Privacy Policy

1.Who we are

Y Assurance PLLC (the “Firm,” “we,” “us,” or “our”) is a CPA firm licensed by the Texas State Board of Public Accountancy. The Firm owns and operates the Chiaro MCP server (the “Service” or “Chiaro”).

This Privacy Policy applies to information collected through chiarohq.com and the Service. Information collected in the course of an audit or advisory engagement is governed by the engagement letter between you and the Firm.

Contact: privacy@chiarohq.com.

2.What we collect

Contact information. When you request research access or contact us, we collect your name, email address, company, and any details you choose to share.

Account and access data. When you connect to the Service, we collect the bearer token associated with your account and logs of which MCP tools you call.

Usage telemetry. MCP tool calls, timestamps, request and response sizes, and error logs. We use this to monitor the Service and diagnose issues.

Website analytics. Standard server logs (IP address, user agent, referrer, pages visited) when you browse chiarohq.com.

We never collect credentials. When the Service uses commands, those commands run on your machine. Only the output reaches us.

3.How we use this information

To provide access to the Service
To monitor Service performance and fix bugs
To communicate with you about your account or requests
To understand how people use chiarohq.com
To meet our legal and professional obligations

We do not sell your data. We do not use contact information or telemetry for third-party advertising.

4.Where data lives

Information described in this policy is stored on Supabase in the United States and on hosting infrastructure operated by Railway and Vercel. Access is restricted to Firm personnel.

5.Who has access

Firm personnel with a legitimate operational need
Supabase (as our data processor for storage)
Railway and Vercel (as our infrastructure providers)

Each provider is bound by its standard data processing terms. We do not share your data with advertisers, data brokers, or unrelated third parties.

6.How long we keep data

Contact information, account records, and product telemetry are retained for as long as they remain useful for the purposes described in Section 3, then purged.

Records maintained as part of an audit or advisory engagement are retained as set out in the engagement letter and as required by applicable professional standards.

7.Your rights

If you are in California, the European Union, the United Kingdom, or another jurisdiction that grants you data rights, you have the right to:

Access the data we hold about you
Correct inaccurate data
Delete data (subject to legal and professional retention obligations)
Port your data to another provider
Object to certain processing

Email privacy@chiarohq.com to exercise any of these rights. We respond within 30 days.

8.Cookies

chiarohq.com uses only essential cookies required for functionality. We do not use advertising cookies, and we do not embed third-party trackers.

9.International users

If you access chiarohq.com or the Service from outside the United States, information about you will be transferred to and processed in the United States. By using the site or the Service, you consent to this transfer.

10.Changes to this policy

We may update this policy from time to time. The “Effective” date above reflects the most recent update.

11.Contact

Questions about privacy: privacy@chiarohq.com