's Legal Terms:
· Master Services Agreement: https://www.paddle.com/legal/terms
· Checkout Buyer Terms: https://www.paddle.com/legal/checkout-buyer-terms
· Privacy Policy: https://www.paddle.com/legal/privacy
Important: We do NOT store credit card details. Paddle manages all payment data.
Your Rights: Contact privacy@claribi.com or Paddle at privacy@paddle.com for payment-related data requests.
Authentication (Microsoft Entra ID)
Data Processed by Microsoft:
· Email address
· Name
· Microsoft Tenant ID
· User Object ID
· Authentication tokens
Purpose: User authentication and Single Sign-On (SSO)
Critical: Claribi never stores or processes Microsoft passwords. Authentication is handled exclusively by Microsoft.
Microsoft's Privacy: https://privacy.microsoft.com/
Microsoft's Cloud Agreement: Governs Microsoft's handling of your data
AI Processing (OpenAI and Google Gemini)
To generate code, answer queries, and provide recommendations, we send your prompts and schema metadata to third-party LLM providers.
OpenAI (ChatGPT API):
· Data sent: User prompts, queries, and schema metadata (NOT underlying business data)
· Data retention: OpenAI retains API data for 30 days for abuse prevention, then deletes
· Training: Your data is NOT used to train OpenAI models (excluded per OpenAI API terms)
· Location: United States (protected by Standard Contractual Clauses)
· Privacy: https://openai.com/privacy
Google Gemini API:
· Data sent: User prompts, queries, and schema metadata (NOT underlying business data)
· Data retention: NOT retained after processing (per Google Cloud terms)
· Training: Your data is NOT used for model training
· Location: United States or European Union (depending on region configuration)
· Privacy: https://cloud.google.com/terms/cloud-privacy-notice
· Limited Use: Claribi's use of data received from Google APIs adheres strictly to Google's Limited Use Requirements and API Services User Data Policy
Your Consent: By using the Service, you consent to these transfers to US-based providers.
Railway
· Provider: Railway Corp
· Location: EU (Amsterdam, Netherlands) - Primary region
· Purpose: Application hosting, data storage, compute resources, and managed backup
· Data Processed: Uploaded Content, application logs, metadata, backups (all encrypted)
· Privacy Policy: https://railway.app/privacy
Neon (PostgreSQL Database)
· Provider: Neon, Inc.
· Location: AWS EU (Frankfurt, Germany)
· Purpose: Managed serverless PostgreSQL database for persistent data storage
· Data Processed: User account details, user uploaded data, usage statistics, generated content (all encrypted)
· Privacy Policy: https://neon.tech/privacy
Amazon Web Services (AWS)
· Provider: Amazon Web Services EMEA SARL (via Railway and Neon)
· Location: EU (Frankfurt, Germany) and EU (Amsterdam, Netherlands)
· Purpose: Underlying infrastructure for Railway and Neon platforms
· Data Processed: Encrypted application data and metadata
· Privacy Policy: https://aws.amazon.com/privacy/
Optional Third-Party Integrations
The following third-party services offer optional integrations with Claribi. These integrations are entirely optional and you control whether to enable or disable them.
When you enable an integration, certain data will be transmitted to the third party to facilitate the integration. You can enable or disable integrations in your account settings at any time.
Important: Data transmitted to third-party integrations is subject to:
1. This Privacy Policy (for Claribi's processing of data)
2. The third party's own privacy policy (for their processing of data)
You are responsible for reviewing each third party's privacy policy before enabling their integration.
Currently Supported Integrations:
· Microsoft Entra ID (for authentication only)
· OpenAI (for natural language processing)
· Google Gemini (for natural language processing)
Analytics Services (Currently Not Utilized)
We may engage third-party analytics providers in the future (e.g., Mixpanel, Amplitude) to analyze Site traffic and usage patterns. When implemented, these providers will have their own privacy policies governing their use of data.
Notification: We will notify you at least 30 days before adding analytics services.
We implement robust technical, administrative, and physical security measures:
· Encryption at rest (AES-256 or equivalent)
· Encryption in transit (TLS 1.2 or higher)
· Role-based access controls (RBAC)
· Multi-factor authentication (MFA)
· Regular vulnerability scanning and patch management
· Security monitoring and logging
· Employee confidentiality agreements
Limitation: No method of Internet transmission or electronic storage is 100% secure. You acknowledge that you provide your information at your own risk.
Technical and Organizational Measures (TOMs)
We maintain technical and organizational measures (TOMs) in accordance with GDPR Article 32, continuously updated to reflect current best practices:
· Encryption at rest (AES-256 or equivalent)
· Encryption in transit (TLS 1.2 or higher)
· Role-based access controls (RBAC)
· Multi-factor authentication (MFA) for administrative accounts
· Regular vulnerability scanning and penetration testing
· Security monitoring and logging
· Employee confidentiality and security training
· Incident response procedures
For a detailed and current list of our TOMs: See Data Processing Addendum (https://claribi.ai/dpa), Appendix A: "Technical and Organizational Security Measures"
7. International Data Transfers and Legal Safeguards
Your personal data, including data collected in the European Economic Area (EEA) or United Kingdom (UK), may be transferred to the United States and other countries where our service providers are located (e.g., OpenAI, Paddle, AWS).
Legal Basis: Standard Contractual Clauses (SCCs)
How We Protect Your Data:
· Use EU Commission Standard Contractual Clauses (SCCs), Modules 2 and 3
· Conduct Transfer Impact Assessments (TIAs) per EDPB guidance
· Require Subprocessors to use equivalent safeguards (SCCs or Privacy Shield successors)
· Ensure adequate protection equivalent to EEA standards
Your Consent: By accepting this Privacy Policy and Terms of Use, you consent to these international transfers.
Your Rights: You may request:
1. Full documentation of SCCs and Transfer Impact Assessments
2. Information about specific safeguards in place
3. Details on how your data is protected during transfers
Contact privacy@claribi.com to exercise these rights.
Data Protection Framework and Adequacy Mechanisms
Current Framework:
We currently rely on Standard Contractual Clauses (SCCs) for international transfers as described in this section.
Future Changes:
If EU-US adequacy decisions or other legal frameworks change, we will:
1. Update our data transfer mechanisms to remain compliant
2. Notify you of changes at least 30 days in advance
3. Provide equivalent or better protections
Monitoring Legal Changes:
We continuously monitor EDPB guidance, court decisions, and regulatory updates (e.g., Schrems III implications) and adjust our practices accordingly.
Full Details: See Data Processing Addendum (https://claribi.ai/dpa), Appendix C: "International Data Transfers and Standard Contractual Clauses"
8. Data Retention and Legal Obligations
We retain personal data only as long as necessary for the purposes described in this Policy or required by applicable law.
For detailed retention periods by data category, see Data Processing Addendum (https://claribi.ai/dpa), Section 12.
Key Retention Periods:
· Account data (during subscription): Duration of active subscription
· Account data (after deletion request): 30 days (backup recovery)
· Metadata backups: 90 days (disaster recovery only)
· Support tickets: 2 years (legal/compliance)
· Billing records and invoices: 7 years (Estonian Accounting Act requirement)
· Authentication logs: 90 days (security/fraud prevention)
· Free trial marker: up to 3 years from the last interaction related to the free trial, to prevent abuse and fraud.
We may retain personal data longer than standard periods if required by applicable law:
Estonian Commercial Law (Raamatupidamise seadus):
· Retention period: 7 years
· Applies to: Invoices, billing records, contract data
Estonian Tax Law (Maksukorralduse seadus):
· Retention period: 7 years
· Applies to: Tax-related documentation, transaction records
Statutory Limitation Periods (Estonian Law of Obligations Act):
· Standard limitation: 3 years
· Extended limitation: Up to 30 years in certain cases
· Applies to: Evidence preservation for potential legal claims
Legal Basis: Article 6(1)(c) GDPR (legal obligation)
During legal retention periods, we restrict processing to the specific legal purpose and do not use the data for other purposes.
Aggregated and Anonymized Data
Once data cannot be associated with you (fully anonymized), it may be retained indefinitely for statistical and analytical purposes.
If a court order, regulatory investigation, or legal dispute applies, we may retain data beyond standard periods. You will be notified when legally possible.
9. Your Data Protection Rights and How to Exercise Them
Depending on your jurisdiction, you may have the following rights under GDPR, CCPA, or other data protection laws.
