We collect as little as possible.

toClarity is operated by Jean-Jacques Dreier, trading as toClarity, a sole proprietorship (jednoosobowa działalność gospodarcza) registered with CEIDG in Poland. For GDPR purposes, this is the data controller. Our tax identifiers are NIP 8971702832 and REGON 544824010, and our registered business address is a virtual office at Plac Solny 14/3, 50-062 Wrocław, Poland.

Throughout this policy, "we", "us", and "toClarity" refer to that operator.

For any privacy question or request, contact support@toclarity.app.

When you create an account:your email address and authentication identifiers via our identity provider, Clerk. We don't store passwords directly. If you use a social sign-in (Google, etc.), we receive only the basic identifiers that provider exposes.

When you buy a Day Pass, Monthly, or Annual subscription: payment is processed by Stripe. We receive transaction status and the billing email tied to the payment. We never receive or store your full card number, CVV, or other sensitive card data — that stays with Stripe under PCI-DSS Level 1 security.

When you sign up for the newsletter: your email address only, stored with our email provider Resend. You can unsubscribe at any time using the link in any email.

When you visit any page: anonymous, aggregated traffic statistics via Plausible Analytics. No cookies, no cross-site tracking, no individual user profiles. Plausible is EU-hosted and GDPR-compliant by design.

We don't ask you for health data. We don't store anything you read or click within the platform. We don't set advertising or third-party tracking cookies. We don't sell, rent, or share your information with advertisers, data brokers, or third parties for marketing.

Account data is used to authenticate you, manage your subscription tier and access entitlements, and communicate essential service messages (receipts, renewal notices, security alerts).

Newsletter email is used only to send the newsletter you signed up for. We don't merge newsletter subscribers with paid account data for marketing.

Aggregated analytics help us understand which Health Areas and Topics are most read, so we know what content to prioritize.

Our infrastructure providers are all GDPR-compliant and contractually bound to data protection standards equivalent to EU requirements:

Clerk (authentication): hosted in the EU and US; handles your login credentials and account identifiers. Clerk privacy policy.

Stripe (payments): PCI-DSS Level 1 certified; processes card information and stores billing data. Stripe privacy policy.

Plausible (analytics): EU-hosted; no cookies, no personal data, no tracking. Plausible privacy approach.

Resend (email delivery): handles transactional and newsletter email sending. Resend privacy policy.

Vercel (hosting) and Cloudflare (DNS, email forwarding): infrastructure providers handling network requests and email routing.

Airtable (content database): stores the editorial content displayed on the site. Does not store user-personal information.

Account data is kept for as long as your account is active, plus 12 months after account closure for billing and compliance records. After that, we delete it or anonymize it.

Payment records are kept for the period required by Polish tax law (typically 5 years for invoices).

Newsletter subscribers are kept until they unsubscribe.

If you live in the European Economic Area, the UK, or Switzerland, you have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.

Correction:ask us to fix anything that's inaccurate.

Deletion: ask us to delete your account and associated data (subject to legal record-keeping minimums).

Portability: get your data in a machine-readable format.

Objection: stop us from using your data for specific purposes (such as the newsletter).

To exercise any of these rights, email support@toclarity.app. We respond within 30 days as required by law.

You also have the right to lodge a complaint with your local data protection authority. In Poland, that is Urząd Ochrony Danych Osobowych (UODO).

We use only the cookies strictly necessary to keep you signed in (set by Clerk) and to process payments (set by Stripe during checkout). We do not set marketing, advertising, or third-party analytics cookies. Because we don't use tracking cookies, we don't show a cookie consent banner.

Some of our providers (notably Clerk and Stripe) may process data in the United States. They do so under the EU-US Data Privacy Framework and standard contractual clauses approved by the European Commission, which provide GDPR-equivalent protection.

toClarity is intended for adults. We don't knowingly collect data from anyone under 16. If you believe a minor has created an account, contact us and we'll delete it.

If we materially change how we handle your data, we'll update this page and, for substantive changes, email registered account holders. The "Last updated" date at the bottom of this page reflects the most recent version.