Sign in

Klari Privacy Policy

Effective April 28, 2026 · Last updated May 9, 2026

This Privacy Policy explains how KLARI, LLC(“Klari,” “we,” “us,” or “our”) collects, uses, and shares personal information when you use the Klari website at meetklari.com, the application at app.meetklari.com, and any related services (collectively, the “Service”). Capitalized terms not defined here have the meanings given in our Terms of Service.

If you have questions or want to exercise your privacy rights, contact us at brenna@meetklari.com.

1. Quick summary

Plain-English version of what’s below:

  • What we do: we run an AI-powered resume analysis tool. You upload a resume, paste a job description, and get an informational analysis.
  • What we do with your resume: we send the extracted text to our AI provider (Anthropic) to generate the analysis, store it briefly while you review it, and then delete it within roughly 24 hours.
  • Your rights: you can access, correct, or delete your information by emailing us, and you can delete your account yourself from the Service.

What Klari doesn’t do

  • We don’t sell or “share” your personal information.
  • We don’t use your resume or job-description content to train AI models. Under our API arrangement with our AI provider, your inputs and outputs aren’t used to train its models either.
  • We don’t run third-party analytics, advertising cookies, tracking pixels, or affiliate tracking. No Google Analytics, Meta Pixel, TikTok Pixel, or LinkedIn Insight tag.
  • We don’t buy personal information from data brokers or enrich your account from outside sources.

The full policy below has the legal detail.

2. Information we collect

2.1 Information you provide

Account information. When you create an account, we collect your name and email address. If you set a password, the password is hashed and stored by our authentication provider; we never see your plaintext password. If you sign in with Google, we receive your email address, name, and basic Google profile metadata in place of a password.

Resume content. When you upload a resume, we extract the plain text from the file and store only that text in your private storage area. The original binary file is not retained. We replace any prior resume text on re-upload.

Job description content. When you paste a job description, we use it for that analysis. We do not persist the job-description text in our database after the analysis completes.

Analysis output. The AI-generated analysis (a structured set of sections plus category metadata) is stored briefly while you review and export it.

Payment information. When you subscribe, our payment processor (Stripe) collects your payment method directly. Klari never receives or stores your full card number, CVV, or full payment credentials. From Stripe we receive your subscription status, customer ID, billing email, invoice and subscription event metadata, and other billing information Stripe makes available to us for account administration.

Feedback and communications. If you give thumbs-up or thumbs-down on an analysis, we record that signal along with an optional reason code chosen from a fixed list (we do not collect free-text comments on analysis feedback). If you contact us by email, we receive your message and email address.

Cancellation feedback. If you cancel a subscription, we may collect a structured reason code and an optional free-text comment.

2.2 Information collected automatically

Cookies set by Klari. We use a small number of strictly necessary cookies, all of which are HttpOnly, Secure, and SameSite=Lax:

  • Authentication cookies — used to keep you signed in. Lifetime: your session.
  • Short-lived operational cookies — used to maintain account state and operate the Service. These expire within minutes.

We do not set advertising cookies, analytics cookies, or third-party tracking cookies. We do not embed Google Analytics, Meta Pixel, TikTok Pixel, LinkedIn Insight, or any similar tracker in the Service.

Third-party cookies. When you interact with third-party services through Klari — for example, signing in with Google or completing checkout via Stripe — those providers may set their own cookies and collect information under their own privacy policies. We do not control those cookies.

Server logs. Our application logs operational metadata (a request ID, your user ID, your session ID, and error codes) in connection with each request. We do not log the contents of your resume, your job description, or your AI-generated analysis.

Hosting-level logs. Our hosting and infrastructure providers may collect and retain technical request data, including IP addresses, user-agent strings, and timestamps, for their own security and operational purposes. We do not control the retention windows of those provider logs.

Approximate region. We may infer an approximate geographic region from request metadata to support security, fraud prevention, and applicable legal compliance.

