Privacy Policy

CanaryAlert is operated by Smash Ventures LLC. When we say “we,” “us,” or “our” in this policy, we mean Smash Ventures LLC.

We collect only what is necessary to provide the service:

• Account information — your name and email address, provided when you sign up via Clerk (our authentication provider).
• Forwarded notification emails — emails you forward to your CanaryAlert source addresses for classification. These are stored temporarily in AWS S3 and automatically deleted after 90 days.
• Classification events — the AI classification result (success/failure/warning), confidence score, reasoning, and extracted metrics for each email. Stored in DynamoDB with a 90-day TTL.
• Source configuration — source names, classification rules, schedule settings, and alert preferences you configure.
• Billing information — payment details are collected and stored by Stripe. We store only your Stripe customer ID and subscription ID, never your card number.

• Classify your forwarded emails using AI to determine system health.
• Send you alerts (email, Slack, or webhook) when issues are detected or expected emails are missing.
• Display your source health and event history on your dashboard.
• Send digest summary emails if you have enabled them.
• Process billing through Stripe.

Forwarded emails are classified using the Anthropic API (Claude). Email content is sent to the API for classification and is not used to train AI models. Anthropic’s API usage policy prohibits using API inputs for model training. We use Claude Haiku for classification, optimized for speed and cost.

• All data is processed and stored in AWS us-east-1 (N. Virginia).
• Data is encrypted at rest (AWS default encryption for S3 and DynamoDB).
• Data is encrypted in transit (TLS/HTTPS for all connections).
• Raw emails are automatically deleted after 90 days via S3 lifecycle policy.
• Event records are automatically deleted after 90 days via DynamoDB TTL.

We use only strictly necessary cookies for authentication session management (set by Clerk). We do not use analytics, tracking, or advertising cookies. No cookie consent banner is required because all cookies are essential for the service to function.

We share data with the following services only as needed to operate:

• AWS (Amazon Web Services) — infrastructure, email receiving, data storage, and email sending.
• Clerk — authentication and user management.
• Anthropic — AI email classification via API.
• Stripe — payment processing.
• Sentry — error monitoring (no personal data is intentionally sent; stack traces may include request metadata).

We do not sell or share your data with anyone else.

• Raw emails: automatically deleted after 90 days.
• Event records: automatically deleted after 90 days.
• Account and source configuration: retained until you delete your account or sources.
• Billing records: retained by Stripe per their retention policy.

You can at any time:

• View all your data on the dashboard.
• Delete individual sources and their associated events.
• Export your event history from the dashboard.
• Delete your account by contacting us at support@canaryalert.io.

If you are in the EU/EEA, you also have rights under the GDPR including access, rectification, erasure, and data portability. Contact us to exercise these rights.

We may update this policy from time to time. We will notify you of material changes by email or a notice on the dashboard. The “last updated” date at the top reflects the most recent revision.

Questions or concerns? Email us at support@canaryalert.io.