Your Rights:
1. Right to Access (Article 15): Request a copy of all personal data we hold about you
2. Right to Rectification (Article 16): Request correction of inaccurate or incomplete information
3. Right to Erasure (Article 17): Request deletion of your data (subject to exceptions for legal compliance)
4. Right to Restrict Processing (Article 18): Request limitation on how we use your data
5. Right to Data Portability (Article 20): Request your data in a machine-readable format
6. Right to Object (Article 21): Object to processing for marketing or profiling
7. Right to Withdraw Consent: Withdraw consent for optional processing at any time
8. Right to Lodge a Complaint: File a complaint with your supervisory authority
Your Rights:
· Right to Know: Request what personal data we collect about you
· Right to Delete: Request deletion of your data (subject to exceptions)
· Right to Opt-Out: Opt-out of "sale" or "sharing" of personal data
· Right to Non-Discrimination: We will not discriminate if you exercise your rights
Claribi's Practices:
· We do NOT sell personal data
· We do NOT share personal data for targeted advertising or marketing profiling
· Personal data is used only for: service delivery, fraud prevention, legal compliance
How to Submit a Data Subject Request
Email: privacy@claribi.com
Subject Line: [GDPR Request] or [CCPA Request] - [Your Name]
Include in Your Request:
· Your full name
· Email address
· Account ID (if applicable)
· Type of request (Access, Deletion, Portability, Rectification, etc.)
· Detailed description of what you are requesting
· Acknowledgment: Within 5 business days
· Fulfillment: Within 30 calendar days (extendable to 60 days for complex requests)
· Format: Structured, machine-readable format (CSV, JSON, or original file formats)
Important Notes:
· We may ask you to verify your identity before responding
· Some requests may be refused if manifestly unfounded, excessive, or impractical
· Legal obligations may prevent deletion of certain data
· Authorized agents can submit requests on your behalf (with power of attorney)
Fee Structure for Data Subject Requests
First Request Per Calendar Year: FREE
Additional Requests: EUR 99 administrative processing fee per request
This fee applies to:
· Second and subsequent data access requests in the same calendar year
· Excessive or repetitive requests that are manifestly unfounded
· Complex requests requiring significant additional effort
Exemptions from Fees:
· No fee charged if the request is justified
· No fee charged for requests related to data breaches or illegal processing
· No fee charged for requests to rectify or delete data (erasure, rectification)
We will inform you of any applicable fees before processing your request and offer you the opportunity to withdraw it.
Right to Object to Data Collection
You have the right to object to the collection, processing, or use of your personal data in accordance with this Privacy Policy, either in its entirety or for specific measures.
To lodge an objection:
Email: privacy@claribi.com
Subject: [Data Collection Objection]
Include:
· Your name and email address
· Account ID (if applicable)
· Clear description of what you are objecting to
· Reasons for your objection
We will respond within 5 business days and address your objection in accordance with applicable data protection laws.
Right Not to Be Subject to Automated Decision-Making
You have the right under GDPR Article 22 not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you.
Claribi's Practice:
Claribi does NOT engage in automated decision-making or profiling that produces legal or significant effects. Specifically:
· We do NOT make automated decisions about your eligibility for services
· We do NOT use profiling to determine pricing or terms
· We do NOT use automated systems to evaluate creditworthiness or approve/deny subscriptions
· Any decisions affecting your account are made by human representatives
If you have concerns about automated processing of your data, contact privacy@claribi.com.
Lodge a Complaint with Your Supervisory Authority
If you believe Claribi violates your data protection rights, you have the right to lodge a complaint:
Estonia: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
· Website: www.aki.ee
· Email: info@aki.ee
European Union: Your national data protection authority in your member state
United Kingdom: Information Commissioner's Office (ICO)
· Website: www.ico.org.uk
· Email: casework@ico.org.uk
California (USA): California Attorney General
· Website: oag.ca.gov
No Charge: Filing a complaint is free.
Claribi uses trusted third-party service providers (Subprocessors) to deliver and improve the Service.
Current Subprocessors:
For a complete, updated list of all Subprocessors including names, locations, and purposes:
https://claribi.ai/subprocessors
· We update this list regularly
· We notify you at least 30 days before adding or materially changing a Subprocessor
· Notification is sent via email and posted on our website
Your Right to Object:
You have 15 days from notification to object to a new Subprocessor based on data protection or security concerns.
If you object and we cannot resolve your concerns, you may terminate the affected Services without penalty.
If Claribi is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
We use cookies and similar tracking technologies to monitor Site activity and improve your experience.
Strictly Necessary Cookies:
· Essential for Site authentication and functionality
· Cannot be disabled without affecting core features
· Examples: Session tokens, CSRF protection, user preferences
· Legal Basis: Article 6(1)(b) GDPR (necessary for Service provision), no consent required
Performance Cookies:
· Allow us to count visits and analyze traffic sources
· Help us measure Site performance and user behavior
· Examples: Page view tracking, bounce rates, session duration
· Legal Basis: Article 6(1)(f) GDPR (legitimate interest in improving Service)
· Consent: Your explicit consent is required before loading
Functional Cookies:
· Enable enhanced functionality and personalization
· Remember your preferences and choices
· Examples: Language preferences, layout choices
· Legal Basis: Article 6(1)(f) GDPR (legitimate interest in user experience)
· Consent: Your explicit consent is required before loading
Cookie Consent and Legal Basis
On your first visit to the Site, we display a cookie consent banner allowing you to:
· Accept all cookies
· Reject non-essential cookies
· View our full Cookie Policy
· Customize individual cookie types
Your cookie preferences are stored in a "consent cookie" that prevents us from showing the banner repeatedly.
You can control cookies through your browser settings:
· Refuse all cookies
· Accept only certain cookie types
· Delete cookies from your browser
Limitation: If you disable all cookies, some Site features may not function properly, and you may not be able to use certain parts of the Service.
13. Links to Other Websites and Third-Party Content
Our Site may contain links to third-party websites, applications, and services not operated or controlled by Claribi, including but not limited to:
· Social media platforms (LinkedIn, GitHub, Twitter, etc.)
· Documentation and help resources
· Partner websites and integrations
· Marketing sites and blogs
Disclaimer:
We have no control over and assume no responsibility for:
· Content, accuracy, or functionality of third-party sites
· Their privacy policies, data practices, or terms of service
· Security or compliance practices of third-party services
· Any personal data you provide to third parties
Your Responsibility:
· Review each third party's privacy policy before using their service
· Verify you understand their data handling practices
· Make independent decisions about sharing your information
Important: Our linking to third-party sites does NOT imply endorsement or affiliation. We are not responsible for any transactions, disputes, or data loss resulting from third-party services.
Third-Party Integrations Exception:
For the optional integrations we officially support (Microsoft, OpenAI, Google Gemini), see Section 5: "Optional Third-Party Integrations" for specific privacy details.
14. Security Breach Notification
For information about our security breach notification procedures, including our response timeline and notification process, please see our Terms of Use, Section 12.6: "Security Breach Notification (72-Hour Requirement)".
In summary:
· We investigate any confirmed data breach within our infrastructure
· We notify affected users and authorities within 72 hours as required by law
· We take reasonable measures to mitigate harm and prevent future incidents
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
· Changes in our practices
· New technology or infrastructure
· Legal or regulatory requirements
· Feedback and business improvements
Material Changes:
· Email notification to your registered account email
· Prominent notice on our website
· Request for explicit consent where required by law
Minor Changes:
· Posted on this page
· No advance notice required
Effective Date: Changes become effective when posted unless we specify otherwise.
Your Acknowledgment: Your continued use of the Site or Service after any changes constitutes your acceptance of the modified Privacy Policy.
16. Cross-References to Other Documents
This Privacy Policy works alongside three key documents:
Document
Location
Covers
Terms of Use
Service conditions, your obligations, disclaimers, SLA, cookies detail, security breach procedures
Data Processing Addendum
Data retention schedules, subprocessor obligations, SCCs, security measures, audit rights
Subprocessor List
https://claribi.ai/subprocessors
Updated list of all service providers and their locations
You have the right to save and print this Privacy Policy at any time for your records.
