Klorra AI is a business-to-business platform sold to licensed builders. We collect what we need to operate the Service, we do not sell or share personal information for cross-context behavioral advertising, and our AI inference provider's commercial API terms applicable to Klorra do not use customer prompts or completions to train foundation models.

1. Scope of this Policy

This Privacy Policy describes how Klorra LLC, a Florida limited liability company ("Klorra," "we," "our," or "us"), collects, uses, discloses, and protects information in connection with the klorra.ai website, the Klorra AI software-as-a-service application, and the supporting application programming interfaces (collectively, the "Service"). This Policy is incorporated by reference into the Klorra Terms of Service.

Klorra's direct customers are business entities (each a "Builder" or "Subscriber"). Where Subscriber uploads plan files or other materials that contain personal information of third parties, the Subscriber is the controller (or business) of that information and Klorra processes it on the Subscriber's behalf as a processor (or service provider) under applicable U.S. state privacy laws.

Klorra is operated from the United States and currently markets the Service to Builders in any of the fifty (50) United States. The Service is not offered or directed to customers outside the United States.

2. Information We Collect

2.1 Account & Billing Information

When a Subscriber creates an account or purchases a plan, we collect: full name, business email address, company name, role/title (optional), telephone number (optional), profile photo (optional), and the billing details required by our payment processor. Stripe processes payment cards directly; we receive only a tokenized reference and the last four digits of the card. We do not store full payment-card numbers.

2.2 Subscriber Content

"Subscriber Content" includes the plan sets, specifications, addenda, project descriptions, photographs, and other files uploaded into the Service, plus the Deliverables we generate. Plan files routinely contain personal information of third parties — for example, the names and addresses of homeowners, the names of design professionals, contact details appearing on title blocks, and signatures. We treat such embedded personal information as Subscriber Content and process it only on the Subscriber's instructions to deliver the Service.

2.3 Usage & Telemetry

When you use the Service we automatically collect: pages visited, features used, bids submitted, approximate IP-derived location, browser and device characteristics, time stamps, and event identifiers necessary for diagnostics, security, and product analytics.

2.4 Cookies & Similar Technologies

We use cookies and similar technologies — primarily for authentication, session continuity, abuse prevention, and aggregate product analytics. See our Cookie Policy.

2.5 Communications

If you contact us, we collect the contents of your messages, your contact details, and any attachments. We use this information to respond and to maintain support records.

3. How We Use Information

We use the categories of information described above for any lawful business purpose, including to:

Provide, operate, secure, maintain, develop, and improve the Service, including generating Deliverables;
Authenticate users, prevent fraud and abuse, and protect the rights, property, and safety of Klorra, our customers, and the public;
Process billing, manage subscriptions, send transactional notices, and provide customer support;
Comply with applicable law and respond to lawful requests from public authorities;
Send product updates, surveys, or marketing communications. Subscribers can opt out of non-transactional emails by following the unsubscribe link or emailing privacy@klorra.ai;
Conduct internal research, analytics, model evaluation, and product development.

4. AI Processing

Klorra's AI inference provider (currently Anthropic, PBC) operates a commercial API whose terms applicable to Klorra do not use customer prompts or completions to train foundation models. Klorra passes through this protection but does not independently warrant the upstream provider's terms or performance. If Klorra changes inference providers, Klorra will use commercially reasonable efforts to select a provider with substantially equivalent terms.

To generate Deliverables, Klorra transmits limited extracts of Subscriber Content to its AI inference provider operating in United States data centers. Klorra does not itself train, fine-tune, or otherwise improve any general-purpose machine-learning model using identifiable Subscriber Content.

Klorra may compute, retain, and use anonymized, aggregated metrics derived from Subscriber Content for product analytics, capacity planning, internal model evaluation, quality benchmarking, and any other lawful business purpose. These metrics are not personally identifying and are not attributable to any single customer or project.

We do not sell or "share" personal information for cross-context behavioral advertising. We disclose information only as follows:

Subprocessors. Vendors that support the Service, listed at klorra.ai/subprocessors.
Within the Subscriber organization. Account information and Deliverables are visible to authorized users of the Subscriber's account.
Legal & safety. When Klorra in good faith determines that disclosure is required by law, valid legal process, or appropriate to protect the rights, property, or safety of Klorra, our customers, or the public.
Business transfers. In connection with any merger, acquisition, financing, reorganization, bankruptcy, or sale of all or any portion of our assets.
With Subscriber direction. When the Subscriber instructs us to do so.

6. Subprocessors

The current list of subprocessors is published at klorra.ai/subprocessors. Klorra may add, remove, or replace subprocessors at any time, in its sole discretion, without prior notice except where advance notice is expressly required by applicable law or by an executed Data Processing Addendum.