2.3 Information from third parties

Google (if you use Sign in with Google).We receive the data described in §2.1 from Google’s OAuth response.

Stripe.We receive subscription, customer, and billing event data described in §2.1 from Stripe’s webhooks.

We do not buy personal information from data brokers or enrich your account with information sourced from third parties.

3. How we use your information

We use the categories of information described above to:

  • Provide the Service — authenticate you, parse and analyze your resume, generate output, deliver and export results, and operate your account.
  • Process payments — through Stripe, manage subscriptions, handle renewals, and respond to billing events.
  • Communicate with you — send or facilitate transactional messages, including account confirmations, password resets, billing notifications, security alerts, and responses to support requests. Some authentication-related messages are sent through our authentication provider on our behalf.
  • Maintain the security and integrity of the Service — detect and prevent fraud and abuse, enforce rate limits, prevent duplicate use of the free analysis, defend against attacks, and investigate violations of our Terms.
  • Improve the Service — analyze de-identified, aggregated usage signals (for example, what role categories are commonly analyzed and which sections of output receive positive or negative feedback) to improve quality. This work uses metadata only — never your resume or job-description text.
  • Comply with legal obligations — meet tax, accounting, audit, and other legal requirements; respond to lawful requests from authorities.
  • Enforce our Terms — investigate and act on suspected violations.

Legal bases (EU/UK/EEA users)

If GDPR or UK GDPR applies to you, we rely on the following legal bases:

  • Performance of a contract (Article 6(1)(b)) — to provide the Service you signed up for, including running the analysis, processing payments, and managing your account.
  • Legitimate interests (Article 6(1)(f)) — to keep the Service secure, prevent fraud and abuse, prevent duplicate free-trial claims, and improve the Service using de-identified analytics. Our legitimate interests are balanced against your rights and freedoms; you can object to processing on this basis as described in §8.
  • Legal obligation (Article 6(1)(c)) — to retain billing records and respond to lawful requests.
  • Consent (Article 6(1)(a)) — for any processing where we ask for consent (e.g., optional marketing emails, if and when introduced). You may withdraw consent at any time without affecting prior processing.

Sensitive and special-category data. Your resume or job description may contain information that is considered sensitive or special-category personal data under some laws (for example, references to health, religious or trade-union affiliations, ethnic origin, or veteran status). We process this user-submitted content only to provide the analysis you request, secure the Service, and comply with our legal obligations. We do not use it to infer protected characteristics about you, build advertising or third-party profiles, or make employment decisions about you.

4. How AI processing works

The Service relies on a third-party large language model operated by Anthropic (currently the Claude family of models). When you submit an analysis:

  1. We extract the text of your resume and combine it with the job description you provide.
  2. We send that text to Anthropic’s API for inference.
  3. Anthropic returns a structured analysis, which we store on your account and display to you.

What goes to Anthropic: the extracted resume text and the job-description text. What does not go to Anthropic: your name, email address, IP address, account ID, payment information, or any other directly identifying account data.

No training on your content.Under our API arrangement with Anthropic, your inputs and outputs are not used to train Anthropic’s models. Klari likewise does not use your resume or job-description content to train any model.

Output is AI-generated and may be wrong. Output is generated statistically and may contain errors, omissions, or statements that are not accurate for your specific situation. Klari is not a recruiter or career counselor, and the output is not professional advice. See the Terms for the full disclaimer.

5. How we share your information

We share your information only with the categories of recipients below.

5.1 Service providers (subprocessors)

We share information with vendors who process it on our behalf, under contract, only to provide services to us. The current list:

  • Vercel — hosting and operational logging (United States).
  • Supabase — authentication, database, and file storage (United States, on AWS infrastructure).
  • Anthropic — AI inference (United States).
  • Stripe — payment processing, subscription management, and tax calculation (United States and globally for cross-border payments).
  • Upstash — rate limiting and operational caching (United States).
  • Google — OAuth sign-in (United States and globally).
  • Resend — transactional email delivery, including authentication messages such as password resets and signup confirmations (United States).