For questions or concerns regarding this Privacy Policy or our data processing practices:
Privacy & Data Protection Inquiries:
· Email: privacy@claribi.com
· Response time: Within 5 business days
Data Subject Rights Requests:
· Email: privacy@claribi.com
· Subject: [GDPR Request] or [CCPA Request]
· Response time: 5 business days (acknowledgment), 30 days (fulfillment)
General Support:
· Email: support@claribi.com
Marketing Communication Preferences:
· Email: marketing@claribi.com
· Subject: [Unsubscribe Request]
Legal Notices:
· Email: legal@claribi.com
Mailing Address:
Claribi OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551
Estonia
Effective Date: December 2, 2025
Last Updated: December 2, 2025
Version: 1.1
End of Privacy Policy
Privacy Policy
Effective Date: December 2, 2025
Last Updated: December 2, 2025
Introduction
This Privacy Policy describes how Claribi OÜ ("Claribi", "we", "our", or "us") collects, uses, and protects your personal information when you access our website at https://claribi.ai/ (the "Site") or use our AI-powered analytics platform (the "Service").
By accessing or using the Site or Service, you agree to the collection and use of information as described in this Privacy Policy, our Terms of Use, and our Data Processing Addendum (DPA).
Important: This Privacy Policy works together with three documents:
· Terms of Use (https://claribi.ai/terms): Service conditions, your responsibilities, disclaimers, security breach notification procedures
· Data Processing Addendum (https://claribi.ai/dpa): How we process data, subprocessors, retention schedules, security details
· This Policy: What we collect, why we collect it, how to exercise your rights
Our Services operates on a "zero-data-exposure" principle. We process only report metadata from your Power BI environment. We do not access, store, copy, or process the underlying raw business data in your reports.
1. Owner and Data Controller
Company: Claribi OÜ
Legal Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Register Code: 17294684
Country of Incorporation: Republic of Estonia
Privacy & Data Protection Contact:
Email: privacy@claribi.com
Response time: Within 5 business days
General Support:
Email: support@claribi.com
Legal Inquiries:
Email: legal@claribi.com
If you wish to object to the collection, processing, or use of your data in accordance with this Privacy Policy, either in its entirety or for specific measures, you may address your objection to privacy@claribi.com.
2. Claribi's Role: Data Controller vs. Data Processor
Claribi acts as Data Controller for:
· Account registration data (name, email address, Microsoft Tenant ID, User Object ID)
· Billing and payment information
· Aggregate usage analytics
· Marketing communications (if opted-in)
· Security and fraud prevention data
For this data, this Privacy Policy governs our processing.
Claribi acts as Data Processor for:
· Metadata you upload to Claribi Console (PBIX file metadata)
· Queries and content processed through Claribi End-User Service
· Data processed under your documented instructions
For this data, our Data Processing Addendum (https://claribi.ai/dpa) governs our obligations. The DPA is incorporated by reference into our Terms of Use.
A. Information You Voluntarily Provide
Contact and Professional Data:
When you request a demo, initiate a free trial, or contact us, we collect:
· Full name
· Email address
· Company name
· Job title
· Message content
Account Registration Data:
When you create an account via Microsoft Entra ID:
· Email address
· Name (from Microsoft profile)
· Microsoft Tenant ID
· Unique User Object ID (OID)
Important: Claribi does NOT store or process your Microsoft passwords or password hashes. Authentication is handled exclusively by Microsoft Entra ID.
Billing Data:
When you subscribe to a paid plan:
· Billing address
· Tax information
· Invoice records
Payment card data is processed exclusively by Paddle (our payment processor). We do NOT store or have access to full credit card details.
Service Metadata:
To provision the Service, you upload Power BI metadata:
· Report names
· Table names and structures
· Column identifiers
· Schema information
Critically: We do NOT collect or process the underlying business data within your reports. You are responsible for reviewing, anonymizing, or pseudonymizing sensitive metadata before uploading.
Support Communications:
· Emails and messages sent to support@claribi.com
· Attachments and ticket content
B. Information Collected Automatically
Log and Usage Data:
· Internet Protocol (IP) address
· Browser type and version
· Operating system and device information
· Pages viewed and access times
· Referring website addresses
· Aggregated and anonymized usage statistics
Cookies and Tracking Technologies:
See Section "Cookies Policy" below.
3.5 Minors and Age Restrictions
Age Requirement:
Our Services are intended for users aged 18 years and older. We do not knowingly collect personal information from children under the age of 18.
If You Are Under 18:
· Do not use our Services
· Do not provide any personal information to Claribi
· If you have already provided information, please contact privacy@claribi.com immediately
Parental/Guardian Consent:
If you believe a minor has created an account or provided information to Claribi, please contact privacy@claribi.com and we will delete the account and associated data without undue delay.
For EU Users (GDPR Article 8):
In some EU countries, different age thresholds may apply (e.g., 13-16 years old). In such cases, we require parental/guardian consent for users below the country-specific age threshold.
We comply with local age of digital consent requirements in all jurisdictions.
4. How We Use Your Information
Service Provision:
· Create and manage your account
· Deliver Service functionalities
· Process transactions and manage subscriptions
· Provide technical support
Service Improvement:
· Diagnose technical issues
· Understand usage patterns
· Develop new features
· Enhance platform performance
Critical: Your specific report metadata is NOT used to train AI models for other customers or third parties.
Communication:
· Respond to inquiries
· Send administrative updates
· Send marketing communications (you can opt-out anytime)
Security and Legal Compliance:
· Maintain platform security and prevent fraud
· Enforce Terms of Use and policies
· Comply with legal and regulatory obligations
· Respond to lawful government requests
· Protect rights and safety of Claribi, users, and the public
Purpose Limitation and Data Use Restrictions
We process your personal data ONLY for the purposes explicitly described in this Privacy Policy. We do NOT use your data for:
· Training or improving AI models without your explicit consent
· Selling, trading, or renting your personal information
· Behavioral profiling or surveillance beyond what is necessary for the Service
· Marketing purposes if you have opted out
· Any purpose not stated in this Policy
If we intend to process your data for a purpose not listed here, we will provide notice and obtain your consent where required by law.
Contractual and Pre-Contractual Processing
We process the following personal data to establish and fulfill our contractual relationship with you:
· Full name
· Email address
· Billing address
· Company information
· Subscription plan selected
· Payment information (processed via Paddle, not stored by us)
· Usage data related to your subscription
Legal Basis: Article 6(1)(b) GDPR (performance of contract)
This data is necessary for:
· Account creation and management
· Billing and invoice generation
· Providing contracted Services
· Technical support and issue resolution
· Service updates and security notifications
Pre-Contractual and Support Communications
When you contact us via email, support form, or other channels, we process your contact information to:
· Respond to your inquiry or request
· Provide technical support or sales information
· Handle service-related issues
· Process your feedback
Legal Basis:
· If you are inquiring about our Services before becoming a customer: Article 6(1)(f) GDPR (legitimate interest to respond to inquiries)
· If you request a demo or trial: Article 6(1)(b) GDPR (pre-contractual measures at your request)
· If you are an existing customer: Article 6(1)(b) GDPR (contractual obligation to provide support)
Support communications are retained for 2 years for legal compliance and dispute resolution purposes.
Marketing Communications and Preferences
We may send you marketing communications about our Services, new features, promotions, and events. This includes newsletters, product updates, and webinar invitations.
Your Consent:
· Marketing communications are sent only to contacts who have opted-in or are existing customers
· You can opt-out of marketing communications at any time
How to Opt-Out:
Option 1: Click the "Unsubscribe" link at the bottom of any marketing email
Option 2: Contact us at marketing@claribi.com with subject "[Unsubscribe Request]"
Option 3: Update your preferences in your account settings (if you have an account)
Legal Basis: Article 6(1)(f) GDPR (legitimate interest in promoting our Services)
Important: Even if you opt-out of marketing communications, we will still send you:
· Service-related announcements (account updates, security alerts)
· Billing and invoice notifications
· Service suspension or termination notices
· Legal and compliance communications
We will honor your opt-out request within 10 business days.
5. Third-Party Services and Data Sharing
We do NOT sell, rent, or trade your personal information. We share data with trusted service providers only for the purposes described in this Policy.
Data Shared:
· Email address
· Billing address
· Tax information
· Payment method information
Purpose: Process subscriptions, calculate taxes, issue invoices
Paddle's Role: Merchant of Record (handles all payment processing)
Paddle's Legal Terms:
· Master Services Agreement: https://www.paddle.com/legal/terms
· Checkout Buyer Terms: https://www.paddle.com/legal/checkout-buyer-terms
· Privacy Policy: https://www.paddle.com/legal/privacy
Important: We do NOT store credit card details. Paddle manages all payment data.
