Privacy Policy

Last updated: 5 April 2026

This Privacy Policy describes how Clerius (“we”, “us”, “our”) collects, uses, and protects information when you use the Clerius application at app.clerius.ai and related services (the “Service”).

1. Information We Collect

Account Information

When you create an account, we collect your name and email address through our authentication provider (Clerk). We do not store passwords — authentication is handled entirely by Clerk.

Business Data

To provide the Service, we process the following data that you upload or connect:

  • Vendor bill PDFs and their extracted contents (vendor names, invoice numbers, amounts, line items)
  • NetSuite configuration data (vendors, accounts, subsidiaries, tax codes, departments, classes, locations)
  • NetSuite API credentials (OAuth 2.0 client ID and private key)
  • Microsoft 365 email credentials (OAuth tokens) if you use email ingestion

Usage Data

We log API usage metrics (request counts, AI token usage) and error logs for service monitoring and billing purposes. These logs include your client identifier but do not contain the content of your invoices or financial data.

2. How We Use Your Information

We use your information solely to:

  • Provide the Service: extracting invoice data, matching vendors, coding general ledger entries, and pushing bills to NetSuite
  • Operate the AI assistant (Cleria) to help you configure and manage your account
  • Monitor service health, diagnose errors, and improve reliability
  • Enforce usage limits and calculate service costs
  • Communicate with you about your account or service issues

We do not use your data for advertising, marketing to third parties, or training AI models.

3. AI Processing

The Service uses Anthropic's Claude API to extract data from invoice PDFs and power the Cleria AI assistant. Your invoice PDFs and chat messages are sent to Anthropic's API for processing. Anthropic's data usage policy applies to this processing — Anthropic does not use API inputs or outputs to train their models.

4. Data Storage and Security

  • All data is stored on servers in the United States (Railway infrastructure)
  • NetSuite credentials and Microsoft 365 tokens are encrypted at rest using AES-256-GCM
  • All data in transit is encrypted via TLS/HTTPS
  • Database access is isolated per client using PostgreSQL Row-Level Security with enforced policies
  • The application connects to the database using a restricted role that cannot modify the database schema
  • We apply rate limiting, input sanitisation, and abuse protection across all endpoints

5. Data Sharing

We do not sell, rent, or share your data with third parties except:

  • Anthropic — invoice PDFs and chat messages are processed via their Claude API
  • Clerk — authentication is handled by Clerk (they receive your email and name)
  • Microsoft — if you enable email ingestion, we access your mailbox via Microsoft Graph API using your authorised credentials
  • Legal requirements — we may disclose data if required by law or to protect our rights

6. Data Retention

  • Your business data (vendors, bills, configuration) is retained for as long as your account is active
  • AI chat conversations are stored in memory only and are automatically deleted after 2 hours
  • API usage logs and error logs are retained for 12 months
  • If you request account deletion, we will delete all your data within 30 days

7. Your Rights

You may:

  • Access your data at any time through the Service
  • Export your data via CSV export or NetSuite push
  • Delete your account and all associated data by contacting us
  • Disconnect third-party integrations (NetSuite, Microsoft 365) at any time through the Configuration page

8. Cookies

The Service uses only essential cookies required for authentication (set by Clerk). We do not use analytics cookies, tracking pixels, or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at:

Email: info@clerius.ai