> DRAFT — NOT LEGAL ADVICE — requires review by a qualified software/IP + privacy lawyer before use.
> This document is a first draft for lawyer redline. Legal bases, retention periods, and jurisdictional carve-outs must be confirmed by a qualified privacy lawyer before publication. See flagged items throughout.
Privacy Policy
Clazro Technology Private Limited
Product: Khushi desktop agent (macOS Beta)
Last updated: [DATE]
1. Who We Are (Data Controller)
Clazro Technology Private Limited ("Clazro," "we," "us," "our") is the data controller for personal data processed in connection with the Khushi desktop agent.
Registered address: [Lawyer/founder to insert registered address]
Company Identification Number (CIN): [Insert]
Contact: singhaldeoli106@gmail.com
EU/EEA Representative (Art. 27 GDPR): *(Lawyer flag — see Section 10. An Art. 27 representative must be appointed before the Software is made available to EU/EEA users. This is a mandatory, executable action, not a draft clause.)*
2. What This Policy Covers
This policy describes how Clazro collects, processes, stores, and shares personal data when you use the Khushi macOS desktop agent. It is consistent with and supplements the in-product PRIVACY.md notice provided with the Software.
This policy does not cover data processed by the AI Providers you configure (e.g., Anthropic, AWS Bedrock, Google, OpenAI). Those providers are independent data controllers or processors under their own terms. You should review their privacy policies separately.
3. Data We Collect and How We Use It
3.1 Data You Provide Directly
| Data | How collected | Purpose |
| Goal text | You type it in the app | To instruct the AI agent to perform a task |
| AI Provider API key (BYOK Key) | Entered during setup | Stored in macOS Keychain to authenticate API calls; never sent to Clazro |
| Email address (account) | Registration / purchase | Account management, billing, support, legal notices |
3.2 Data Captured Automatically During Agent Runs
| Data | Description | Purpose |
| Screenshots | Screenshots of your active application window (or full screen as fallback). May include any content visible on screen, including personal or sensitive content belonging to you or visible third parties. May be downscaled but otherwise unmodified before transmission. | Required to enable the AI model to understand screen state and decide what action to take. |
| Accessibility (AX) element metadata | Element titles, roles, positions, and sizes of the frontmost application's UI. Element titles may contain personal content (email subjects, document titles, contact names, file names). | Required to enable the AI model to identify interactive elements. |
| Clipboard contents | Only when an agent step explicitly reads the clipboard. | To allow the agent to read or use clipboard data as part of the goal. |
Lawyer flag — screenshots containing third-party PII: Screenshots may capture content relating to third parties (e.g., email correspondence, contact details visible on screen). Clazro's legal basis for processing this is intended to be contract performance (GDPR Art. 6(1)(b)) — i.e., processing is necessary to provide the service the user has contracted for. Lawyer must assess whether contract performance is a sufficient basis for processing third-party PII incidentally captured in screenshots, or whether a different basis (e.g., legitimate interests under Art. 6(1)(f) with a balancing test) is more appropriate.
3.3 Data Stored Locally on Your Device
The following data is written to your Mac's local filesystem under the project data/ directory:
| File/Path | Contents |
data/app-mastery/<app>/exploration.jsonl | UI element metadata (may include personal content in element titles) |
data/app-mastery/<app>/screenshots/ | Full-window PNG screenshots (automatically pruned by age and count) |
data/traces/task-runs.jsonl | Goal text, agent reasoning steps, and action plans |
This data is stored locally and is not transmitted to Clazro's servers. It is under your exclusive control. Delete it at any time by removing the data/ directory.
3.4 Data Transmitted to AI Providers (Subprocessors)
Screenshots and on-screen text are transmitted to the AI Provider you configure. This transmission goes directly from your Mac to the AI Provider; it does not pass through Clazro's servers.
Clazro's role in this transmission is limited to configuring the API call using your BYOK Key. The AI Provider receives and processes the data under its own terms. Clazro does not receive, store, or process this data on its own infrastructure.
