Clasr Legal
Privacy Policy
The data controller for personal data processed through Clasr is HİLAL ŞENÇELİK (sole proprietorship), YAHŞİBEY MAH. KAPLICA CAD. 1.KAYABAŞI SK. TAYKENT APT NO: 15 İÇ KAPI NO: 2 OSMANGAZİ / BURSA, Türkiye, contact: legal@clasr.ai. Clasr operates under Türkiye's KVKK; where the GDPR applies, the same entity acts as data controller.
Version 1.0 · June 2026
Effective Date: June 2026
Published by: HİLAL ŞENÇELİK, operator of Clasr, Bursa, Türkiye
This Privacy Policy applies to clasr.ai and the Clasr manuscript signal reading Service. It explains what personal data Clasr collects, why, and what choices are available. For institutional customers, this Policy works alongside Clasr's Data Processing Agreement, available on request.
1. Who This Policy Covers
This Policy applies to anyone who visits clasr.ai, creates a Clasr account, or submits a manuscript to the Clasr Service ("you"). It is published by HİLAL ŞENÇELİK, the sole proprietor operating Clasr from Bursa, Türkiye ("Clasr," "we," or "us").
2. What Data We Collect
2.1 Account Data
When you create an account, we collect your name, email address, and, where relevant, your institutional affiliation. When paid checkout is enabled, billing information will be processed by the payment provider identified at checkout. Clasr will not directly receive or store complete payment card details.
2.2 Manuscript Data
When you submit a manuscript for analysis, we receive the manuscript file and its contents, which may include your name, the names of co-authors, institutional affiliations, and any other information contained in the manuscript text or metadata.
2.3 Usage Data
We collect data about how you use the Service, including login times, the number of readings used, the features and output modes selected, and similar interaction data.
2.4 Technical Data
We automatically collect certain technical information when you visit clasr.ai or use the Service, including IP address, browser type, device type, and similar information, some of which is collected through cookies as described in our Cookie Policy.
3. How We Use Your Data
The table below lists each purpose for which we process personal data and, where the GDPR applies, the legal basis under Article 6 GDPR.
| Purpose | Description | GDPR Legal Basis (Art. 6) |
|---|---|---|
| Service provision | Processing submitted manuscripts and generating signal reports. | Art. 6(1)(b) — performance of a contract |
| Account operation | Authentication, plan management, and customer support. | Art. 6(1)(b) — performance of a contract |
| Transactional communication | Service notices and billing receipts. | Art. 6(1)(b) — performance of a contract |
| Product updates | Optional email updates where you have subscribed. | Art. 6(1)(a) — consent |
| Service improvement | Monitoring system performance and reliability. | Art. 6(1)(f) — legitimate interest (maintaining a functioning service) |
| Legal obligations | Tax, accounting, and regulatory recordkeeping. | Art. 6(1)(c) — compliance with a legal obligation |
4. What We Do Not Do
- We do not use your manuscript content to train any artificial intelligence model, whether operated by Clasr or by any third party we work with.
- We do not sell your personal data.
- We do not share your manuscript content with any party other than the processors described in Section 6, and we do not use it for any purpose other than generating your signal report.
5. How Long We Keep Your Data
5.1 Manuscript Files
Manuscript files are processed to generate the corresponding signal report and are deleted from our active systems once that report has been generated.
5.2 Signal Reports
Signal reports are retained in your account for seven (7) days by default. You can configure this to 24, 48, or 72 hours, or set reports to delete automatically upon download. You may also delete a report manually at any time.
5.3 Account and Billing Data
Account data is retained while your account is active. After account closure, we retain account and billing records for 3 years to meet our legal, tax, and accounting obligations under Turkish law. Billing records that are required for tax purposes are retained for 10 years in accordance with Turkish tax legislation (Vergi Usul Kanunu).
6. Who We Share Data With
We work with a small number of service providers (sub-processors) to operate the Service. We do not sell or rent your personal data to anyone. All sub-processors are bound by data processing agreements or standard contractual clauses where required by applicable law.
| Provider | Legal Entity | Country | Purpose | Data Received |
|---|---|---|---|---|
| Vercel | Vercel Inc. | USA | Frontend hosting (clasr.ai) | IP address, browser and device data |
| Railway | Railway Corp. | USA | Backend application hosting | Account data, usage data, manuscript processing requests |
| Supabase | Supabase Inc. | USA | Database, user authentication, and file storage | Account data (name, email, institution), authentication credentials, manuscript files during processing |
| Anthropic | Anthropic PBC | USA | Manuscript analysis (Claude API performs the signal reading) | Manuscript text and any personal data it contains. As of the effective date of this Policy, data is processed under Anthropic's standard commercial terms, which permit time-bound retention (up to 30 days) for trust and safety purposes and prohibit model training on customer data. Clasr is working toward a Zero Data Retention arrangement; this Policy will be updated when that is in place. |
| Resend | Resend Inc. | USA | Transactional email (account confirmation, billing receipts, password reset) | Name and email address |
| Google LLC | USA | OAuth authentication (optional — only if you choose "Continue with Google") | Name and email address as provided by your Google account | |
| Payment provider | To be confirmed | TBC | Payment processing (will be identified at checkout when live payments launch) | Billing name, payment method — Clasr will not directly receive or store payment card details |
7. International Data Transfers
Because Clasr is operated from Türkiye and works with service providers located in other countries, including the United States and the United Kingdom, your data may be processed outside the country in which you are located. Where this involves a transfer of personal data subject to the EU General Data Protection Regulation to a country not recognized as providing an adequate level of protection, Clasr relies on the Standard Contractual Clauses adopted by the European Commission, details of which are available in Clasr's Data Processing Agreement upon request.
8. Your Rights
Depending on where you are located, you may have rights to access, correct, delete, or restrict the processing of your personal data, to object to certain processing, or to receive a copy of your data in a portable format.
To exercise any of these rights, contact us at legal@clasr.ai. We will respond within a reasonable time and in accordance with applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.
Clasr has not, as of the effective date of this Policy, appointed a representative in the European Union under Article 27 of the GDPR. Clasr is assessing whether the exemption under Article 27(2) GDPR applies to its processing activities (processing that is occasional, does not involve large-scale special-category data, and is unlikely to present significant risk to individuals' rights). This Policy will be updated once that assessment is complete. In the interim, the contact point for all data protection matters, including for individuals in the European Union, is legal@clasr.ai.
9. Data Security
We use technical and organizational measures designed to protect your data, including encryption of data in transit, access controls limiting who can view personal data, and automatic deletion of manuscript files after report generation. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children's Privacy
The Service is intended for users who are at least 18 years old. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, contact legal@clasr.ai and we will take appropriate steps to delete it.
11. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the updated Policy at clasr.ai/legal with a revised effective date, and, for material changes, will provide additional notice such as an email to registered users.
12. Contact Us
For questions about this Policy or how we handle your data, contact legal@clasr.ai.