Your Rights: Contact privacy@claribi.com or Paddle at privacy@paddle.com for payment-related data requests.
Authentication (Microsoft Entra ID)
Data Processed by Microsoft:
· Email address
· Name
· Microsoft Tenant ID
· User Object ID
· Authentication tokens
Purpose: User authentication and Single Sign-On (SSO)
Critical: Claribi never stores or processes Microsoft passwords. Authentication is handled exclusively by Microsoft.
Microsoft's Privacy: https://privacy.microsoft.com/
Microsoft's Cloud Agreement: Governs Microsoft's handling of your data
AI Processing (OpenAI and Google Gemini)
To generate code, answer queries, and provide recommendations, we send your prompts and schema metadata to third-party LLM providers.
OpenAI (ChatGPT API):
· Data sent: User prompts, queries, and schema metadata (NOT underlying business data)
· Data retention: OpenAI retains API data for 30 days for abuse prevention, then deletes
· Training: Your data is NOT used to train OpenAI models (excluded per OpenAI API terms)
· Location: United States (protected by Standard Contractual Clauses)
· Privacy: https://openai.com/privacy
Google Gemini API:
· Data sent: User prompts, queries, and schema metadata (NOT underlying business data)
· Data retention: NOT retained after processing (per Google Cloud terms)
· Training: Your data is NOT used for model training
· Location: United States or European Union (depending on region configuration)
· Privacy: https://cloud.google.com/terms/cloud-privacy-notice
· Limited Use: Claribi's use of data received from Google APIs adheres strictly to Google's Limited Use Requirements and API Services User Data Policy
Your Consent: By using the Service, you consent to these transfers to US-based providers.
Railway
· Provider: Railway Corp
· Location: EU (Amsterdam, Netherlands) - Primary region
· Purpose: Application hosting, data storage, compute resources, and managed backup
· Data Processed: Uploaded Content, application logs, metadata, backups (all encrypted)
· Privacy Policy: https://railway.app/privacy
Neon (PostgreSQL Database)
· Provider: Neon, Inc.
· Location: AWS EU (Frankfurt, Germany)
· Purpose: Managed serverless PostgreSQL database for persistent data storage
· Data Processed: User account details, user uploaded data, usage statistics, generated content (all encrypted)
· Privacy Policy: https://neon.tech/privacy
Amazon Web Services (AWS)
· Provider: Amazon Web Services EMEA SARL (via Railway and Neon)
· Location: EU (Frankfurt, Germany) and EU (Amsterdam, Netherlands)
· Purpose: Underlying infrastructure for Railway and Neon platforms
· Data Processed: Encrypted application data and metadata
· Privacy Policy: https://aws.amazon.com/privacy/
Optional Third-Party Integrations
The following third-party services offer optional integrations with Claribi. These integrations are entirely optional and you control whether to enable or disable them.
When you enable an integration, certain data will be transmitted to the third party to facilitate the integration. You can enable or disable integrations in your account settings at any time.
Important: Data transmitted to third-party integrations is subject to:
1. This Privacy Policy (for Claribi's processing of data)
2. The third party's own privacy policy (for their processing of data)
You are responsible for reviewing each third party's privacy policy before enabling their integration.
Currently Supported Integrations:
· Microsoft Entra ID (for authentication only)
· OpenAI (for natural language processing)
· Google Gemini (for natural language processing)
Analytics Services (Currently Not Utilized)
We may engage third-party analytics providers in the future (e.g., Mixpanel, Amplitude) to analyze Site traffic and usage patterns. When implemented, these providers will have their own privacy policies governing their use of data.
Notification: We will notify you at least 30 days before adding analytics services.
We implement robust technical, administrative, and physical security measures:
· Encryption at rest (AES-256 or equivalent)
· Encryption in transit (TLS 1.2 or higher)
· Role-based access controls (RBAC)
· Multi-factor authentication (MFA)
· Regular vulnerability scanning and patch management
· Security monitoring and logging
· Employee confidentiality agreements
Limitation: No method of Internet transmission or electronic storage is 100% secure. You acknowledge that you provide your information at your own risk.
Technical and Organizational Measures (TOMs)
We maintain technical and organizational measures (TOMs) in accordance with GDPR Article 32, continuously updated to reflect current best practices:
· Encryption at rest (AES-256 or equivalent)
· Encryption in transit (TLS 1.2 or higher)
· Role-based access controls (RBAC)
· Multi-factor authentication (MFA) for administrative accounts
· Regular vulnerability scanning and penetration testing
· Security monitoring and logging
· Employee confidentiality and security training
· Incident response procedures
For a detailed and current list of our TOMs: See Data Processing Addendum (https://claribi.ai/dpa), Appendix A: "Technical and Organizational Security Measures"
7. International Data Transfers and Legal Safeguards
Your personal data, including data collected in the European Economic Area (EEA) or United Kingdom (UK), may be transferred to the United States and other countries where our service providers are located (e.g., OpenAI, Paddle, AWS).
Legal Basis: Standard Contractual Clauses (SCCs)
How We Protect Your Data:
· Use EU Commission Standard Contractual Clauses (SCCs), Modules 2 and 3
· Conduct Transfer Impact Assessments (TIAs) per EDPB guidance
· Require Subprocessors to use equivalent safeguards (SCCs or Privacy Shield successors)
· Ensure adequate protection equivalent to EEA standards
Your Consent: By accepting this Privacy Policy and Terms of Use, you consent to these international transfers.
Your Rights: You may request:
1. Full documentation of SCCs and Transfer Impact Assessments
2. Information about specific safeguards in place
3. Details on how your data is protected during transfers
Contact privacy@claribi.com to exercise these rights.
Data Protection Framework and Adequacy Mechanisms
Current Framework:
We currently rely on Standard Contractual Clauses (SCCs) for international transfers as described in this section.
Future Changes:
If EU-US adequacy decisions or other legal frameworks change, we will:
1. Update our data transfer mechanisms to remain compliant
2. Notify you of changes at least 30 days in advance
3. Provide equivalent or better protections
Monitoring Legal Changes:
We continuously monitor EDPB guidance, court decisions, and regulatory updates (e.g., Schrems III implications) and adjust our practices accordingly.
Full Details: See Data Processing Addendum (https://claribi.ai/dpa), Appendix C: "International Data Transfers and Standard Contractual Clauses"
8. Data Retention and Legal Obligations
We retain personal data only as long as necessary for the purposes described in this Policy or required by applicable law.
For detailed retention periods by data category, see Data Processing Addendum (https://claribi.ai/dpa), Section 12.
Key Retention Periods:
· Account data (during subscription): Duration of active subscription
· Account data (after deletion request): 30 days (backup recovery)
· Metadata backups: 90 days (disaster recovery only)
· Support tickets: 2 years (legal/compliance)
· Billing records and invoices: 7 years (Estonian Accounting Act requirement)
· Authentication logs: 90 days (security/fraud prevention)
· Free trial marker: up to 3 years from the last interaction related to the free trial, to prevent abuse and fraud.
We may retain personal data longer than standard periods if required by applicable law:
Estonian Commercial Law (Raamatupidamise seadus):
· Retention period: 7 years
· Applies to: Invoices, billing records, contract data
Estonian Tax Law (Maksukorralduse seadus):
· Retention period: 7 years
· Applies to: Tax-related documentation, transaction records
Statutory Limitation Periods (Estonian Law of Obligations Act):
· Standard limitation: 3 years
· Extended limitation: Up to 30 years in certain cases
· Applies to: Evidence preservation for potential legal claims
Legal Basis: Article 6(1)(c) GDPR (legal obligation)
During legal retention periods, we restrict processing to the specific legal purpose and do not use the data for other purposes.
Aggregated and Anonymized Data
Once data cannot be associated with you (fully anonymized), it may be retained indefinitely for statistical and analytical purposes.
If a court order, regulatory investigation, or legal dispute applies, we may retain data beyond standard periods. You will be notified when legally possible.
9. Your Data Protection Rights and How to Exercise Them
Depending on your jurisdiction, you may have the following rights under GDPR, CCPA, or other data protection laws.
