Privacy Policy

Overview

This Privacy Policy describes how ClearCUI ("we," "us") collects, uses, and protects information in connection with the ClearCUI website (clearcui.com) and the ClearCUI Pro platform (app.clearcui.com).

Free tools

The SPRS Score Calculator, CMMC Readiness Quiz, and Compliance Cost Estimator run entirely in your browser. Data you enter is stored in your browser's local storage and is not transmitted to any ClearCUI server. Clearing your browser data will erase your progress.

ClearCUI Pro

When you create a ClearCUI Pro account, we collect your email address, organization name, and payment information (processed by Stripe). Assessment data you enter, including control determinations, responsible roles, technical mechanisms, and evidence locations, is stored in US-based cloud infrastructure (Supabase, hosted in Ohio, US East).

We do not collect, store, or transmit Controlled Unclassified Information (CUI). ClearCUI Pro captures compliance metadata describing how you protect CUI, not CUI content itself.

AI-generated documents

When you generate a document (SSP, POA&M, or family policy), your structured assessment data and organization profile are transmitted to Anthropic and OpenAI API endpoints for processing. Generated documents are stored in our database and associated with your account.

Anthropic and OpenAI do not use API inputs to train their models per their standard data-use policies. See anthropic.com/privacy and openai.com/policies.

Data retention and deletion

You may delete your account at any time from the settings page. Deletion removes your account, assessment data, and generated documents from our active systems within 30 days.

Cookies

We use a single session cookie issued by Supabase for authentication. We do not use third-party advertising or cross-site tracking cookies.

Contact

Questions about this policy: info@clearcui.com.