*(Lawyer flag: Clazro is arguably not a data controller for this transmission since it does not determine the purpose or means of the AI Provider's processing. However, Clazro does determine that screenshots will be sent to an AI Provider as part of the service design. Lawyer to advise on controller/processor classification and whether DPAs are required with each AI Provider under GDPR Art. 28.)*
3.5 Telemetry and Usage Data
*(Lawyer/founder: confirm whether any telemetry, crash reports, or usage analytics are collected. If yes, describe here. If no, state: "The Software does not currently collect telemetry or usage analytics from your device.")*
4. Legal Bases for Processing (GDPR)
For users in the EU/EEA/UK, we rely on the following legal bases under GDPR Art. 6:
| Processing activity | Legal basis |
| Operating the agent (screenshots, AX data, goal text) | Art. 6(1)(b) — contract performance: processing is necessary to perform the service you have contracted for. |
| Storing AI Provider API keys in macOS Keychain | Art. 6(1)(b) — contract performance |
| Account management and billing | Art. 6(1)(b) — contract performance and Art. 6(1)(c) — legal obligation (e.g., tax records) |
| Sending legal notices and policy updates | Art. 6(1)(f) — legitimate interests: Clazro's legitimate interest in maintaining a lawful contract relationship |
Lawyer flag: Confirm that Art. 6(1)(b) covers incidental capture of third-party PII in screenshots. If not, a legitimate-interests assessment (LIA) under Art. 6(1)(f) may be required, and the LIA should be documented before launch.
Special-category data (Art. 9 GDPR): Screenshots may incidentally capture special-category data (health information, political opinions, etc.) visible on screen. Lawyer to advise on the applicable basis and whether a policy on inadvertent special-category data capture is required.
5. Recipients and Subprocessors
| Recipient | Role | Data shared | Location | Privacy terms |
| AWS Bedrock (Amazon Web Services) | AI Provider (default) | Screenshots, AX text, goal text | USA (and AWS region you select) | https://aws.amazon.com/privacy/ |
| Anthropic | AI Provider (optional) | Screenshots, AX text, goal text | USA | https://www.anthropic.com/privacy |
| Google (Gemini API) | AI Provider (optional) | Screenshots, AX text, goal text | USA (and Google regions) | https://policies.google.com/privacy |
| OpenAI | AI Provider (optional) | Screenshots, AX text, goal text | USA | https://openai.com/policies/privacy-policy |
| Ollama | AI Provider (optional — local) | Screenshots, AX text, goal text | Local device only — data does not leave your machine | N/A |
| Payment processor | Payment processing | Billing data | [Lawyer/founder to insert: e.g., Stripe, Razorpay] | [Insert link] |
*(Lawyer flag: Under GDPR Art. 28, if Clazro acts as a controller for data sent to AI Providers, it must have a Data Processing Agreement (DPA) with each provider. AWS and Anthropic offer standard DPAs — confirm these are executed before launch. Google and OpenAI similarly offer DPAs. This is a must-execute item, not a draft clause.)*
6. International Data Transfers
Your screenshots and on-screen text are transmitted to AI Providers located primarily in the United States. This constitutes an international transfer of personal data from the EU/EEA under GDPR Chapter V.
Transfer mechanism: Data sent to AI Providers relies on the providers' own transfer mechanisms (e.g., Standard Contractual Clauses, Data Privacy Framework certification, or other approved mechanisms). Clazro does not itself transfer data to third countries from its own servers, as data flows directly from your device to the AI Provider.
*(Lawyer flag: Confirm the transfer mechanism for each AI Provider. AWS uses SCCs. Anthropic uses SCCs. Google uses SCCs/DPF. OpenAI uses SCCs. Verify current status and document in DPAs. India → EU transfers: India DPDP Act cross-border transfer restrictions are to be notified by the Government of India; monitor for notifications.)*
7. Data Retention
| Data | Retention |
Local screenshots (data/app-mastery/*/screenshots/) | Automatically pruned on-device (oldest first, capped by age and count). You can delete all by removing the data/ directory. |
| Local exploration and trace files | Retained on-device until you delete them. Remove the data/ directory to delete all. |
| macOS Keychain (API keys) | Retained until you delete the Keychain entry. Instructions in the Software's setup documentation. |
| Account and billing data (if held by Clazro) | Retained for the duration of your account plus [Lawyer to set — e.g., 7 years for tax/accounting records]. |
| Data at AI Providers | Governed by the AI Provider's own retention policy. Review each provider's terms. |
8. Your Rights
8.1 GDPR Rights (EU/EEA/UK users)
Under GDPR, you have the right to:
- Access (Art. 15): Request a copy of the personal data we hold about you.
