Last updated: 2026-06-04

Privacy Policy

This Privacy Policy explains what information Clutch AI collects, how it is used, and the rights you have regarding your information. By using the service you consent to the practices described below.

1. Information we collect

  • Account information. When you sign in we collect your email address, and (if you sign in with Google) your name and profile image as provided by Google.
  • Conversations. The text of every message you send and every response generated, including any associated metadata (timestamps, conversation titles, model used, retrieved citations).
  • Feedback. When you rate a response, we store your thumbs up/down vote, the reason category you select on a thumbs-down (for example "inaccurate" or "too generic"), and any optional free-text comment you add — linked to that response and your user record. Comments may contain personal or health detail that you choose to include.
  • Anonymous browsing identifier. Before you sign in we set a long-lived HTTP cookie (clutch_anon_id) tied to a server-side anonymous user record so your conversations are not lost between visits.
  • Waitlists. If you join a waitlist — the "Get the app" mobile form (email and platform preference) or the "Notify me" form for upcoming features — we store your email, and a link to your account when you are signed in.
  • Operational metadata. Standard server logs (IP address, user-agent, request times) for security, debugging, and abuse prevention.

2. How we use information

  • To operate the service and respond to your queries.
  • To improve the service — including reviewing aggregated and de-identified conversation patterns to refine the clinical rulebook, retrieval quality, and prompt design.
  • To improve response quality and the clinical rulebook — including reviewing the feedback (votes and comments) you provide on responses.
  • To contact you about service updates, security notices, or — if you joined the mobile waitlist — the mobile launch.
  • To detect, prevent, and respond to abuse or security threats.

3. Third parties we use

  • Resend — sends transactional email (magic-link sign in, waitlist confirmations). Your email is shared with Resend for delivery purposes.
  • Google — handles OAuth sign-in when you choose "Continue with Google." Google provides us your name, email, and profile image under the scopes you approve.
  • LLM provider — your message text and relevant retrieved context are sent to a large-language-model provider (such as DeepSeek, OpenAI, or similar) to generate the response. We minimise what is sent to what is needed to produce the answer.
  • Database hosting — your account, conversations, and waitlist record are stored with a managed Postgres provider.

We do not sell your personal information. We do not use your conversation contents for advertising.

4. Data retention

Account and conversation data are retained for as long as your account exists. Anonymous-user conversations are retained for up to 12 months from last activity. You may request deletion at any time (see section 6). After deletion, residual copies may persist in encrypted backups for up to 90 days before being overwritten.

5. Cookies

Clutch AI uses cookies for the following purposes only:

  • Authentication. Session cookies issued by our auth provider (NextAuth) to keep you signed in.
  • Anonymous identity. clutch_anon_id — links a pre-sign-in visitor to their conversations.
  • Theme preference. Stores your light/dark mode choice.
  • Disclaimer acknowledgment. clutch:disclaimer:acknowledged — records that you have read and accepted the medical disclaimer.
  • Sidebar preference. clutch:sidebarCollapsed (stored in localStorage rather than a cookie).

We do not use third-party advertising or analytics cookies.

6. Your rights

You may request access to, correction of, or deletion of your personal information at any time by emailing privacy@clutch.ai. Depending on your jurisdiction, you may also have the right to data portability and to lodge a complaint with a supervisory authority.

7. Security

We use industry-standard practices to protect your information, including TLS for transport, encrypted database storage at rest, and scoped credentials for third-party integrations. No service can guarantee absolute security; you use Clutch AI at your own risk.

8. Children

Clutch AI is not directed at children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, email us at the address below.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced in-product or by email when reasonable.

10. Contact

Privacy questions or requests can be sent to privacy@clutch.ai.