Privacy Policy
Last updated: 4 July 2026
1. Introduction
Clear Canopy (we, us, our) provides a platform for financial advisers to map family wealth structures and model estate planning scenarios. We take privacy seriously: the Service is built to hold sensitive personal and financial information about our customers’ clients and their families.
This policy explains how we collect, hold, use and disclose personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to our websites, apps and related services (the Service).
2. Information we collect
Account information — name, email address, practice details (including AFSL and ABN), and login credentials, collected when you register or are invited to a practice.
Client Data— information our adviser customers enter or upload about their clients and clients’ family members, which may include names, dates of birth, family relationships, health-adjacent status (such as incapacity), estate planning documents (wills, powers of attorney, binding death benefit nominations, trust deeds) and financial details (superannuation, assets, liabilities and income). We collect this on behalf of the adviser, who is responsible for having a lawful basis to provide it.
Billing information — subscription and payment details. Card details are collected and held by our payment processor, Stripe; we do not store full card numbers.
Usage information — logs, device and browser details, and analytics about how the Service is used, to keep it secure and improve it.
3. How we use information
- to provide, operate and secure the Service;
- to process documents and text with AI features when you request it;
- to manage subscriptions, billing and support;
- to send service emails such as invitations, receipts and important notices;
- to monitor performance, prevent abuse and improve the Service;
- to comply with our legal obligations.
We do not sell personal information, and we do not use Client Data to train AI models.
4. Storage and third-party processors
We use a small number of trusted service providers to operate the Service. Each processes information only as needed to provide their service to us:
- Supabase — database, authentication and file storage. All application data, including Client Data and uploaded documents, is stored with Supabase.
- Anthropic — AI processing. Content you submit to AI features (for example meeting notes or uploaded documents) is sent to Anthropic’s API to generate the requested output.
- Stripe — subscription payments and billing.
- Resend — transactional email delivery (such as invitations and account emails).
Some of these providers store or process information outside Australia (including in the United States). Where information is disclosed overseas, we take reasonable steps consistent with APP 8 to ensure it is handled in accordance with the APPs.
5. Security
We protect information with measures including encryption in transit and at rest, row-level security so each practice can only access its own data, role-based access for team members and invited collaborators, and audit logging of changes to family records. No system is perfectly secure, so we also encourage strong, unique passwords.
6. Retention and deletion
We retain information while your account is active. You can export all of your practice’s data at any time from Settings, and you can delete individual records within the Service. If you close your account, we will delete or de-identify your data within a reasonable period, except where we must retain it to comply with law or resolve disputes.
7. Access and correction
You may request access to, or correction of, the personal information we hold about you by contacting us. If you are a client of an adviser who uses Clear Canopy, your information is managed by that adviser — we will refer requests about Client Data to the relevant practice where appropriate, and assist them to respond.
8. Cookies and analytics
We use cookies that are necessary to sign you in and keep your session secure. If enabled, we use privacy-friendly, cookieless analytics to understand aggregate usage of our public pages; this does not identify individual visitors.
9. Data breaches
We maintain a data breach response process consistent with the Notifiable Data Breaches scheme under the Privacy Act. If a breach is likely to result in serious harm, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as required.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email or in-app notice, and the “last updated” date above will be revised.
11. Contact and complaints
Questions, requests or complaints about privacy can be sent to support@clearcanopy.com.au. We will respond within a reasonable period. If you are not satisfied with our response, you may complain to the OAIC at oaic.gov.au. This policy is governed by the laws of Victoria, Australia.