Plain-language summary
- We collect only what we need to run the platform: account info, the ideas and comments you post, votes, and basic usage logs.
- Your published ideas are public. Your email address and private messages are not.
- AI models process your idea content to structure, research, moderate, and rank it.
- You can request access, correction, or deletion of your personal data.
- We do not sell your data.
1. Who we are
Clap Ideas (“the Platform,” “we,” “us”) is an AI-powered global idea democracy and future-technology lab operated by CLAPPE Inc., based in Canada. As the operator, CLAPPE Inc. is the controller of the personal data processed on the Platform. Canadian privacy law (the federal PIPEDA and Alberta’s Personal Information Protection Act) applies to us, alongside other privacy laws where they apply to you (see §9). Any Data Protection Officer or regional representative required by law will be confirmed on formal launch.
Registered address: CLAPPE Inc., Suite C, 16644 - 71 St, Edmonton, AB T5Z 0N5, Canada.
Contact for privacy matters — by email only; we do not offer telephone support: privacy@clapideas.com
2. Data we collect
2.1 Account data
- Name or display name
- Email address
- Hashed password (Argon2id — we never store plain-text passwords)
- Profile information you choose to add (bio, avatar, location, links)
- Account creation date and last login
2.2 Public contribution data
All ideas, comments, pathway proposals, votes, follows, and project/event records you create are stored. Published ideas are public records and appear in search results, feeds, and via our API.
2.3 AI processing data
When you submit or interact with an idea, your content is processed by AI systems for structuring, research, duplicate detection, moderation, ranking, and summarisation. AI processing logs (model used, prompt version, input/output hash, token counts, latency, cost, status) are retained for audit, safety, and transparency purposes.
2.4 Donation and payment data
Donations are processed by Stripe and collected by CLAPPE Inc.(the platform operator) on behalf of Clap Ideas. Your card details are entered on Stripe’s secure checkout and never reach our servers. We receive confirmation records (amount, date, currency, the donation type, anonymised card metadata, and Stripe customer, charge, and subscription IDs) so we can issue receipts and manage recurring donations. Your card or bank statement shows CLAPPE INC. See our Donation, Sponsorship & Refund Policy and the Stripe Privacy Policy for more.
2.5 Usage and log data
- IP address (may be hashed or truncated after processing)
- User-agent string
- Page requests, API calls, timestamps
- Session tokens (HTTP-only, Secure cookies)
- Error logs and performance telemetry (OpenTelemetry)
2.6 Moderation and safety data
Reports you make, appeals you file, and moderation actions on your content are logged for safety and audit purposes.
2.7 Legal compliance data
Policy acceptance records, privacy requests, copyright notices, and safety reports.
3. How we use your data
| Purpose | Legal basis (GDPR/UK GDPR) |
|---|---|
| Providing the Platform (hosting, authentication, idea management) | Contract performance |
| AI analysis (structuring, research, moderation, ranking, duplicate detection) | Contract performance / legitimate interests |
| Safety and abuse prevention | Legitimate interests / legal obligation |
| Analytics and platform improvement | Legitimate interests |
| Policy compliance and legal requests | Legal obligation |
| Email communications (account, transactional) | Contract performance / legitimate interests |
| Donations processing | Contract performance |
4. AI providers and subprocessors
To deliver AI and platform features, some of your content is sent to service providers that act as data processors under our instructions:
| Provider | Purpose | Data shared |
|---|---|---|
| Google (Gemini models, via Google’s API) | Idea structuring, research briefs, quality scoring, duplicate and moderation classification, and project/event drafts | The idea, comment, or draft text being analysed, plus minimal metadata |
| Stripe | Card payment processing for donations | Payment and transaction data (no full card number reaches us) |
| CLAPPE Inc. | Collecting donations as the platform operator | Donation and receipt records |
| Sentry | Error monitoring and diagnostics | Error/diagnostic data, with personal-data scrubbing turned on |
Text embeddings used for duplicate detection and search are computed on our own systems— they are not sent to a third-party AI provider. Account and notification email is sent through a mail server we operate on the clapideas.com domain. Our database and cache run on infrastructure we control; the hosting region is confirmed at launch.
We choose providers that protect your data and do not use it to train their own models without authorisation. A full, dated subprocessor list is maintained in our Data Processing Addendum and finalised before launch.
5. Data sharing
We share data:
- With AI model providers and infrastructure subprocessors as described in §4.
- With Stripe for payment processing.
- With law enforcement or regulatory bodies when required by law or to protect safety.
- With successors in connection with a merger, acquisition, or asset sale (with notice).
We do not sell your personal data to third parties for advertising or marketing purposes.
Published ideas, comments, and public profile information are visible to all users and to the general public.
6. Data retention
| Category | Retention |
|---|---|
| Account data | Until account deletion, then 30 days before purge |
| Published ideas and comments | Retained as part of the public record; may be anonymised on deletion |
| AI processing logs | 24 months (safety and audit) |
| Usage/server logs | 90 days |
| Payment records | As required by financial regulations (typically 7 years) |
| Moderation/safety records | Duration of legal hold if applicable, otherwise 3 years |
| Policy acceptance records | Duration of account + 2 years |
7. Deletion and account closure
You may delete your account at any time. On deletion:
- We remove your personal identifiers (email, password, private profile data).
- Published ideas and comments may be anonymised rather than deleted, to preserve the integrity of public discussions and attribution history.
- Payment records are retained as required by law.
To request data deletion: privacy@clapideas.com
8. Security
We implement appropriate technical and organisational security measures, including Argon2id password hashing, HTTP-only Secure session cookies, TLS/HTTPS for all data in transit, rate limiting and abuse defences, and audit logs for sensitive actions.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you and relevant authorities as required by applicable law.
9. Your rights
Your rights depend on where you live. The summary below is a multi-jurisdictional baseline; for a region-by-region breakdown and how to file a request, see our Regional Privacy Rights Notice. You can submit any request using our privacy request form.
9.1 EEA / UK (GDPR / UK GDPR)
Access, rectification, erasure, restriction, portability, objection to legitimate-interest processing, rights related to automated decision-making, and the right to lodge a complaint with a supervisory authority.
9.2 California (CCPA/CPRA)
Know what personal information is collected and how it is used; delete personal information; correct inaccurate personal information; opt out of sale or sharing (we do not sell personal information); limit use of sensitive personal information; non-discrimination for exercising privacy rights.
9.3 Canada (PIPEDA)
Access, correction, and deletion of personal information; withdraw consent where processing is consent-based.
9.4 Other regions
We aim to respect data subject rights consistent with applicable law in your jurisdiction. Submit requests to privacy@clapideas.com.
10. Automated decision-making and AI moderation
AI systems may make automated decisions that affect your content or account, including classifying content for safety, detecting duplicates, scoring and ranking ideas, and applying content labels. These decisions may be reviewed by human administrators. You may appeal moderation decisions through our Moderation, Enforcement, and Appeals Policy.
Where GDPR Article 22 applies (solely automated decisions with significant effects), we provide a meaningful human-review pathway.
11. Children and minors
You must be at least 16 years old to use Clap Ideas. We do not knowingly collect personal data from children under 13. Users aged 16 to 18 should review our Children, Minors & Age Policy, which also covers student use and how a parent or guardian can request deletion.
12. Changes to this policy
We will notify you of material changes. Continued use of the Platform after the effective date constitutes acceptance.