Provisional content pending Australian commercial lawyer review. Treat any execution against this version as test fixture only.
Clarity Systems — Privacy Policy
Version: v1.0-2026-05 · Status: DRAFT — pending lawyer review
1. About this Privacy Policy
Clarity Systems handles personal information in accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Applies to information collected through app.doitwithclarity.org and related communication.
2. Who we are
Clarity Systems Pty Ltd, of [address pending]. Privacy contact: privacy@doitwithclarity.org.
3. What personal information we collect
Identity, business, Diagnostic responses, engagement, and payment information (the latter via Stripe). Automatic technical and usage information. Information from referring advisors, GoHighLevel, and public sources for engagement context. We do not knowingly collect sensitive information.
4. How we use your information
To deliver the Diagnostic, communicate, issue invoices, deliver the Programme, improve methodology (anonymised aggregate only), comply with legal obligations, defend legal rights, send marketing (with consent), monitor performance, and respond to enquiries.
5. Who we share your information with
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database + auth | Singapore |
| Vercel | Web hosting | United States |
| Stripe Payments Australia | Payments | Australia / US |
| GoHighLevel | CRM, e-signature | United States |
| Anthropic | Admin AI tooling | United States |
| Resend | Transactional email | United States |
| Sentry | Error monitoring | United States |
We do not sell your personal information.
6. Cross-border disclosure
Some processors are outside Australia. By using the Platform you consent to processing in those jurisdictions. We use processors with mature security programmes (SOC 2 / ISO 27001 equivalent) and APP-equivalent contractual data processing agreements. APP 8.2 may apply.
7. How we protect your information
TLS 1.2+ in transit, AES-256 at rest, RBAC, row-level security, 2FA admin access, regular security reviews, supplier risk assessment, staff training, NDB-aligned incident response.
8. How long we keep your information
Retention varies by category — incomplete Diagnostics 12 months, completed without engagement 24 months then anonymised, active client records Programme + 7 years, signed engagement letters 7 years, payment records 7 years, technical logs 90 days, Sentry 30 days.
9. Your rights
Access, correction, complaint, marketing withdrawal. Email privacy@doitwithclarity.org. Response within 30 days. Identity verification may be required.
10. Data breach response
NDB-aligned procedure. Containment within 24 hours, serious-harm assessment within 30 days, OAIC + affected-individual notification where required.
11. Cookies and tracking
Essential cookies only (authentication, session). No third-party advertising or tracking cookies.
12. Children
Platform is for business use, not directed at individuals under 18.
13. Changes to this Policy
Material changes emailed to active users 14 days in advance, posted on Platform. Continued use = acceptance.
14. Complaints
privacy@doitwithclarity.org with subject "Privacy complaint." Acknowledge within 7 days, respond within 30 days. Unresolved complaints go to OAIC (oaic.gov.au, 1300 363 992).
15. Contact us
privacy@doitwithclarity.org · Privacy Officer, Clarity Systems, [address pending]
Appendix — third-party processor links
- Supabase: supabase.com/privacy
- Vercel: vercel.com/legal/privacy-policy
- Stripe: stripe.com/au/privacy
- GoHighLevel: gohighlevel.com/privacy-policy
- Anthropic: anthropic.com/privacy
- Resend: resend.com/legal/privacy-policy
- Sentry: sentry.io/privacy