Legal

Privacy Policy.

Version v1.0-2026-05. Effective 3 May 2026.

⚠️ PRE-REVIEW DRAFT — DO NOT RELY ON FOR LIVE DISPUTES

Provisional content pending Australian commercial lawyer review. Treat any execution against this version as test fixture only.

Clarity Systems — Privacy Policy

Version: v1.0-2026-05 · Status: DRAFT — pending lawyer review

1. About this Privacy Policy

Clarity Systems handles personal information in accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Applies to information collected through app.doitwithclarity.org and related communication.

2. Who we are

Clarity Systems Pty Ltd, of [address pending]. Privacy contact: privacy@doitwithclarity.org.

3. What personal information we collect

Identity, business, Diagnostic responses, engagement, and payment information (the latter via Stripe). Automatic technical and usage information. Information from referring advisors, GoHighLevel, and public sources for engagement context. We do not knowingly collect sensitive information.

4. How we use your information

To deliver the Diagnostic, communicate, issue invoices, deliver the Programme, improve methodology (anonymised aggregate only), comply with legal obligations, defend legal rights, send marketing (with consent), monitor performance, and respond to enquiries.

5. Who we share your information with

ProcessorPurposeLocation
SupabaseDatabase + authSingapore
VercelWeb hostingUnited States
Stripe Payments AustraliaPaymentsAustralia / US
GoHighLevelCRM, e-signatureUnited States
AnthropicAdmin AI toolingUnited States
ResendTransactional emailUnited States
SentryError monitoringUnited States

We do not sell your personal information.

6. Cross-border disclosure

Some processors are outside Australia. By using the Platform you consent to processing in those jurisdictions. We use processors with mature security programmes (SOC 2 / ISO 27001 equivalent) and APP-equivalent contractual data processing agreements. APP 8.2 may apply.

7. How we protect your information

TLS 1.2+ in transit, AES-256 at rest, RBAC, row-level security, 2FA admin access, regular security reviews, supplier risk assessment, staff training, NDB-aligned incident response.

8. How long we keep your information

Retention varies by category — incomplete Diagnostics 12 months, completed without engagement 24 months then anonymised, active client records Programme + 7 years, signed engagement letters 7 years, payment records 7 years, technical logs 90 days, Sentry 30 days.

9. Your rights

Access, correction, complaint, marketing withdrawal. Email privacy@doitwithclarity.org. Response within 30 days. Identity verification may be required.

10. Data breach response

NDB-aligned procedure. Containment within 24 hours, serious-harm assessment within 30 days, OAIC + affected-individual notification where required.

11. Cookies and tracking

Essential cookies only (authentication, session). No third-party advertising or tracking cookies.

12. Children

Platform is for business use, not directed at individuals under 18.

13. Changes to this Policy

Material changes emailed to active users 14 days in advance, posted on Platform. Continued use = acceptance.

14. Complaints

privacy@doitwithclarity.org with subject "Privacy complaint." Acknowledge within 7 days, respond within 30 days. Unresolved complaints go to OAIC (oaic.gov.au, 1300 363 992).

15. Contact us

privacy@doitwithclarity.org · Privacy Officer, Clarity Systems, [address pending]


Appendix — third-party processor links

  • Supabase: supabase.com/privacy
  • Vercel: vercel.com/legal/privacy-policy
  • Stripe: stripe.com/au/privacy
  • GoHighLevel: gohighlevel.com/privacy-policy
  • Anthropic: anthropic.com/privacy
  • Resend: resend.com/legal/privacy-policy
  • Sentry: sentry.io/privacy