Privacy Policy

Last updated: March 28, 2026

This policy explains how Clevernotes handles information when you use our beta apps, browser extension, marketing site, and related services (collectively, the "Service"). It is written to describe the product as it exists today and may change as the beta evolves.

1. What We Collect

Account details: If you create an account, we collect the information needed to sign you in and maintain the account, including your email address and, if available, your display name and profile photo.

Content you choose to capture: Clevernotes stores the notes, recordings, screenshots, files, photos, web clips, meeting captures, tasks, and other material you choose to save, along with related metadata such as timestamps, titles, entry types, and AI-generated fields.

Meeting and audio data: When you use voice capture or meeting recording, the app accesses your microphone only with your permission. Meeting features may produce speaker labels or other speaker-related structured data. You are responsible for obtaining any consent required before recording other people.

Technical and operational data: Like most online services, our website, hosting, authentication, and backend systems may receive technical data such as IP address, browser or app version, device type, operating system, locale, timestamps, and request logs needed to deliver, secure, and troubleshoot the Service.

What we do not currently collect: We do not currently run product analytics or advertising trackers on the marketing site or active beta apps. Optional crash diagnostics for the beta apps are off by default and only sent if you enable that setting.

2. How We Use Information

• Operate the Service: Store, sync, search, organize, and display your content across your devices.
• Provide AI features: Transcribe audio, analyze images and documents, create summaries, extract structured information, and power semantic features such as Sparks, CleverPal, Goals, and Habits.
• Protect the Service: Detect abuse, secure accounts, enforce limits, and troubleshoot service or sync issues.
• Communicate with you: Send service notices such as sign-in alerts, major product changes, policy updates, and support replies.
• Improve the beta: Learn from support requests, bug reports you send us directly, and day-to-day operation of the Service.

3. AI Processing

Clevernotes uses Firebase AI / Vertex AI on Google Cloud as the primary provider for AI features such as transcription, image and document analysis, summarization, memory extraction, semantic features, Sparks, Goals, Habits, and CleverPal. CleverPal also supports an optional secondary AI provider (currently xAI / Grok) that you can select from the model picker in the app.

When you use one of these features, the relevant content is sent to the selected AI provider for the requested processing. We try to send only the content needed for that task, not your entire account.

Processed results may be stored in your account alongside the original content so they can appear in the app later.

Some generated artifacts, such as semantic embeddings, memory.md, and meeting analytics, can be controlled from Data Controls in the app. You can turn certain categories off and, where supported, request deletion of existing generated artifacts without deleting the original notes or files.

Some features, such as local storage and local indexing, run on your device. Other features require cloud processing.

Under the Google Cloud / Vertex AI service framework we rely on, customer data is not used to train Google foundation models without permission. xAI's API terms similarly do not use API input or output for model training. We also do not use your content to train our own models.

4. Third-Party AI Assistants and MCP

Clevernotes can support optional Model Context Protocol (MCP) connections and similar external assistant workflows. These connections are not on by default.

• Opt in only: No third-party assistant can access your Clevernotes data unless you choose to connect it.
• You control the scope: Data Controls let you choose whether approved tools can access note text, attachments, memory outputs, meeting insights, and write actions.
• Time limits and re-approval: You can require re-authentication for new tools and set access to expire after a session or a defined time window.
• Third-party terms apply: If you send content to another assistant or provider at your request, that provider's privacy policy and terms apply to the data it receives.
• Our role: We provide the connection path, but we cannot control how another provider handles data once it leaves Clevernotes.

5. Website Data and Storage Technologies

Marketing site: The Clevernotes marketing site does not use advertising or analytics cookies today. It stores your theme preference in your browser's local storage so the site can remember light or dark mode.

Hosting and security: Our hosting or security providers may set basic cookies or similar technical signals when needed to keep the site working, protect the service, or support form submissions. We do not use those mechanisms for cross-site profiling.

