Privacy Policy
Updated: 16 July 2026
This policy explains what data NORTHLODE SRL processes through the Clarito website, and what data we do NOT collect from the app. Your accounting data stays on your computer.
1. What we collect through the site
Through the site we collect the minimum data needed for your account and payment:
Legal bases: the contract (your account and licence), a legal obligation (invoicing) and legitimate interest (site security).
- Account: your email and name, to create the account and deliver the licence key.
- Payments: processed by Stripe as the payment processor. We do not store your card details.
- Transactional emails: sent through Resend (account confirmation, licence key, invoices).
- Newsletter: your email address, only if you voluntarily subscribe on the site (basis: consent — GDPR art. 6(1)(a)). You can unsubscribe anytime by writing to our support address.
2. What we do NOT collect from the app
The accounting data you enter in the app (invoices, partners, returns, records) stays 100% local, in a SQLite database on your computer. We have no access to this data and never send it to our servers.
3. Trial-abuse prevention
When the trial period starts, the app sends our servers a device identifier as a SHA-256 hash (not the raw hardware ID), together with the email address, app version and operating system. On receipt, Cloudflare's infrastructure provides us the request's IP address, country and network (ASN). This data includes NOTHING from your accounting records.
The sole purpose is preventing abuse of the trial period (for example, repeatedly restarting the trial on the same device with different email addresses). The legal basis is legitimate interest — GDPR art. 6(1)(f), in line with Recital 47 on fraud prevention — not consent.
We apply data minimisation: the hash cannot be reversed to recover the device identifier, and the verification data is kept for at most 180 days, then deleted automatically. It is stored on Supabase in the EU region under a data processing agreement (DPA). Payments remain processed by Stripe, and the site and downloads are delivered through Cloudflare.
4. Your rights (GDPR)
You have the right to access, rectify, erase and port the data linked to your site account. You can exercise these rights by emailing a request to the support address.
You also have the right to restriction of processing and to object. If you believe the processing infringes your rights, you can lodge a complaint with ANSPDCP — the Romanian National Supervisory Authority for Personal Data Processing (dataprotection.ro).
5. Cookies
We use only essential cookies, needed for authentication and for the site to work. We do not use tracking, advertising or analytics cookies.
Concretely: authentication cookies (Supabase, essential) and your language and theme preference. We use no analytics, advertising or tracking cookies, so no consent banner is required.
6. How long we keep data
We keep account data for as long as the account exists. Data needed for invoicing is kept as required by Romanian tax law (10 years). Support emails are kept for at most 2 years.
Trial-verification data (the hashed device identifier and its associated metadata): at most 180 days, then deleted automatically.
7. Data controller
The controller of the data collected through the site is NORTHLODE SRL. For any question about data processing, you can contact us by email at the support address.