Your Rights:
1. Right to Access (Article 15): Request a copy of all personal data we hold about you
2. Right to Rectification (Article 16): Request correction of inaccurate or incomplete information
3. Right to Erasure (Article 17): Request deletion of your data (subject to exceptions for legal compliance)
4. Right to Restrict Processing (Article 18): Request limitation on how we use your data
5. Right to Data Portability (Article 20): Request your data in a machine-readable format
6. Right to Object (Article 21): Object to processing for marketing or profiling
7. Right to Withdraw Consent: Withdraw consent for optional processing at any time
8. Right to Lodge a Complaint: File a complaint with your supervisory authority
Your Rights:
· Right to Know: Request what personal data we collect about you
· Right to Delete: Request deletion of your data (subject to exceptions)
· Right to Opt-Out: Opt-out of "sale" or "sharing" of personal data
· Right to Non-Discrimination: We will not discriminate if you exercise your rights
Claribi's Practices:
· We do NOT sell personal data
· We do NOT share personal data for targeted advertising or marketing profiling
· Personal data is used only for: service delivery, fraud prevention, legal compliance
How to Submit a Data Subject Request
Email: privacy@claribi.com
Subject Line: [GDPR Request] or [CCPA Request] - [Your Name]
Include in Your Request:
· Your full name
· Email address
· Account ID (if applicable)
· Type of request (Access, Deletion, Portability, Rectification, etc.)
· Detailed description of what you are requesting
· Acknowledgment: Within 5 business days
· Fulfillment: Within 30 calendar days (extendable to 60 days for complex requests)
· Format: Structured, machine-readable format (CSV, JSON, or original file formats)
Important Notes:
· We may ask you to verify your identity before responding
· Some requests may be refused if manifestly unfounded, excessive, or impractical
· Legal obligations may prevent deletion of certain data
· Authorized agents can submit requests on your behalf (with power of attorney)
Fee Structure for Data Subject Requests
First Request Per Calendar Year: FREE
Additional Requests: EUR 99 administrative processing fee per request
This fee applies to:
· Second and subsequent data access requests in the same calendar year
· Excessive or repetitive requests that are manifestly unfounded
· Complex requests requiring significant additional effort
Exemptions from Fees:
· No fee charged if the request is justified
· No fee charged for requests related to data breaches or illegal processing
· No fee charged for requests to rectify or delete data (erasure, rectification)
We will inform you of any applicable fees before processing your request and offer you the opportunity to withdraw it.
Right to Object to Data Collection
You have the right to object to the collection, processing, or use of your personal data in accordance with this Privacy Policy, either in its entirety or for specific measures.
To lodge an objection:
Email: privacy@claribi.com
Subject: [Data Collection Objection]
Include:
· Your name and email address
· Account ID (if applicable)
· Clear description of what you are objecting to
· Reasons for your objection
We will respond within 5 business days and address your objection in accordance with applicable data protection laws.
Right Not to Be Subject to Automated Decision-Making
You have the right under GDPR Article 22 not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you.
Claribi's Practice:
Claribi does NOT engage in automated decision-making or profiling that produces legal or significant effects. Specifically:
· We do NOT make automated decisions about your eligibility for services
· We do NOT use profiling to determine pricing or terms
· We do NOT use automated systems to evaluate creditworthiness or approve/deny subscriptions
· Any decisions affecting your account are made by human representatives
If you have concerns about automated processing of your data, contact privacy@claribi.com.
Lodge a Complaint with Your Supervisory Authority
If you believe Claribi violates your data protection rights, you have the right to lodge a complaint:
Estonia: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
· Website: www.aki.ee
· Email: info@aki.ee
European Union: Your national data protection authority in your member state
United Kingdom: Information Commissioner's Office (ICO)
· Website: www.ico.org.uk
· Email: casework@ico.org.uk
California (USA): California Attorney General
· Website: oag.ca.gov
No Charge: Filing a complaint is free.
Claribi uses trusted third-party service providers (Subprocessors) to deliver and improve the Service.
Current Subprocessors:
For a complete, updated list of all Subprocessors including names, locations, and purposes:
https://claribi.ai/subprocessors
· We update this list regularly
· We notify you at least 30 days before adding or materially changing a Subprocessor
· Notification is sent via email and posted on our website
Your Right to Object:
You have 15 days from notification to object to a new Subprocessor based on data protection or security concerns.
If you object and we cannot resolve your concerns, you may terminate the affected Services without penalty.
If Claribi is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
We use cookies and similar tracking technologies to monitor Site activity and improve your experience.
Strictly Necessary Cookies:
· Essential for Site authentication and functionality
· Cannot be disabled without affecting core features
· Examples: Session tokens, CSRF protection, user preferences
· Legal Basis: Article 6(1)(b) GDPR (necessary for Service provision), no consent required
Performance Cookies:
· Allow us to count visits and analyze traffic sources
· Help us measure Site performance and user behavior
· Examples: Page view tracking, bounce rates, session duration
· Legal Basis: Article 6(1)(f) GDPR (legitimate interest in improving Service)
· Consent: Your explicit consent is required before loading
Functional Cookies:
· Enable enhanced functionality and personalization
· Remember your preferences and choices
· Examples: Language preferences, layout choices
· Legal Basis: Article 6(1)(f) GDPR (legitimate interest in user experience)
· Consent: Your explicit consent is required before loading
Cookie Consent and Legal Basis
On your first visit to the Site, we display a cookie consent banner allowing you to:
· Accept all cookies
· Reject non-essential cookies
· View our full Cookie Policy
· Customize individual cookie types
Your cookie preferences are stored in a "consent cookie" that prevents us from showing the banner repeatedly.
You can control cookies through your browser settings:
· Refuse all cookies
· Accept only certain cookie types
· Delete cookies from your browser
Limitation: If you disable all cookies, some Site features may not function properly, and you may not be able to use certain parts of the Service.
13. Links to Other Websites and Third-Party Content
Our Site may contain links to third-party websites, applications, and services not operated or controlled by Claribi, including but not limited to:
· Social media platforms (LinkedIn, GitHub, Twitter, etc.)
· Documentation and help resources
· Partner websites and integrations
· Marketing sites and blogs
Disclaimer:
We have no control over and assume no responsibility for:
· Content, accuracy, or functionality of third-party sites
· Their privacy policies, data practices, or terms of service
· Security or compliance practices of third-party services
· Any personal data you provide to third parties
Your Responsibility:
· Review each third party's privacy policy before using their service
· Verify you understand their data handling practices
· Make independent decisions about sharing your information
Important: Our linking to third-party sites does NOT imply endorsement or affiliation. We are not responsible for any transactions, disputes, or data loss resulting from third-party services.
Third-Party Integrations Exception:
For the optional integrations we officially support (Microsoft, OpenAI, Google Gemini), see Section 5: "Optional Third-Party Integrations" for specific privacy details.
14. Security Breach Notification
For information about our security breach notification procedures, including our response timeline and notification process, please see our Terms of Use, Section 12.6: "Security Breach Notification (72-Hour Requirement)".
In summary:
· We investigate any confirmed data breach within our infrastructure
· We notify affected users and authorities within 72 hours as required by law
· We take reasonable measures to mitigate harm and prevent future incidents
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
· Changes in our practices
· New technology or infrastructure
· Legal or regulatory requirements
· Feedback and business improvements
Material Changes:
· Email notification to your registered account email
· Prominent notice on our website
· Request for explicit consent where required by law
Minor Changes:
· Posted on this page
· No advance notice required
Effective Date: Changes become effective when posted unless we specify otherwise.
Your Acknowledgment: Your continued use of the Site or Service after any changes constitutes your acceptance of the modified Privacy Policy.
16. Cross-References to Other Documents
This Privacy Policy works alongside three key documents:
Document
Location
Covers
Terms of Use
Service conditions, your obligations, disclaimers, SLA, cookies detail, security breach procedures
Data Processing Addendum
Data retention schedules, subprocessor obligations, SCCs, security measures, audit rights
Subprocessor List
https://claribi.ai/subprocessors
Updated list of all service providers and their locations
You have the right to save and print this Privacy Policy at any time for your records.