Third-party page requests: The marketing site loads Google Fonts, which means your browser may make requests to Google when pages load.

Browser extension: Our browser extension stores local state, such as sign-in state, pending uploads, cached clips, and preferences, in browser-provided local storage.

6. Storage and Security

• Cloud infrastructure: Cloud-synced data is stored on Firebase / Google Cloud infrastructure, including Firestore, Cloud Storage, hosting, and server-side functions.
• Encryption in transit: Data sent between your device and cloud services is encrypted in transit using TLS.
• Encryption at rest: Google Cloud encrypts stored data at rest.
• Local-first design: Clevernotes stores working data on your device so core workflows can continue even when you are offline.
• Access controls: Firestore and Cloud Storage rules are designed so each user can access only their own synced data.

No internet-connected service can promise perfect security, but we use reasonable technical and operational safeguards for a beta product.

7. Sharing and Service Providers

We do not sell your personal information. We do not share your content for cross-context behavioral advertising, ad targeting, or data brokerage.

We share data only when needed to run the Service, when you direct us to do so, or when we are legally required to do so.

• Google Cloud / Firebase: Hosting, authentication, database, storage, server-side processing, and AI-related infrastructure. Firebase Privacy and Security
• Google Cloud / Vertex AI: AI processing when you invoke AI features. Google Cloud Privacy Notice
• xAI (Grok): Optional secondary AI provider for CleverPal when you select Grok from the model picker. xAI Privacy Policy
• Google Sign-In: Authentication if you choose to sign in with Google. Google Privacy Policy
• Apple App Store: Distribution of Apple-platform apps. Apple Privacy Policy
• Third-party AI assistants you connect: External assistant providers you authorize through MCP or similar workflows.

8. Retention and Deletion

We keep account and content data while your account remains active and the beta service is operating.

If you delete content or delete your account, we will remove cloud-stored data from the active service within a reasonable period. Residual copies may remain for a limited time in backups, logs, or security systems before normal rotation and deletion.

Data stored locally on your own devices may remain there until you remove it, sign out, clear local app or extension data, or uninstall the app or extension.

Where the app offers deletion of derived AI data, that process targets generated artifacts such as semantic embeddings, memory.md, and meeting analytics while leaving your original captured content in place.

9. Your Choices and Privacy Rights

Depending on where you live, you may have rights to access, correct, export, delete, or object to certain uses of your personal data.

• Access and export: You can request a copy of the data we hold about your account, and the app may also provide export features for your content.
• Correction: You can update account details in the product where available or ask us to correct inaccurate information.
• Deletion: You can request account deletion and removal of associated cloud data.
• Objection or restriction: Where applicable law provides these rights, you can ask us to limit or stop certain processing.
• Withdraw consent: If a specific feature relies on your consent, you can stop using that feature or revoke the relevant permission from your device or account settings.
• In-app controls: Data Controls also let you manage optional crash diagnostics, external AI access scopes, and certain categories of derived AI data directly in the product.

We do not sell personal information or share it for cross-context behavioral advertising. If local law gives you additional rights, contact us and we will handle the request in line with applicable law.

To make a privacy request, email privacy@clevernotes.ai.

10. International Transfers

Clevernotes uses providers based in the United States, including Firebase and Google Cloud. If you use the Service from another country, your information may be transferred to and processed in the United States or other places where those providers operate.

11. Children's Privacy

Clevernotes is not directed to children under 13, and to children under 16 where a higher minimum age applies under local law. If you believe a child has provided personal information to Clevernotes, contact privacy@clevernotes.ai so we can review and remove it.

12. Changes to This Policy

We may update this policy as the beta product evolves. If we make a material change, we will post the update here and may also notify users through the product or by email when appropriate. The date at the top of the page shows the latest revision.

13. Contact

If you have questions about this policy or want to make a privacy request, contact us at:

privacy@clevernotes.ai