Privacy Policy

Last updated: June 9, 2026

This policy explains how Clevernotes handles information when you use our beta apps, browser extension, marketing site, and related services (collectively, the "Service"). It is written to describe the product as it exists today and may change as the beta evolves.

1. What We Collect

Account details: If you create an account, we collect the information needed to sign you in and maintain the account, including your email address and, if available, your display name and profile photo.

Content you choose to capture: Clevernotes stores the notes, recordings, screenshots, files, photos, web clips, meeting captures, tasks, and other material you choose to save, along with related metadata such as timestamps, titles, entry types, and AI-generated fields. If Private Storage is enabled, sensitive content and derived AI artifacts are encrypted before they are stored in our cloud.

Meeting and audio data: When you use voice capture or meeting recording, the app accesses your microphone only with your permission. Meeting features may produce speaker labels or other speaker-related structured data. You are responsible for obtaining any consent required before recording other people.

Technical and operational data: Like most online services, our website, hosting, authentication, and backend systems may receive technical data such as IP address, browser or app version, device type, operating system, locale, timestamps, request logs, beta-request source fields, and referrer or campaign parameters needed to deliver, secure, troubleshoot, and understand beta demand for the Service.

What we do not currently collect: We do not currently run product analytics or advertising trackers on the marketing site or active beta apps. Optional crash diagnostics for the beta apps are off by default and only sent if you enable that setting.

2. How We Use Information

• Operate the Service: Store, sync, search, organize, and display your content across your devices.
• Provide AI features: Transcribe audio, analyze images and documents, create summaries, extract structured information, and power semantic features such as Sparks, CleverPal, Goals, and Habits.
• Protect the Service: Detect abuse, secure accounts, enforce limits, and troubleshoot service or sync issues.
• Communicate with you: Send service notices such as sign-in alerts, major product changes, policy updates, and support replies.
• Improve the beta: Learn from support requests, bug reports you send us directly, and day-to-day operation of the Service.

3. AI Processing

Clevernotes uses Firebase AI / Vertex AI on Google Cloud as the primary provider for AI features such as transcription, image and document analysis, summarization, memory extraction, semantic features, Sparks, Goals, Habits, and CleverPal. CleverPal also supports an optional secondary AI provider (currently xAI / Grok) that you can select from the model picker in the app.

When you use one of these features, the relevant content is sent to the selected AI provider for the requested processing. We try to send only the content needed for that task, not your entire account.

Processed results may be stored in your account alongside the original content so they can appear in the app later. For Private Storage content, those results are encrypted before cloud storage.

Some generated artifacts, such as semantic embeddings and memory data, can be controlled from Data Controls in the app. You can turn certain categories off and, where supported, request deletion of existing generated artifacts without deleting the original notes or files. For Private Storage accounts, synced memory and embedding artifacts are stored as encrypted client artifacts rather than readable server-generated records. When you run a semantic search, your query text is briefly processed by Clevernotes AI services and our AI provider to compute an embedding; for Private Storage accounts the matching against your notes happens on your device, and query text is not durably stored.

Some features, such as local storage and local indexing, run on your device. Other features require cloud processing. Private Storage changes what Clevernotes stores durably in the cloud; it does not mean selected content can never be sent to an AI provider for a processing request you initiate or allow.

Under the Google Cloud / Vertex AI service framework we rely on, customer data is not used to train Google foundation models without permission. xAI's API terms similarly do not use API input or output for model training. We also do not use your content to train our own models.

4. Private Storage

Private Storage is an enhanced privacy mode for private notes and attachments. In that mode, note content, transcripts, files, AI summaries, memory extracts, memory projections, and semantic vectors are encrypted on a trusted device before they are synced through Firebase. Clevernotes stores encrypted payloads, encrypted key envelopes, and limited operational metadata, but not a readable copy of private content.

Turning on Private Storage protects new captures from that point forward. Existing notes, and edits to them, remain in Standard storage until you run "Convert existing items" in Data Controls.

Private Storage uses device keys and an account vault key stored in the device Keychain. Trusted devices can receive encrypted vault-key envelopes so they can decrypt private notes locally. The app also supports a 24-word recovery key. If you lose every trusted device and your recovery key, Clevernotes cannot recover private notes for you.

Email capture through capture@clevernotes.ai remains a Standard cloud-processing path. When Private Storage is on, email capture is disabled or refused because forwarded email reaches Clevernotes cloud before a trusted device can encrypt it.

Private Storage does not hide all metadata. Account identifiers, timestamps, entry types, sync state, attachment counts or sizes, device public-key records, and similar operational metadata may still be visible to Clevernotes because they are needed to run sync, security, and account services.

5. Third-Party AI Assistants and MCP

Clevernotes can support optional Model Context Protocol (MCP) connections and similar external assistant workflows. These connections are not on by default.