We may add or change subprocessors over time. We will update this list when we make material changes.

5.2 Legal and protective disclosures

We may disclose information when we have a good-faith belief it is necessary to (a) comply with applicable law, regulation, legal process, or governmental request, (b) enforce our Terms, (c) detect, prevent, or address fraud, security, or technical issues, or (d) protect the rights, property, or safety of Klari, our users, or the public.

5.3 Business transfers

If Klari is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or in-app notice) if your information becomes subject to a materially different privacy policy.

5.4 With your direction

We will share information at your direction or with your consent (for example, if you ask us to do so in support of a request).

5.5 De-identified and aggregated data

We may create and use de-identified or aggregated information that does not identify you for any lawful purpose, including improving the Service. We commit not to attempt to re-identify de-identified data.

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising.

6. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy. Specifically:

DataRetention
Account profile (email, name)Until you delete your account
Subscription recordsUntil you delete your account, then per legal/accounting requirements (typically 7 years for tax records held by Stripe and Klari)
Resume text (in your private storage)Deleted when you log out, delete the resume, delete your account, or through our short-retention cleanup process — typically within about 24 hours
Job description textNot stored in our database after the analysis completes; the text is processed by our AI provider to generate the analysis and may be reflected in the analysis output shown to you
Analysis outputTypically deleted within about 24 hours
Server logs (operational metadata only)Up to 30 days, longer if needed for security investigations
Free-trial fraud-prevention recordLimited information needed to prevent duplicate free-trial claims, retained for up to 365 days after account deletion, then hard-deleted.
Account deletion audit recordA limited, cryptographically hashed record retained for fraud and abuse prevention. It does not contain readable identifying information.
Cancellation feedbackAnonymized at account deletion (your user ID is overwritten); the anonymized comment may be retained indefinitely for quality analysis
De-identified aggregate analyticsRetained indefinitely; contains no user identifier
Stripe customer recordStripe retains the customer object after account deletion for its own records; we cancel any active subscription
Support communicationsRetained as long as reasonably necessary to respond to your request, maintain business records, resolve disputes, and comply with legal obligations
Hosting-provider logs (Vercel, Supabase, etc.)Per each provider’s retention policy; we do not control these windows

We may retain information longer if we are required to do so by law or where reasonably needed to defend against, investigate, or pursue legal claims.

7. International data transfers

Klari is based in the United States, and our subprocessors are primarily based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our subprocessors operate. These countries may have data-protection laws different from those in your country.

For transfers from the EEA, UK, or Switzerland to the United States, we use legally recognized transfer mechanisms where required, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by additional safeguards where appropriate. You may request information about the relevant transfer mechanisms by emailing brenna@meetklari.com.

8. Your privacy rights

8.1 Rights available to everyone

Regardless of where you live, you can:

  • Access and review the personal information in your account by signing in.
  • Manage your subscription, reset your password, and request account deletion from your Account page. To change your name or email address, contact us at support@meetklari.com.
  • Delete your account from your Account page. Account deletion is described in §11.
  • Cancel your subscription at any time from your Account page.
  • Contact us at brenna@meetklari.com with any privacy question or request.

8.2 EU/UK/EEA residents (GDPR and UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights, subject to the conditions and exceptions set out in applicable law:

  • Right of access — to obtain confirmation of whether we process your personal information and a copy of it.
  • Right to rectification — to have inaccurate personal information corrected and incomplete information completed.
  • Right to erasure (“right to be forgotten”) — to have your personal information deleted.
  • Right to restriction — to restrict our processing in certain circumstances.
  • Right to data portability — to receive your personal information in a structured, commonly used, machine-readable format.
  • Right to object — to object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaint — with your local data-protection authority. A list is available at edpb.europa.eu.

