Security overview
Plain-language explanation of how ClearTask handles your data — written for users, IT teams, and anyone who needs to approve it.
TL;DR
Architecture
ClearTask is a Chrome extension that runs entirely in your browser. It uses a Bring Your Own Key (BYOK) model — you provide your own API key from an AI provider such as Anthropic (Claude) or OpenAI, and all processing happens via a direct connection between your browser and that provider.
There is no ClearTask backend server that handles email content. The extension reads the email you’re currently viewing in Gmail or Outlook web, sends it to the AI provider you’ve configured, and displays the result in the extension panel.
Data flow
Chrome extension permissions
ClearTask requests only the permissions needed to function. Here’s a plain-language explanation of each one and why it’s needed.
| Permission | What it does | Why ClearTask needs it |
|---|---|---|
| activeTab | Access the content of the tab you’re viewing when you click the extension. | Reads the email body to send for clarification. |
| storage | Save data locally in Chrome’s extension storage. | Stores your API key, preferences, and task history on your device. |
| Host permissions (mail.google.com, outlook.live.com, outlook.office.com) |
Run on specific websites. | Injects the “Clarify” button into Gmail and Outlook web interfaces. |
🔍 What ClearTask does NOT request
ClearTask does not request broad host permissions (access to all websites), identity (your Google account), cookies, history, bookmarks, or any permission beyond what’s listed above.
What’s stored and where
💾 On your device (Chrome local storage)
API key — encrypted in Chrome’s extension storage. Never transmitted to ClearTask.
User preferences — your settings (provider choice, export preferences, sensitive email rules).
Task history — captured tasks are stored locally so you can review and export them.
Life balance data — commitment categories and counts (Pro plan).
☁️ On ClearTask servers
Account and subscription status — if you upgrade to Pro, we store a record of your subscription (email, plan, billing status). Payment is handled by Stripe.
Nothing else. No email content. No API keys. No task data. No usage logs tied to email content.
🤖 With your AI provider
When you click “Clarify”, the email content is sent to your chosen AI provider under your API key and their terms of service. Data retention depends on the provider you choose:
Anthropic (Claude): API inputs are not used for training by default. See Anthropic’s privacy policy.
OpenAI: API inputs are not used for training by default (since March 2023). See OpenAI’s enterprise privacy.
User controls
ClearTask gives you control over what gets processed and what doesn’t.
Skip sensitive emails
Enable “Sensitive content” mode to skip processing on emails that match rules you define — for example, emails from specific senders, domains, or containing keywords. The “Clarify” button is replaced with a reminder that the email is in your sensitive list.
Disable on specific accounts
If you use multiple email accounts (e.g. work and personal), you can disable ClearTask on specific accounts or tenants so it only runs where you want it.
Delete your data
All locally stored data (tasks, preferences, API key) can be cleared from the extension settings page, or by removing the extension from Chrome. If you have a Pro subscription, email contact us via our support page to delete your account record.
For IT teams and workplace approvals
If an employee has asked you to approve ClearTask, here’s a summary of the key points.
📋 Quick assessment
Does email data leave the device? Yes — it is sent to the AI provider the user has configured (Anthropic or OpenAI), via a direct HTTPS connection from the browser. It does not pass through ClearTask servers.
Does ClearTask have access to the email account? No. It reads the visible page content via the activeTab permission — it cannot access the inbox, send emails, or authenticate as the user.
Can it be restricted? Yes. The extension only activates on mail.google.com, outlook.live.com, and outlook.office.com. It can also be disabled per-account by the user.
What AI provider is used? Whichever the user configures. If your organisation has an approved AI vendor, the user can use that vendor’s API key.
Third-party services
ClearTask uses a minimal set of third-party services:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing for Pro subscriptions. | Email, payment method. Stripe handles all card data — ClearTask never sees card numbers. |
| Anthropic / OpenAI | AI processing (user-configured). | Email content from the current email, sent directly from the browser under the user’s API key. |
| Chrome Web Store | Extension distribution and updates. | Standard Chrome extension metadata. |
Questions about security?
We’re happy to answer IT review questions, complete vendor questionnaires, or jump on a call.
💬 Contact Support