- Rectification (Art. 16): Request correction of inaccurate data.
- Erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
- Restriction (Art. 18): Request restriction of processing in certain circumstances.
- Data portability (Art. 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract.
- Object (Art. 21): Object to processing based on legitimate interests.
- Lodge a complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority).
Note: Because most personal data processed by Khushi is stored locally on your device under your exclusive control, many of these rights can be exercised directly by you (e.g., by deleting the data/ directory). For data held by Clazro (e.g., account data), contact us at singhaldeoli106@gmail.com.
8.2 CCPA Rights (California users)
California residents have the right to:
- Know what personal information is collected and how it is used.
- Request deletion of personal information (subject to exceptions).
- Opt out of sale of personal information. *(Clazro does not sell personal information.)*
- Non-discrimination for exercising these rights.
To exercise CCPA rights, contact singhaldeoli106@gmail.com.
8.3 India DPDP Act Rights (Indian users)
*(Lawyer flag: The Digital Personal Data Protection Act 2023 (DPDP Act) introduces data-principal rights including access and correction. The detailed rules under the DPDP Act are pending notification by the Government of India as of this draft's date. Lawyer to update this section when rules are notified. In the interim, the rights below are based on the Act as passed.)*
Under India's DPDP Act, you have the right to:
- Access: Obtain information about your personal data processed by Clazro.
- Correction and erasure: Request correction or erasure of your personal data.
- Grievance redressal: Lodge a complaint with Clazro's Grievance Officer (see Section 9).
*(Lawyer: confirm consent-notice requirements under DPDP Act for screenshots. The DPDP Act requires a consent notice in plain language. The in-product PRIVACY.md consent step at setup is intended to address this; lawyer must confirm it meets the statutory requirement.)*
9. Grievance Officer (India — IT Act / DPDP Act)
*(Required under IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 and anticipated DPDP Rules.)*
Grievance Officer: [Name — founder to appoint; may be Khushi Goyal]
Email: singhaldeoli106@gmail.com
Response time: We aim to acknowledge grievances within 24 hours and resolve them within 15 days, as required by applicable law.
10. EU/EEA Art. 27 Representative
*(Lawyer flag — mandatory action before EU launch.)*
If and when the Software is made available to users in the EU/EEA, GDPR Art. 27 requires Clazro (as a non-EU controller offering services to EU data subjects) to appoint a representative in the EU/EEA. This appointment must be in writing and the representative's contact details must be disclosed.
Current status: [Not yet appointed — to be completed before EU users are onboarded.]
11. Security
Clazro implements reasonable technical and organisational measures to protect your account data, including:
- AI Provider API keys stored in the macOS Keychain (OS-level encryption).
- Local data files protected by macOS file-system permissions.
- Communications with AI Providers use TLS encryption in transit.
Clazro cannot guarantee that security measures will prevent all unauthorised access. The Software does not store screenshots or screen data on Clazro's servers; such data is processed on your device and transmitted directly to your chosen AI Provider.
12. Children
The Software is not directed at children under 18 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact singhaldeoli106@gmail.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by displaying a notice in the Software or by email. The "Last updated" date at the top of this document indicates when the most recent revision was made. Your continued use of the Software after changes take effect constitutes acceptance of the revised policy.
14. Contact
For privacy questions, access requests, or complaints:
Clazro Technology Private Limited
Email: singhaldeoli106@gmail.com
*(Lawyer to add: physical mailing address, DPO contact if required.)*
*End of Privacy Policy*