Privacy Policy

Last updated: May 7, 2026

This Privacy Policy explains how KlaraAI ("we", "us") collects, uses, and protects information when you use the KlaraAI website and Discord bot ("the service").

1. Data We Collect

1.1 From Discord

When you log in via Discord OAuth or use the bot, we receive:

• Discord User ID (numeric, persistent identifier)
• Username and avatar URL
• Account creation date (used for anti-fraud age checks)

We do not request your email, phone, or friends list.

1.2 In-Bot Data

Created by you when using the bot:

• Profile fields you choose to set (display name, age, free-text description) — used to personalize roleplay
• Custom character definitions (name, description, personality)
• Active session message history (transient, kept while a session is active)
• Long-term memory facts extracted from sessions you ended (used to keep continuity across sessions)
• Usage counters: daily messages, daily sessions, streak count, referral activity
• Preferences (response length)

1.3 Payment Data

Payments are processed by Stripe. We never see or store your card number, CVV, or banking details. Stripe shares with us only the payment status, the amount, and the metadata we attached (Discord ID, pack name).

1.4 Website Data

The website uses localStorage to remember:

• Your age verification choice
• Your selected language and theme
• Your Discord OAuth access token (so you stay logged in)

We do not use marketing cookies or third-party tracking pixels.

2. How We Use the Data

• Operate the service: generate AI responses, enforce per-plan quotas, manage subscriptions and credits
• Personalization: inject your profile and saved memories into the AI prompt for continuity
• Anti-fraud: detect referral abuse, multi-accounting, automated abuse
• Support and communication: reply to your questions, send transactional Discord DMs (purchase confirmations, streak rewards)

We do not sell your data and we do not use your conversation content to train AI models.

3. Third-Party Processors

To deliver the service we share necessary data with:

• Discord — for authentication, bot operation, and DM delivery
• Stripe — for payment processing
• Groq / OpenRouter / similar AI providers — your messages are sent to a large language model for response generation. The provider's own privacy policy applies to that processing.
• Render — server hosting (bot + API + database)
• Vercel — website hosting

4. Data Retention

• Active sessions: deleted when the session ends.
• Memories: kept indefinitely until you wipe them via /memories.
• Profile + credits + usage counters: kept while the account is active.
• Payment records: retained per French legal/accounting requirements — 10 years for accounting documents (Code de commerce, art. L.123-22).
• Account deletion: on request, we delete your profile, custom characters, and memories. Payment records are kept anonymized for accounting.

5. Your Rights

Depending on your jurisdiction (especially EU/UK GDPR, California CCPA), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data (profile fields can be edited via /profile)
• Delete your data ("right to be forgotten")
• Port your data to another service
• Object to certain processing
• Withdraw consent where processing is based on consent

You can wipe your saved memories at any time using /memories in Discord. For all other requests, contact support@klaraai.me.

6. Security

We use industry-standard practices: encrypted connections (HTTPS), secrets stored as environment variables, database access restricted to the application. No system is 100% secure. In the event of a breach affecting your data, we will notify you in accordance with applicable law.

7. International Data Transfers

Our infrastructure providers (Render, Vercel, Stripe, Discord, AI providers) may host data in the United States or other countries. By using the service, you consent to your data being processed in those locations, subject to appropriate safeguards required by your local law (e.g. Standard Contractual Clauses for EU-US transfers).

8. Children

The service is strictly for adults (18+). We do not knowingly collect data from minors. If we learn we have collected data from a minor, we will delete it promptly.

9. Changes

We may update this policy. The "Last updated" date at the top reflects the latest version. Material changes will be announced on this page.

10. Contact

For privacy-related questions or to exercise your rights, contact us at support@klaraai.me.

If you are in the EU and we do not resolve your concern, you may lodge a complaint with your local Data Protection Authority. In France, that authority is the CNIL.