7. Plan-File Handling & Security

Plan files and other Subscriber Content are encrypted in transit and at rest using industry-standard methods, and are stored in access-controlled cloud storage in United States regions. Klorra maintains administrative, technical, and physical safeguards reasonably designed to protect personal information against unauthorized access, use, alteration, disclosure, or destruction. NO SYSTEM IS PERFECTLY SECURE, AND KLORRA DOES NOT WARRANT OR GUARANTEE THE SECURITY OF SUBSCRIBER CONTENT, ACCOUNT DATA, OR ANY PERSONAL INFORMATION.

Plan files leave the Klorra environment only to the extent necessary to invoke the AI inference provider and supporting subprocessors, in each case over encrypted connections subject to that provider's applicable terms.

8. Data Retention

We retain personal information and Subscriber Content for as long as is reasonably necessary for our business purposes, to provide the Service, to comply with our legal, tax, accounting, audit, and regulatory obligations, to resolve disputes, to enforce our agreements, and for the establishment, exercise, or defense of legal claims. Specific retention periods vary by data category and are determined by Klorra in its sole discretion based on these factors. Backups, archived logs, and other system copies may persist beyond active deletion in the ordinary course.

9. Your Rights

Depending on the jurisdiction, individuals may have rights under applicable law to:

Request access to the personal information we hold;
Request correction of inaccurate or incomplete personal information;
Request deletion of personal information, subject to the exceptions provided by applicable law;
Request a portable copy of personal information;
Object to or restrict certain processing, or withdraw consent where processing is based on consent;
Opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising), and limit the use of sensitive personal information;
Be free from unlawful discrimination for exercising privacy rights;
Designate an authorized agent to make a request, subject to verification.

Where Klorra is a processor / service provider, requests should be directed to the relevant Subscriber. Klorra will assist Subscribers in responding to verifiable consumer requests as required by applicable law. To exercise rights directly with Klorra, email privacy@klorra.ai. We will respond within the timeframe required by applicable law (generally forty-five (45) days under the CCPA, with the extensions permitted by statute) and may need to verify the requestor's identity before acting.

10. State-Specific Notices (United States)

10.1 California Residents (CCPA / CPRA)

Klorra acts as a "service provider" under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), with respect to personal information incidentally embedded in Subscriber Content. Klorra (a) processes such personal information only to perform the services described in the Terms, (b) does not sell or share such personal information, (c) does not retain, use, or disclose such personal information for any purpose other than the specific purposes set out in the Terms or as otherwise permitted by the CCPA, and (d) does not combine such personal information with personal information from other sources except as permitted by the CCPA. We do not use or disclose sensitive personal information for purposes that require an opt-out under the CCPA. Klorra will respond to verified consumer requests within forty-five (45) days, with up to an additional forty-five (45) days where reasonably necessary as permitted by the CCPA.

10.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and Other State Laws

Klorra acts as a "processor" with respect to personal data processed on behalf of a Subscriber that is a "controller" under these state laws. Klorra processes personal data only on the Subscriber's documented instructions. Subscribers entering into a Klorra Data Processing Addendum will receive the contractual commitments required by these laws.

10.3 New York (SHIELD Act) and Other State Security Laws

Klorra maintains reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of personal information, consistent with the New York SHIELD Act, the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00), and similar state requirements. We notify affected individuals and applicable regulators of security breaches as and to the extent required by applicable law.

10.4 Do Not Track / Global Privacy Control

Klorra does not engage in cross-context behavioral advertising and therefore does not modify its practices in response to Do-Not-Track signals. We honor verified Global Privacy Control signals to the extent required by applicable law.

10.5 Florida

Klorra is headquartered in the State of Florida. Florida residents have the rights described in Section 9 to the extent provided by applicable Florida law, including the Florida Digital Bill of Rights to the extent it applies to Klorra. The Florida Information Protection Act (Fla. Stat. § 501.171) governs Klorra's breach-notification practices for incidents involving Florida residents' personal information.

11. Children's Privacy

The Service is intended for use by construction professionals and is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete it. Contact privacy@klorra.ai if you believe a child has provided us personal information.

12. International Users

Klorra operates the Service from the United States, and Subscriber Content and account data are processed on infrastructure located in the United States. The Service is not offered or directed to customers outside the United States. If you access the Service from outside the United States, you do so at your own initiative and acknowledge that your information will be transferred to and processed in the United States. Klorra makes no representation that the Service complies with the General Data Protection Regulation, the UK GDPR, or any other non-U.S. data-protection regime.

13. Changes to this Policy

Klorra may update this Privacy Policy at any time by posting an updated version at klorra.ai/privacy with a revised "Last Updated" date. Klorra will provide such notice of material changes as is required by applicable law. Continued use of the Service after the effective date constitutes acceptance.

14. Contact

Privacy questions, data-rights requests, and security reports: privacy@klorra.ai. Legal notices: legal@klorra.ai. Mailing address: Klorra LLC, Naples, Florida 34104, USA.