For questions or concerns regarding this Privacy Policy or our data processing practices:
Privacy & Data Protection Inquiries:
· Email: privacy@claribi.com
· Response time: Within 5 business days
Data Subject Rights Requests:
· Email: privacy@claribi.com
· Subject: [GDPR Request] or [CCPA Request]
· Response time: 5 business days (acknowledgment), 30 days (fulfillment)
General Support:
· Email: support@claribi.com
Marketing Communication Preferences:
· Email: marketing@claribi.com
· Subject: [Unsubscribe Request]
Legal Notices:
· Email: legal@claribi.com
Mailing Address:
Claribi OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551
Estonia
Effective Date: December 2, 2025
Last Updated: December 2, 2025
Version: 1.1
End of Privacy Policy
Privacy Policy
Effective Date: December 2, 2025
Last Updated: December 2, 2025
Introduction
This Privacy Policy describes how Claribi OÜ ("Claribi", "we", "our", or "us") collects, uses, and protects your personal information when you access our website at https://claribi.ai/ (the "Site") or use our AI-powered analytics platform (the "Service").
By accessing or using the Site or Service, you agree to the collection and use of information as described in this Privacy Policy, our Terms of Use, and our Data Processing Addendum (DPA).
Important: This Privacy Policy works together with three documents:
· Terms of Use (https://claribi.ai/terms): Service conditions, your responsibilities, disclaimers, security breach notification procedures
· Data Processing Addendum (https://claribi.ai/dpa): How we process data, subprocessors, retention schedules, security details
· This Policy: What we collect, why we collect it, how to exercise your rights
Our Services operates on a "zero-data-exposure" principle. We process only report metadata from your Power BI environment. We do not access, store, copy, or process the underlying raw business data in your reports.
1. Owner and Data Controller
Company: Claribi OÜ
Legal Address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551, Estonia
Register Code: 17294684
Country of Incorporation: Republic of Estonia
Privacy & Data Protection Contact:
Email: privacy@claribi.com
Response time: Within 5 business days
General Support:
Email: support@claribi.com
Legal Inquiries:
Email: legal@claribi.com
If you wish to object to the collection, processing, or use of your data in accordance with this Privacy Policy, either in its entirety or for specific measures, you may address your objection to privacy@claribi.com.
2. Claribi's Role: Data Controller vs. Data Processor
Claribi acts as Data Controller for:
· Account registration data (name, email address, Microsoft Tenant ID, User Object ID)
· Billing and payment information
· Aggregate usage analytics
· Marketing communications (if opted-in)
· Security and fraud prevention data
For this data, this Privacy Policy governs our processing.
Claribi acts as Data Processor for:
· Metadata you upload to Claribi Console (PBIX file metadata)
· Queries and content processed through Claribi End-User Service
· Data processed under your documented instructions
For this data, our Data Processing Addendum (https://claribi.ai/dpa) governs our obligations. The DPA is incorporated by reference into our Terms of Use.
A. Information You Voluntarily Provide
Contact and Professional Data:
When you request a demo, initiate a free trial, or contact us, we collect:
· Full name
· Email address
· Company name
· Job title
· Message content
Account Registration Data:
When you create an account via Microsoft Entra ID:
· Email address
· Name (from Microsoft profile)
· Microsoft Tenant ID
· Unique User Object ID (OID)
Important: Claribi does NOT store or process your Microsoft passwords or password hashes. Authentication is handled exclusively by Microsoft Entra ID.
Billing Data:
When you subscribe to a paid plan:
· Billing address
· Tax information
· Invoice records
Payment card data is processed exclusively by Paddle (our payment processor). We do NOT store or have access to full credit card details.
Service Metadata:
To provision the Service, you upload Power BI metadata:
· Report names
· Table names and structures
· Column identifiers
· Schema information
Critically: We do NOT collect or process the underlying business data within your reports. You are responsible for reviewing, anonymizing, or pseudonymizing sensitive metadata before uploading.
Support Communications:
· Emails and messages sent to support@claribi.com
· Attachments and ticket content
B. Information Collected Automatically
Log and Usage Data:
· Internet Protocol (IP) address
· Browser type and version
· Operating system and device information
· Pages viewed and access times
· Referring website addresses
· Aggregated and anonymized usage statistics
Cookies and Tracking Technologies:
See Section "Cookies Policy" below.
3.5 Minors and Age Restrictions
Age Requirement:
Our Services are intended for users aged 18 years and older. We do not knowingly collect personal information from children under the age of 18.
If You Are Under 18:
· Do not use our Services
· Do not provide any personal information to Claribi
· If you have already provided information, please contact privacy@claribi.com immediately
Parental/Guardian Consent:
If you believe a minor has created an account or provided information to Claribi, please contact privacy@claribi.com and we will delete the account and associated data without undue delay.
For EU Users (GDPR Article 8):
In some EU countries, different age thresholds may apply (e.g., 13-16 years old). In such cases, we require parental/guardian consent for users below the country-specific age threshold.
We comply with local age of digital consent requirements in all jurisdictions.
4. How We Use Your Information
Service Provision:
· Create and manage your account
· Deliver Service functionalities
· Process transactions and manage subscriptions
· Provide technical support
Service Improvement:
· Diagnose technical issues
· Understand usage patterns
· Develop new features
· Enhance platform performance
Critical: Your specific report metadata is NOT used to train AI models for other customers or third parties.
Communication:
· Respond to inquiries
· Send administrative updates
· Send marketing communications (you can opt-out anytime)
Security and Legal Compliance:
· Maintain platform security and prevent fraud
· Enforce Terms of Use and policies
· Comply with legal and regulatory obligations
· Respond to lawful government requests
· Protect rights and safety of Claribi, users, and the public
Purpose Limitation and Data Use Restrictions
We process your personal data ONLY for the purposes explicitly described in this Privacy Policy. We do NOT use your data for:
· Training or improving AI models without your explicit consent
· Selling, trading, or renting your personal information
· Behavioral profiling or surveillance beyond what is necessary for the Service
· Marketing purposes if you have opted out
· Any purpose not stated in this Policy
If we intend to process your data for a purpose not listed here, we will provide notice and obtain your consent where required by law.
Contractual and Pre-Contractual Processing
We process the following personal data to establish and fulfill our contractual relationship with you:
· Full name
· Email address
· Billing address
· Company information
· Subscription plan selected
· Payment information (processed via Paddle, not stored by us)
· Usage data related to your subscription
Legal Basis: Article 6(1)(b) GDPR (performance of contract)
This data is necessary for:
· Account creation and management
· Billing and invoice generation
· Providing contracted Services
· Technical support and issue resolution
· Service updates and security notifications
Pre-Contractual and Support Communications
When you contact us via email, support form, or other channels, we process your contact information to:
· Respond to your inquiry or request
· Provide technical support or sales information
· Handle service-related issues
· Process your feedback
Legal Basis:
· If you are inquiring about our Services before becoming a customer: Article 6(1)(f) GDPR (legitimate interest to respond to inquiries)
· If you request a demo or trial: Article 6(1)(b) GDPR (pre-contractual measures at your request)
· If you are an existing customer: Article 6(1)(b) GDPR (contractual obligation to provide support)
Support communications are retained for 2 years for legal compliance and dispute resolution purposes.
Marketing Communications and Preferences
We may send you marketing communications about our Services, new features, promotions, and events. This includes newsletters, product updates, and webinar invitations.
Your Consent:
· Marketing communications are sent only to contacts who have opted-in or are existing customers
· You can opt-out of marketing communications at any time
How to Opt-Out:
Option 1: Click the "Unsubscribe" link at the bottom of any marketing email
Option 2: Contact us at marketing@claribi.com with subject "[Unsubscribe Request]"
Option 3: Update your preferences in your account settings (if you have an account)
Legal Basis: Article 6(1)(f) GDPR (legitimate interest in promoting our Services)
Important: Even if you opt-out of marketing communications, we will still send you:
· Service-related announcements (account updates, security alerts)
· Billing and invoice notifications
· Service suspension or termination notices
· Legal and compliance communications
We will honor your opt-out request within 10 business days.
5. Third-Party Services and Data Sharing
We do NOT sell, rent, or trade your personal information. We share data with trusted service providers only for the purposes described in this Policy.
Data Shared:
· Email address
· Billing address
· Tax information
· Payment method information
Purpose: Process subscriptions, calculate taxes, issue invoices
Paddle's Role: Merchant of Record (handles all payment processing)
Paddle's Legal Terms:
· Master Services Agreement: https://www.paddle.com/legal/terms
· Checkout Buyer Terms: https://www.paddle.com/legal/checkout-buyer-terms
· Privacy Policy: https://www.paddle.com/legal/privacy
Important: We do NOT store credit card details. Paddle manages all payment data.
Your Rights: Contact privacy@claribi.com or Paddle at privacy@paddle.com for payment-related data requests.
