Clynt.ai

Privacy

Privacy Policy

Last updated: May 24, 2026

Clynt is a software tool for U.S. immigration attorneys. This page explains, in plain language, what data we collect, why we collect it, where it goes, how long we keep it, and the rights you have over it. We wrote it against the actual behavior of our code — not a template.

Contents12 sections
  1. 01Who we are
  2. 02Data we collect about you (the attorney)
  3. 03Data you ask us to store about your clients
  4. 04Where your data goes
  5. 05How we secure your data
  6. 06Cookies, analytics, and tracking
  7. 07How long we keep data
  8. 08Your rights and how to exercise them
  9. 09International users
  10. 10Children
  11. 11Changes to this policy
  12. 12Contact

1. Who we are

Clynt is operated by Clynt, the company behind clynt.ai and the Clynt Chrome extension. When this policy says “Clynt,” “we,” “us,” or “our,” it refers to that operator. When it says “you” or “your,” it refers to the attorney or law-firm staff member who creates and uses a Clynt account.

The Clynt product has two parts. The Chrome extension watches the EOIR portal while you use it and captures the hearings it shows you. The web app at clynt.ai stores those hearings in your account and lets you manage them, export them, sync them to your calendar, and message your clients. This policy covers both.

2. Data we collect about you (the attorney)

When you create a Clynt account, we collect:

  • Your email address — used to sign you in, send you product emails (see §4), and identify you to our payment processor.
  • Your first name, last name, and organization — what you typed into the sign-up form. We store these on your account record.
  • A password — handled and stored by Supabase, our authentication provider (see §4). We never see your password in plaintext.

When you sign in, we set a session cookie scoped to the clynt.ai domain. The cookie is HTTP-only (a script on the page cannot read it), is sent only over HTTPS, and uses theSameSite=Lax attribute. It is the only cookie we set.

When you connect Google Calendar, Outlook Calendar, or Gmail through Clynt, we store an OAuth access token and refresh token for that connection. These tokens let Clynt act on your behalf within the scope you granted at the consent screen — nothing more. We do not store your Google or Microsoft password. See §5 for how those tokens are protected.

When you subscribe, our payment processor Stripe collects your payment information directly through its hosted checkout. We do not see or store your card number, CVC, or billing address. Stripe shares back a customer identifier and your subscription status, which we keep so we can recognize your plan.

We do not collect your physical location, your phone number, your browsing history, or any data about how you use other websites.

3. Data you ask us to store about your clients

To do its job, Clynt stores data about the immigration clients whose hearings you track. This information is your clients' — not Clynt's. We treat it as such.

When the Chrome extension captures a hearing from your authenticated EOIR session, it sends the following fields to your Clynt account:

  • The respondent's A-Number (alien registration number) and full name
  • The hearing's date and time, type, and medium (in-person, video, etc.)
  • The assigned immigration judge's name
  • The courthouse address and EOIR location code

If you add your client's contact information to a hearing, we also store that contact's phone number, email address, and any notes you add. If you write notes or checklist items on a hearing, we store those exactly as you typed them.

We capture this data only from EOIR sessions you are already authenticated in. The Chrome extension never sees your EOIR username or password, never logs you in on your behalf, and never accesses pages you are not already looking at. The compliance details are described in our Chrome Web Store listing and in the source of the extension itself.

When you connect Gmail and enable case-notice ingestion, Clynt reads emails that match a query for EOIR / DOJ messages and extracts the hearing-relevant fields. Gmail message bodies are not stored in our database; we keep only the extracted hearing data and a reference to the original Gmail message ID.

If you delete a hearing, change a respondent's name, or otherwise edit a record, we keep a timestamped change history of what changed and when. That history is private to your account; only you can see it.

We do notuse any artificial-intelligence provider on your data today. The database includes columns that are reserved for future AI-assisted features, but no AI service is called from any code path at the time this policy was written. If that changes, this policy will be updated and you'll be notified.

4. Where your data goes

We share data only with the service providers we need to run Clynt. Each one is listed below with a description of what we send them and why. We do not sell your data, share it with advertisers, or hand it to anyone outside this list.

SupabaseData & auth
Hosts the database that stores everything in §2 and §3, and manages your password and login sessions. Connections are encrypted in transit. Data is stored in the United States. Supabase acts as our processor.
Stripe and Stripe TaxPayments
Processes your subscription payments. Stripe receives your email address, the plan you choose, and the payment information you enter on Stripe's own checkout page. Stripe Tax collects address information to compute applicable tax. Stripe is independently certified at PCI Service Provider Level 1.
Google (Calendar and Gmail) — only if you connect themOptional
If you connect Google Calendar, Clynt uses the OAuth scope you granted to read your calendar list and to create, update, and delete calendar events for the hearings you push. If you connect Gmail, Clynt uses the OAuth scope you granted to read EOIR-matching messages and (in the future, when the feature ships) to send messages to your clients from your own Gmail address. You can disconnect either at any time from the Calendar settings page in Clynt.
Microsoft (Outlook Calendar) — only if you connect itOptional
Same role as Google Calendar above, but for Outlook / Microsoft 365 calendars, via the Microsoft Graph API.
ResendEmail
Sends Clynt's operational emails to you: today, only the welcome email at sign-up. As more product emails are wired up (payment notifications, cancellation confirmations, retention reminders), they will also go through Resend. Resend receives your email address and the contents of the message. Resend is operated in the United States.
VercelHosting
Hosts the clynt.ai web app and serves every page request. Vercel sees the standard request data any web host sees: your IP address, the page you requested, and your browser's user-agent string. Vercel also stores function logs that may include error messages from the application. Vercel is operated in the United States.

