1. Introduction
Klorra AI, Inc. ("Klorra," "we," "us") provides an AI-assisted takeoff and estimating platform for custom home builders. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to klorra.ai and the Klorra application.
We collect only what we need to operate the Service, and we treat the plan sets you submit as confidential commercial work product.
2. What We Collect
2.1 Account Information
When you create an account, we collect your name, business email address, company name, and (optionally) a profile photo. If you subscribe to a paid plan, our payment processor collects billing information; we receive only a token and the last four digits of the card.
2.2 Submitted Plan Files & Project Content
When you upload a plan set, specification, or related document, we store that content along with metadata such as filename, page count, and project name. We use this content solely to generate the deliverables you request.
2.3 Usage Data
We collect basic application usage data: pages visited, features used, bids submitted, error events, and approximate IP-based location. This data is used for product analytics, security, and service reliability.
3. Plan File Handling
Plan files are encrypted in transit (TLS 1.2+) and at rest (AES-256). They are stored in access-controlled cloud storage in the United States. Only authorized Klorra personnel and the automated processing pipeline have access, and access is logged.
We do not sell, share, or otherwise disclose plan files to any third party.We do not use plan files to train, fine-tune, or improve any general-purpose AI model — neither our own nor any third party's. Plan files leave our environment only to the extent strictly necessary to invoke the AI inference provider for processing, governed by a written data-processing agreement that prohibits further use or retention.
4. Third-Party Services
Klorra uses a limited set of vetted vendors to deliver the Service:
- AI inference provider (Anthropic) — runs the language-model components of our pipeline. Plan content sent for inference is not retained or used for training under our agreement.
- Payment processor (Stripe) — handles subscription billing and stores payment instruments.
- Email delivery (Postmark) — sends transactional emails such as receipts, password resets, and deliverable notifications.
- Cloud infrastructure — hosts the application and stores account data and plan files in U.S. regions.
5. Data Retention
Account information is retained for as long as your account is active. Project deliverables and source plan files are retained for seven (7) years to support warranty, audit, and historical lookback for the Subscriber, after which they are securely deleted unless you have requested earlier deletion.
You may request deletion of any specific project at any time. Backup copies are purged on a rolling ninety (90) day cycle.
6. Your Rights
Depending on your jurisdiction, you may have the right to (a) access the personal information we hold about you, (b) correct inaccurate information, (c) request deletion of your information, (d) export your information in a portable format, and (e) object to or restrict certain processing.
To exercise any of these rights, email privacy@klorra.ai. We will respond within thirty (30) days.
7. Cookies & Tracking
We use a small number of essential cookies to keep you signed in and to maintain session state. We use a privacy-respecting analytics tool to understand aggregate usage of the Service; it does not build cross-site advertising profiles.
You can opt out of analytics in your account settings or via standard browser controls. Disabling essential cookies will prevent the Service from functioning.
8. Children's Privacy
The Service is intended for use by construction professionals and is not directed to anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided information to us, contact privacy@klorra.ai and we will delete it.
9. International Users
Klorra is operated from the United States, and all data is stored on infrastructure located in the United States. If you access the Service from outside the U.S., you consent to the transfer and processing of your information in the United States, which may have data-protection laws different from those of your country.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to the address on file and posted on this page with a revised "Last updated" date at least thirty (30) days before they take effect.
11. Contact
Privacy questions, data-rights requests, and security reports should be directed to privacy@klorra.ai.