Authentication (Microsoft Entra ID)
Data Processed by Microsoft:
· Email address
· Name
· Microsoft Tenant ID
· User Object ID
· Authentication tokens
Purpose: User authentication and Single Sign-On (SSO)
Critical: Claribi never stores or processes Microsoft passwords. Authentication is handled exclusively by Microsoft.
Microsoft's Privacy: https://privacy.microsoft.com/
Microsoft's Cloud Agreement: Governs Microsoft's handling of your data
AI Processing (OpenAI and Google Gemini)
To generate code, answer queries, and provide recommendations, we send your prompts and schema metadata to third-party LLM providers.
OpenAI (ChatGPT API):
· Data sent: User prompts, queries, and schema metadata (NOT underlying business data)
· Data retention: OpenAI retains API data for 30 days for abuse prevention, then deletes
· Training: Your data is NOT used to train OpenAI models (excluded per OpenAI API terms)
· Location: United States (protected by Standard Contractual Clauses)
· Privacy: https://openai.com/privacy
Google Gemini API:
· Data sent: User prompts, queries, and schema metadata (NOT underlying business data)
· Data retention: NOT retained after processing (per Google Cloud terms)
· Training: Your data is NOT used for model training
· Location: United States or European Union (depending on region configuration)
· Privacy: https://cloud.google.com/terms/cloud-privacy-notice
· Limited Use: Claribi's use of data received from Google APIs adheres strictly to Google's Limited Use Requirements and API Services User Data Policy
Your Consent: By using the Service, you consent to these transfers to US-based providers.
Railway
· Provider: Railway Corp
· Location: EU (Amsterdam, Netherlands) - Primary region
· Purpose: Application hosting, data storage, compute resources, and managed backup
· Data Processed: Uploaded Content, application logs, metadata, backups (all encrypted)
· Privacy Policy: https://railway.app/privacy
Neon (PostgreSQL Database)
· Provider: Neon, Inc.
· Location: AWS EU (Frankfurt, Germany)
· Purpose: Managed serverless PostgreSQL database for persistent data storage
· Data Processed: User account details, user uploaded data, usage statistics, generated content (all encrypted)
· Privacy Policy: https://neon.tech/privacy
Amazon Web Services (AWS)
· Provider: Amazon Web Services EMEA SARL (via Railway and Neon)
· Location: EU (Frankfurt, Germany) and EU (Amsterdam, Netherlands)
· Purpose: Underlying infrastructure for Railway and Neon platforms
· Data Processed: Encrypted application data and metadata
· Privacy Policy: https://aws.amazon.com/privacy/
Optional Third-Party Integrations
The following third-party services offer optional integrations with Claribi. These integrations are entirely optional and you control whether to enable or disable them.
When you enable an integration, certain data will be transmitted to the third party to facilitate the integration. You can enable or disable integrations in your account settings at any time.
Important: Data transmitted to third-party integrations is subject to:
1. This Privacy Policy (for Claribi's processing of data)
2. The third party's own privacy policy (for their processing of data)
You are responsible for reviewing each third party's privacy policy before enabling their integration.
Currently Supported Integrations:
· Microsoft Entra ID (for authentication only)
· OpenAI (for natural language processing)
· Google Gemini (for natural language processing)
Analytics Services (Currently Not Utilized)
We may engage third-party analytics providers in the future (e.g., Mixpanel, Amplitude) to analyze Site traffic and usage patterns. When implemented, these providers will have their own privacy policies governing their use of data.
Notification: We will notify you at least 30 days before adding analytics services.
We implement robust technical, administrative, and physical security measures:
· Encryption at rest (AES-256 or equivalent)
· Encryption in transit (TLS 1.2 or higher)
· Role-based access controls (RBAC)
· Multi-factor authentication (MFA)
· Regular vulnerability scanning and patch management
· Security monitoring and logging
· Employee confidentiality agreements
Limitation: No method of Internet transmission or electronic storage is 100% secure. You acknowledge that you provide your information at your own risk.
Technical and Organizational Measures (TOMs)
We maintain technical and organizational measures (TOMs) in accordance with GDPR Article 32, continuously updated to reflect current best practices:
· Encryption at rest (AES-256 or equivalent)
· Encryption in transit (TLS 1.2 or higher)
· Role-based access controls (RBAC)
· Multi-factor authentication (MFA) for administrative accounts
· Regular vulnerability scanning and penetration testing
· Security monitoring and logging
· Employee confidentiality and security training
· Incident response procedures
For a detailed and current list of our TOMs: See Data Processing Addendum (https://claribi.ai/dpa), Appendix A: "Technical and Organizational Security Measures"
7. International Data Transfers and Legal Safeguards
Your personal data, including data collected in the European Economic Area (EEA) or United Kingdom (UK), may be transferred to the United States and other countries where our service providers are located (e.g., OpenAI, Paddle, AWS).
Legal Basis: Standard Contractual Clauses (SCCs)
How We Protect Your Data:
· Use EU Commission Standard Contractual Clauses (SCCs), Modules 2 and 3
· Conduct Transfer Impact Assessments (TIAs) per EDPB guidance
· Require Subprocessors to use equivalent safeguards (SCCs or Privacy Shield successors)
· Ensure adequate protection equivalent to EEA standards
Your Consent: By accepting this Privacy Policy and Terms of Use, you consent to these international transfers.
Your Rights: You may request:
1. Full documentation of SCCs and Transfer Impact Assessments
2. Information about specific safeguards in place
3. Details on how your data is protected during transfers
Contact privacy@claribi.com to exercise these rights.
Data Protection Framework and Adequacy Mechanisms
Current Framework:
We currently rely on Standard Contractual Clauses (SCCs) for international transfers as described in this section.
Future Changes:
If EU-US adequacy decisions or other legal frameworks change, we will:
1. Update our data transfer mechanisms to remain compliant
2. Notify you of changes at least 30 days in advance
3. Provide equivalent or better protections
Monitoring Legal Changes:
We continuously monitor EDPB guidance, court decisions, and regulatory updates (e.g., Schrems III implications) and adjust our practices accordingly.
Full Details: See Data Processing Addendum (https://claribi.ai/dpa), Appendix C: "International Data Transfers and Standard Contractual Clauses"
8. Data Retention and Legal Obligations
We retain personal data only as long as necessary for the purposes described in this Policy or required by applicable law.
For detailed retention periods by data category, see Data Processing Addendum (https://claribi.ai/dpa), Section 12.
Key Retention Periods:
· Account data (during subscription): Duration of active subscription
· Account data (after deletion request): 30 days (backup recovery)
· Metadata backups: 90 days (disaster recovery only)
· Support tickets: 2 years (legal/compliance)
· Billing records and invoices: 7 years (Estonian Accounting Act requirement)
· Authentication logs: 90 days (security/fraud prevention)
· Free trial marker: up to 3 years from the last interaction related to the free trial, to prevent abuse and fraud.
We may retain personal data longer than standard periods if required by applicable law:
Estonian Commercial Law (Raamatupidamise seadus):
· Retention period: 7 years
· Applies to: Invoices, billing records, contract data
Estonian Tax Law (Maksukorralduse seadus):
· Retention period: 7 years
· Applies to: Tax-related documentation, transaction records
Statutory Limitation Periods (Estonian Law of Obligations Act):
· Standard limitation: 3 years
· Extended limitation: Up to 30 years in certain cases
· Applies to: Evidence preservation for potential legal claims
Legal Basis: Article 6(1)(c) GDPR (legal obligation)
During legal retention periods, we restrict processing to the specific legal purpose and do not use the data for other purposes.
Aggregated and Anonymized Data
Once data cannot be associated with you (fully anonymized), it may be retained indefinitely for statistical and analytical purposes.
If a court order, regulatory investigation, or legal dispute applies, we may retain data beyond standard periods. You will be notified when legally possible.
9. Your Data Protection Rights and How to Exercise Them
Depending on your jurisdiction, you may have the following rights under GDPR, CCPA, or other data protection laws.