8.3 California residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it. The categories we collect map to the disclosures in §2 above and include: identifiers, internet or other electronic network activity, commercial information, professional or employment-related information (the contents of your resume and the job descriptions you submit), and customer records.
  • Right to delete the personal information we have collected about you, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to portability — to receive your personal information.
  • Right to limit the use of sensitive personal information — your resume may contain sensitive personal information as defined under California law. We do not use sensitive personal information for purposes that would require offering a separate right to limit, such as inferring characteristics about you. You may still request access, deletion, or correction as described above.
  • Right to opt out of sale or sharing Klari does not sell personal information and does not share personal information for cross-context behavioral advertising. No “Do Not Sell or Share My Personal Information” mechanism is required because we do not engage in those activities.
  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

You may also designate an authorized agent to make a request on your behalf; we will require verification of your identity and the agent’s authority.

California “Shine the Light” (Civil Code §1798.83): We do not share personal information with third parties for their direct-marketing purposes.

8.4 How to exercise your rights

To exercise any privacy right, email brenna@meetklari.comwith the subject line “Privacy Request” and describe what you’d like to do. To protect your information, we will verify your identity (typically by confirming the request from the email address associated with your account; we may request additional information in some cases).

We will respond within the time required by applicable law — generally within 45 days for California requests (extendable by another 45 days with notice) and within one month for GDPR requests (extendable by an additional two months for complex requests).

We will not discriminate or retaliate against you for exercising any of these rights.

9. Children

The Service is intended for adults. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided personal information to us, please contact brenna@meetklari.com and we will delete the information promptly.

10. Security

We use a combination of administrative, technical, and physical safeguards designed to protect your information. These include encryption of data in transit and at rest, access controls limiting employee access to personal data on a need-to-know basis, isolation between user accounts so each user’s data is accessible only to that user, rate limiting and abuse-prevention controls, identity re-verification on sensitive operations such as account deletion, and operational logging that excludes the contents of resumes, job descriptions, and analyses.

No security control is perfect, and we cannot guarantee that information will never be accessed without authorization. If we discover a security incident affecting your information, we will notify you and the appropriate authorities as required by law.

11. What happens when you delete your account

When you delete your account from the Account page, we:

  • Cancel any active Stripe subscription.
  • Hard-delete your profile, your resume content, and your session records.
  • Hard-delete your subscription record from our database.
  • Anonymize your cancellation feedback (we overwrite the user-ID link).
  • Record a limited, cryptographically hashed audit entry to support fraud-prevention and abuse-investigation needs. This entry does not contain readable identifying information.
  • Retain a limited fraud-prevention record for up to 365 days after deletion to prevent duplicate free-trial claims, then hard-delete it.
  • Delete your authentication record from our authentication provider.

After deletion, your information is no longer recoverable by you. The Stripe customer object remains in Stripe for Stripe’s own records.

Support communications are not automatically deleted. Account deletion does not delete emails or other messages you previously sent to us. Those are retained as ordinary business records in our email system unless you separately request deletion (and deletion is permitted under applicable law).

If you’d like a copy of your information before you delete your account, request it by email under §8.4.

12. Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will provide reasonable advance notice (for example, by email to the address associated with your account or by an in-app notice) before the change takes effect. The “Last Updated” date at the top of this Policy identifies the most recent revision. If you continue to use the Service after the effective date, the updated Policy applies to our processing of your personal information from that date forward.

13. Contact us

For privacy questions or to exercise your rights:

Email: brenna@meetklari.com (subject: “Privacy Request”)

Mail:
KLARI, LLC — Privacy
124 W. Allegan St., Suite 1000
Lansing, MI 48933
United States

For EU/UK/EEA users: KLARI, LLC is the data controller for your personal information. Klari has not appointed an Article 27 EU representative or a UK representative; if and when one is appointed, this Policy will be updated.

© 2026 KLARI, LLC. All rights reserved.