We may add or change service providers in the future. When we do, we'll update this list before the change goes live.

5. How we secure your data

All connections to clynt.ai and to our service providers use TLS encryption. Your session cookie is set withHttpOnly, Secure, and SameSite=Lax attributes.

Database rows in Supabase are protected by row-level security policies that ensure one attorney cannot read or modify another attorney's data. Server-side actions that bypass these policies (for example, processing a Stripe webhook) are limited to the narrow operations they need to perform.

OAuth tokens for Google Calendar, Outlook, and Gmail are encrypted at rest using AES-256-GCM with a key held by the Clynt application server, separate from the database itself. The plaintext tokens are decrypted in memory only when needed and are never written to logs.

No security program is perfect. We work continuously to improve ours. If you believe you have found a security issue, please email us at security@clynt.ai and we will respond promptly.

6. Cookies, analytics, and tracking

We use one cookie: the Supabase session cookie that keeps you signed in. It is HTTP-only, Secure, and SameSite=Lax. It does not track you across other websites.

We do not use Google Analytics, Mixpanel, Amplitude, PostHog, Heap, Segment, Hotjar, FullStory, or any other analytics or session-replay service. We do not run any third-party trackers, fingerprinting scripts, or advertising pixels on clynt.ai. We do not use Vercel Analytics.

The web app stores two small preferences in your browser's local storage: whether the sidebar is collapsed, and the scope you last used for an export. These are convenience settings; they never leave your device.

The Chrome extension stores hearing data locally in your browser's IndexedDB so it can show you a quick preview and continue working when offline. That local copy is deleted when you uninstall the extension.

7. How long we keep data

We keep your account data for as long as your account is open. We keep the hearings, clients, and notes you store in your Clynt account so that the system is useful to you over the lifetime of each immigration case.

A few categories of data behave differently and we want you to know:

  • Change history. When you edit a hearing or a contact, we keep a timestamped record of the prior value so you have an audit trail. These records remain even after the underlying hearing is deleted.
  • Stripe webhook logs. For accounting and dispute resolution, we keep a copy of the subscription events Stripe sends us. These records include your account email and Stripe customer identifier and are retained indefinitely unless you ask us to delete them.
  • OAuth tokens after a disconnect. When you disconnect Google Calendar, Outlook, or Gmail from Clynt, the connection is marked as removed and Clynt stops using it immediately. The encrypted token record is retained for a short period to support reconnecting without re-authorizing every scope. If you want the stored tokens deleted immediately on disconnect, please email us — see §8.
  • Email delivery metadata.Resend, our email provider, retains delivery metadata about transactional emails (sent, delivered, opened) per Resend's own retention policy.

If you close your account, see §8 for how to request full deletion.

8. Your rights and how to exercise them

You have the following rights over your data. To exercise any of them, email us at privacy@clynt.ai from the email address associated with your Clynt account.

  • Access.You can see all the data on your Clynt account at any time by signing in. If you need a machine-readable export, ask us and we'll send it.
  • Correction.You can edit every field you control directly in the app. If you find an error in something you can't edit, ask us and we'll correct it.
  • Deletion.You can ask us to delete your account and the data associated with it. We don't have a self-service delete button yet — for now, email us and we'll act on your request within 30 days. We'll also delete your customer record from Stripe. Some records (Stripe webhook events, anonymized invoices) may be retained where the law requires us to keep them.
  • Portability. You can request a copy of your account data in JSON form.
  • Withdraw consent.You can disconnect Google Calendar, Outlook, or Gmail at any time from the Calendar settings page. You can also revoke Clynt's access directly with Google or Microsoft.
  • Complain.If you believe we've mishandled your data, you may file a complaint with your jurisdiction's data-protection authority.

9. International users

Clynt is built for U.S. immigration attorneys, and our servers are located in the United States. If you access Clynt from outside the United States, your data is transferred to and processed in the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the standard contractual clauses with our processors (Supabase, Stripe, Resend, Vercel) to legitimize this transfer.

10. Children

Clynt is a tool for licensed attorneys and law-firm staff. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with information, please contact us and we'll delete it.

11. Changes to this policy

We'll update this page when our practices change. Material changes (a new processor, a new category of data, a new use of your data) will be announced by email to your account address before the change takes effect. Editorial changes (clarifications, formatting) may be made without notice; the “Last updated” date at the top of this page reflects the most recent change.

12. Contact

For privacy questions or to exercise any right above: privacy@clynt.ai.

For security reports: security@clynt.ai.

For everything else: hello@clynt.ai.