Your Rights:
1. Right to Access (Article 15): Request a copy of all personal data we hold about you
2. Right to Rectification (Article 16): Request correction of inaccurate or incomplete information
3. Right to Erasure (Article 17): Request deletion of your data (subject to exceptions for legal compliance)
4. Right to Restrict Processing (Article 18): Request limitation on how we use your data
5. Right to Data Portability (Article 20): Request your data in a machine-readable format
6. Right to Object (Article 21): Object to processing for marketing or profiling
7. Right to Withdraw Consent: Withdraw consent for optional processing at any time
8. Right to Lodge a Complaint: File a complaint with your supervisory authority
Your Rights:
· Right to Know: Request what personal data we collect about you
· Right to Delete: Request deletion of your data (subject to exceptions)
· Right to Opt-Out: Opt-out of "sale" or "sharing" of personal data
· Right to Non-Discrimination: We will not discriminate if you exercise your rights
Claribi's Practices:
· We do NOT sell personal data
· We do NOT share personal data for targeted advertising or marketing profiling
· Personal data is used only for: service delivery, fraud prevention, legal compliance
How to Submit a Data Subject Request
Email: privacy@claribi.com
Subject Line: [GDPR Request] or [CCPA Request] - [Your Name]
Include in Your Request:
· Your full name
· Email address
· Account ID (if applicable)
· Type of request (Access, Deletion, Portability, Rectification, etc.)
· Detailed description of what you are requesting
· Acknowledgment: Within 5 business days
· Fulfillment: Within 30 calendar days (extendable to 60 days for complex requests)
· Format: Structured, machine-readable format (CSV, JSON, or original file formats)
Important Notes:
· We may ask you to verify your identity before responding
· Some requests may be refused if manifestly unfounded, excessive, or impractical
· Legal obligations may prevent deletion of certain data
· Authorized agents can submit requests on your behalf (with power of attorney)
Fee Structure for Data Subject Requests
First Request Per Calendar Year: FREE
Additional Requests: EUR 99 administrative processing fee per request
This fee applies to:
· Second and subsequent data access requests in the same calendar year
· Excessive or repetitive requests that are manifestly unfounded
· Complex requests requiring significant additional effort
Exemptions from Fees:
· No fee charged if the request is justified
· No fee charged for requests related to data breaches or illegal processing
· No fee charged for requests to rectify or delete data (erasure, rectification)
We will inform you of any applicable fees before processing your request and offer you the opportunity to withdraw it.
Right to Object to Data Collection
You have the right to object to the collection, processing, or use of your personal data in accordance with this Privacy Policy, either in its entirety or for specific measures.
To lodge an objection:
Email: privacy@claribi.com
Subject: [Data Collection Objection]
Include:
· Your name and email address
· Account ID (if applicable)
· Clear description of what you are objecting to
· Reasons for your objection
We will respond within 5 business days and address your objection in accordance with applicable data protection laws.
Right Not to Be Subject to Automated Decision-Making
You have the right under GDPR Article 22 not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you.
Claribi's Practice:
Claribi does NOT engage in automated decision-making or profiling that produces legal or significant effects. Specifically:
· We do NOT make automated decisions about your eligibility for services
· We do NOT use profiling to determine pricing or terms
· We do NOT use automated systems to evaluate creditworthiness or approve/deny subscriptions
· Any decisions affecting your account are made by human representatives
If you have concerns about automated processing of your data, contact privacy@claribi.com.
Lodge a Complaint with Your Supervisory Authority
If you believe Claribi violates your data protection rights, you have the right to lodge a complaint:
Estonia: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
· Website: www.aki.ee
· Email: info@aki.ee
European Union: Your national data protection authority in your member state
United Kingdom: Information Commissioner's Office (ICO)
· Website: www.ico.org.uk
· Email: casework@ico.org.uk
California (USA): California Attorney General
· Website: oag.ca.gov
No Charge: Filing a complaint is free.
Claribi uses trusted third-party service providers (Subprocessors) to deliver and improve the Service.
Current Subprocessors:
For a complete, updated list of all Subprocessors including names, locations, and purposes:
https://claribi.ai/subprocessors
· We update this list regularly
· We notify you at least 30 days before adding or materially changing a Subprocessor
· Notification is sent via email and posted on our website
Your Right to Object:
You have 15 days from notification to object to a new Subprocessor based on data protection or security concerns.
If you object and we cannot resolve your concerns, you may terminate the affected Services without penalty.
If Claribi is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
We use cookies and similar tracking technologies to monitor Site activity and improve your experience.
Strictly Necessary Cookies:
· Essential for Site authentication and functionality
· Cannot be disabled without affecting core features
· Examples: Session tokens, CSRF protection, user preferences
· Legal Basis: Article 6(1)(b) GDPR (necessary for Service provision), no consent required
Performance Cookies:
· Allow us to count visits and analyze traffic sources
· Help us measure Site performance and user behavior
· Examples: Page view tracking, bounce rates, session duration
· Legal Basis: Article 6(1)(f) GDPR (legitimate interest in improving Service)
· Consent: Your explicit consent is required before loading
Functional Cookies:
· Enable enhanced functionality and personalization
· Remember your preferences and choices
· Examples: Language preferences, layout choices
· Legal Basis: Article 6(1)(f) GDPR (legitimate interest in user experience)
· Consent: Your explicit consent is required before loading
Cookie Consent and Legal Basis
On your first visit to the Site, we display a cookie consent banner allowing you to:
· Accept all cookies
· Reject non-essential cookies
· View our full Cookie Policy
· Customize individual cookie types
Your cookie preferences are stored in a "consent cookie" that prevents us from showing the banner repeatedly.
You can control cookies through your browser settings:
· Refuse all cookies
· Accept only certain cookie types
· Delete cookies from your browser
Limitation: If you disable all cookies, some Site features may not function properly, and you may not be able to use certain parts of the Service.
13. Links to Other Websites and Third-Party Content
Our Site may contain links to third-party websites, applications, and services not operated or controlled by Claribi, including but not limited to:
· Social media platforms (LinkedIn, GitHub, Twitter, etc.)
· Documentation and help resources
· Partner websites and integrations
· Marketing sites and blogs
Disclaimer:
We have no control over and assume no responsibility for:
· Content, accuracy, or functionality of third-party sites
· Their privacy policies, data practices, or terms of service
· Security or compliance practices of third-party services
· Any personal data you provide to third parties
Your Responsibility:
· Review each third party's privacy policy before using their service
· Verify you understand their data handling practices
· Make independent decisions about sharing your information
Important: Our linking to third-party sites does NOT imply endorsement or affiliation. We are not responsible for any transactions, disputes, or data loss resulting from third-party services.
Third-Party Integrations Exception:
For the optional integrations we officially support (Microsoft, OpenAI, Google Gemini), see Section 5: "Optional Third-Party Integrations" for specific privacy details.
14. Security Breach Notification
For information about our security breach notification procedures, including our response timeline and notification process, please see our Terms of Use, Section 12.6: "Security Breach Notification (72-Hour Requirement)".
In summary:
· We investigate any confirmed data breach within our infrastructure
· We notify affected users and authorities within 72 hours as required by law
· We take reasonable measures to mitigate harm and prevent future incidents
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
· Changes in our practices
· New technology or infrastructure
· Legal or regulatory requirements
· Feedback and business improvements
Material Changes:
· Email notification to your registered account email
· Prominent notice on our website
· Request for explicit consent where required by law
Minor Changes:
· Posted on this page
· No advance notice required
Effective Date: Changes become effective when posted unless we specify otherwise.
Your Acknowledgment: Your continued use of the Site or Service after any changes constitutes your acceptance of the modified Privacy Policy.
16. Cross-References to Other Documents
This Privacy Policy works alongside three key documents:
Document
Location
Covers
Terms of Use
Service conditions, your obligations, disclaimers, SLA, cookies detail, security breach procedures
Data Processing Addendum
Data retention schedules, subprocessor obligations, SCCs, security measures, audit rights
Subprocessor List
https://claribi.ai/subprocessors
Updated list of all service providers and their locations
You have the right to save and print this Privacy Policy at any time for your records.
For questions or concerns regarding this Privacy Policy or our data processing practices:
Privacy & Data Protection Inquiries:
· Email: privacy@claribi.com
· Response time: Within 5 business days
Data Subject Rights Requests:
· Email: privacy@claribi.com
· Subject: [GDPR Request] or [CCPA Request]
· Response time: 5 business days (acknowledgment), 30 days (fulfillment)
General Support:
· Email: support@claribi.com
Marketing Communication Preferences:
· Email: marketing@claribi.com
· Subject: [Unsubscribe Request]
Legal Notices:
· Email: legal@claribi.com
Mailing Address:
Claribi OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551
Estonia
Effective Date: December 2, 2025
Last Updated: December 2, 2025
Version: 1.1
End of Privacy Policy