Privacy
Public privacy posture for payroll-sensitive operations.
A buyer-safe summary of how ClaraOps handles public contact details, payroll and practice operations data, SimplePractice and Google Workspace source context, support access, retention workflows, subprocessors, analytics, and privacy contact paths.
Legal entity and product names
ClaraOps, Clara Compliance, and Clara Admin Suite are product, service, or module names offered by Clara Management Services, LLC. They are not separate legal entities and are not registered DBAs unless a later approved legal update says otherwise. Billing, invoices, payment instructions, procurement requests, legal notices, and formal agreements are handled by Clara Management Services, LLC.
Public lead capture
Public forms should collect only basic contact, role, readiness, source-system, and workflow context; they should not request PHI, payroll files, employee SSNs, raw payroll rows, credentials, or sensitive compliance details.
Protected app boundary
Payroll and practice operations data belongs behind authenticated, tenant-scoped app routes with admin or delegated-operator review.
Source systems
SimplePractice and Google Workspace source context is used only when a customer authorizes it for payroll-readiness review, export, support, and audit workflows.
Support access
support access requires consent or reviewed break-glass approval; customer-visible support audit entries should stay redacted.
Retention and rights
reviewed export, retention, deletion, and backup-window workflows keep requests accurate instead of instant unreviewed changes. Privacy questions and rights requests go through brent@claracaps.com during guided start.
Subprocessors and destinations
Secure application, database/storage, Google Drive when configured, and approved email/provider workflows are the current vendor/destination categories. Customer-controlled destinations, such as an exported Google Drive folder, are governed by the customer after export.
Analytics
Analytics stays conservative: no session replay, heatmaps, ad pixels, cross-site retargeting, third-party behavioral profiling, keystroke capture, form-field analytics, PHI, payroll files, employee SSNs, raw payroll rows, credential-derived values, raw query strings, or free-text form answers. Non-essential cookies, persistent browser identifiers, third-party identifiers, and tracking on demo/fit-check/contact/legal/security/privacy/pricing/support paths require opt-in and a documented implementation plan before implementation. Current posture is aggregate cookie-free page/CTA counts and first-party security/abuse logs only.
Last updated
May 27, 2026
This is public policy posture for guided-start evaluation, not a DPA, BAA, legal terms document, certification claim, or instant deletion promise.
Current scope
Current privacy scope
Public forms stay buyer-safe and protected payroll/practice operations data stays behind authenticated, tenant-scoped workflows. Public pages explain the current guided-start privacy posture without creating a DPA, BAA, instant deletion promise, or certification claim.
Contact
Privacy or rights requests
Email privacy@claracaps.com without PHI, payroll files, employee SSNs, credentials, raw payroll rows, exploit payloads, or sensitive customer data.
Runtime smoke boundary
What was checked for guided-start readiness
Source-backed launch smoke checks confirm privacy, terms, and security routes are public; protected app routes remain auth/no-store bounded; public demo paths avoid sensitive fields; robots and sitemap keep public policy pages separate from protected app surfaces.