• Opt in only: No third-party assistant can access your Clevernotes data unless you enable local access and choose to connect it.
• Local tokens: The Mac app uses named local-agent tokens for MCP connections. You can create and revoke those tokens from AI Models settings.
• Trusted agents only: MCP tools can read and write through the exposed Clevernotes tool surface, so only configure agents and coding tools you trust.
• Third-party terms apply: If you send content to another assistant or provider at your request, that provider's privacy policy and terms apply to the data it receives.
• Our role: We provide the connection path, but we cannot control how another provider handles data once it leaves Clevernotes.

6. Website Data and Storage Technologies

Marketing site: The Clevernotes marketing site does not use advertising or analytics cookies today. It stores your theme preference in your browser's local storage so the site can remember light or dark mode. If you submit a beta request, we may record the page, source label, referrer, and campaign parameters submitted with that form.

Hosting and security: Our hosting or security providers may set basic cookies or similar technical signals when needed to keep the site working, protect the service, or support form submissions. We do not use those mechanisms for cross-site profiling.

Third-party page requests: The marketing site loads Google Fonts, which means your browser may make requests to Google when pages load.

Browser extension: Our browser extension stores local state, such as sign-in state, pending uploads, cached clips, and preferences, in browser-provided local storage.

7. Storage and Security

• Cloud infrastructure: Cloud-synced data is stored on Firebase / Google Cloud infrastructure, including Firestore, Cloud Storage, hosting, and server-side functions.
• Encryption in transit: Data sent between your device and cloud services is encrypted in transit using TLS.
• Encryption at rest: Google Cloud encrypts stored data at rest.
• Private Storage: Private Storage adds client-side encryption before cloud storage for private notes, files, transcripts, summaries, memory data, and encrypted semantic vectors.
• Local-first design: Clevernotes stores working data on your device so core workflows can continue even when you are offline.
• Access controls: Firestore and Cloud Storage rules are designed so each user can access only their own synced data.

No internet-connected service can promise perfect security, but we use reasonable technical and operational safeguards for a beta product.

8. Sharing, Legal Requests, and Service Providers

We do not sell your personal information. We do not share your content for cross-context behavioral advertising, ad targeting, or data brokerage.

We share data only when needed to run the Service, when you direct us to do so, or when we are legally required to do so. For Private Storage content, our cloud records are designed to contain encrypted content rather than readable private notes. We may still be able to provide account records, operational metadata, encrypted payloads, and encrypted storage objects in response to a valid legal request.

• Google Cloud / Firebase: Hosting, authentication, database, storage, server-side processing, and AI-related infrastructure. Firebase Privacy and Security
• Google Cloud / Vertex AI: AI processing when you invoke AI features. Google Cloud Privacy Notice
• xAI (Grok): Optional secondary AI provider for CleverPal when you select Grok from the model picker. xAI Privacy Policy
• Google Sign-In: Authentication if you choose to sign in with Google. Google Privacy Policy
• Apple App Store: Distribution of Apple-platform apps. Apple Privacy Policy
• Third-party AI assistants you connect: External assistant providers you authorize through MCP or similar workflows.

9. Retention and Deletion

We keep account and content data while your account remains active and the beta service is operating.

If you delete content or delete your account, we will remove cloud-stored data from the active service within a reasonable period. Residual copies may remain for a limited time in backups, logs, or security systems before normal rotation and deletion.

Data stored locally on your own devices may remain there until you remove it, sign out, clear local app or extension data, or uninstall the app or extension.

Where the app offers deletion of derived AI data, that process targets generated artifacts such as semantic embeddings and memory data while leaving your original captured content in place.

10. Your Choices and Privacy Rights

Depending on where you live, you may have rights to access, correct, export, delete, or object to certain uses of your personal data.

• Access and export: You can request a copy of the data we hold about your account, and the app may also provide export features for your content.
• Correction: You can update account details in the product where available or ask us to correct inaccurate information.
• Deletion: You can request account deletion and removal of associated cloud data.
• Objection or restriction: Where applicable law provides these rights, you can ask us to limit or stop certain processing.
• Withdraw consent: If a specific feature relies on your consent, you can stop using that feature or revoke the relevant permission from your device or account settings.
• In-app controls: AI Models settings let you manage local MCP access and agent tokens. Data Controls let you manage optional crash diagnostics, Private Storage, recovery-key setup, app lock, and certain categories of derived AI data directly in the product.

We do not sell personal information or share it for cross-context behavioral advertising. If local law gives you additional rights, contact us and we will handle the request in line with applicable law.

To make a privacy request, email privacy@clevernotes.ai.

11. International Transfers

Clevernotes uses providers based in the United States, including Firebase and Google Cloud. If you use the Service from another country, your information may be transferred to and processed in the United States or other places where those providers operate.

12. Children's Privacy

Clevernotes is not directed to children under 13, and to children under 16 where a higher minimum age applies under local law. If you believe a child has provided personal information to Clevernotes, contact privacy@clevernotes.ai so we can review and remove it.

13. Changes to This Policy

We may update this policy as the beta product evolves. If we make a material change, we will post the update here and may also notify users through the product or by email when appropriate. The date at the top of the page shows the latest revision.

14. Contact

If you have questions about this policy or want to make a privacy request, contact us at:

privacy@clevernotes.ai