Privacy Policy

How ClaroVision handles personal information, in line with POPIA. Effective date: on publication.

1. Who we are

ClaroVision ("we", "us") provides AI shelf-intelligence software to businesses. Contact: hello@claro.vision. Our Information Officer can be reached at the same address.

2. Scope

This policy covers personal information when you visit claro.vision, contact us, or use the ClaroVision application as an authorised user. For business data we process on a customer's behalf, the customer is the responsible party and we act as operator under a Data Processing Agreement.

3. What we collect

• Website visitors: only what you give us (name, email, message). We use privacy-first, cookieless analytics — aggregate stats only, no advertising trackers.
• App users: name, work email, role, and authentication data needed for access.
• Shelf photographs: uploaded by field reps. These can incidentally capture people — faces are automatically blurred on upload, before the image is stored. We do not seek to identify anyone.
• Technical: standard server logs (IP, timestamp, request) for security.

4. Why we use it

To provide and secure the service, respond to enquiries, and meet legal obligations. Our lawful bases are performance of a contract, our legitimate interests in running the service, and your consent where it applies. We do not sell personal information, and we do not use customer images to train shared AI models unless the customer opts in.

5. Who we share it with

Only service providers needed to run ClaroVision, under appropriate safeguards: a cloud hosting provider (South African data centre for the application) and an AI vision provider (Google Gemini) that processes shelf images to extract data. Each customer's data lives in a separate, isolated database — no customer can access another's.

6. Cross-border processing

Some processing (currently AI vision) may occur outside South Africa. POPIA permits this with adequate safeguards; we rely on the provider's contractual protections and process the minimum needed. The core application is hosted in South Africa.

7. How long we keep it

Only as long as needed, or as the law requires. On contract end, a customer's data is exported to them and then deleted in full. Logs are kept for a limited period for security.

8. How we protect it

HTTPS/TLS in transit, per-customer database isolation, automatic face-blur on ingest, login rate-limiting, access controls, and integrity-checked backups. No system is perfectly secure, but we take reasonable, industry-standard measures.

9. Your rights (POPIA)

You may access, correct, or delete your personal information, object to processing, and complain. Email hello@claro.vision to exercise these. You may also complain to the Information Regulator (South Africa). App users: some requests are routed to your employer as the responsible party.

10. Cookies

No advertising or cross-site tracking cookies. Analytics, if enabled, are cookieless and aggregate. The application uses a single essential session cookie to keep you logged in.

11. Changes

We may update this policy; the effective date will change and material updates will be notified.

12. Contact

hello@claro.vision · ClaroVision, South Africa.