Privacy Policy

Last updated: March 6, 2026

Clevernotes ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our applications and services, including our macOS app, iOS app, Chrome extension, and cloud-based features (collectively, the "Service").

1. Information We Collect

Account information: When you sign in with Google or email, we collect your email address, display name, and profile photo (if provided by your identity provider) to create and manage your account.

User-created content: Voice recordings, text notes, screenshots, files, photos, web clips, meeting recordings, and any other content you capture or create within the app. This includes metadata such as creation timestamps, entry types, and tags generated by AI processing.

Audio and meeting data: When you use voice capture or meeting recording features, the app accesses your device's microphone with your explicit permission. Meeting recordings may include speaker identification data derived from audio analysis. You are responsible for obtaining consent from other participants before recording any meeting or conversation, in accordance with applicable local laws.

Usage analytics: We collect anonymized usage data (feature usage, session duration, error reports) to improve the app. This data is not tied to your personal content and cannot be used to identify you.

Device information: Basic device identifiers, operating system version, app version, and locale for debugging, compatibility, and service improvement purposes.

2. How We Use Your Information

• Provide the service: Store, sync, search, and organize your content across devices.
• AI processing: Transcribe audio, analyze images and documents, extract insights and structured data, generate summaries, and enable semantic search and AI chat.
• Cross-device sync: Keep your content consistent across all your devices via Firebase.
• Service improvement: Analyze anonymized usage patterns to improve features, fix bugs, and optimize performance.
• Communications: Send you service-related notifications such as security alerts, policy changes, or important product updates. We do not send marketing emails.

Legal basis for processing (EEA/UK users): We process your data based on: (a) your consent when you create an account and use AI features; (b) the necessity to perform our contract with you (providing the Service); and (c) our legitimate interests in improving and securing the Service, provided these do not override your fundamental rights.

3. AI Processing

Clevernotes uses the Google Gemini API (via the Firebase AI SDK) for AI features including transcription, image and document analysis, summarization, memory extraction, semantic search, and conversational AI.

Your content is not used to train AI models. Google's Gemini API paid-tier data processing terms govern how your content is handled during processing. Content is sent to Google's servers for real-time processing and is not retained by Google for model training purposes. Processed results (transcripts, summaries, extracted insights) are stored in your account alongside the original content.

On-device vs. cloud processing: Some AI features (such as local search indexing) run entirely on your device. Features requiring the Gemini API (transcription, image analysis, AI chat) send relevant content to Google's servers for processing. We minimize the data sent by only transmitting the specific content needed for each operation.

4. Third-Party AI Integrations (MCP)

Clevernotes supports the Model Context Protocol (MCP), an open standard that allows external AI assistants (such as Claude, ChatGPT, and others) to access your notes and data with your permission.

• Opt-in only: MCP access is entirely opt-in. No external AI assistant can access your data unless you explicitly configure and authorize the connection.
• You control the scope: You decide which AI assistants can connect and can revoke access at any time.
• Data flow: When you use an MCP-connected AI assistant, your queries and the relevant note content are transmitted to that assistant's servers for processing. Each third-party AI service is governed by its own privacy policy and terms of service.
• Our responsibility: We provide the technical infrastructure for MCP connections but are not responsible for how third-party AI services process your data once it leaves our systems. We recommend reviewing the privacy policy of any AI service you connect.

5. Cookies and Tracking Technologies

Our native apps (macOS, iOS) do not use cookies. They store authentication tokens and user preferences locally using the operating system's secure storage (Keychain on Apple platforms).

Our website (clevernotes.ai) uses minimal cookies strictly necessary for functionality:

• Authentication cookies: Firebase Authentication session tokens to keep you signed in.
• Hosting cookies: Standard cookies set by Firebase Hosting for security and performance.

We do not use advertising cookies, tracking pixels, or third-party analytics on our website. We do not participate in cross-site tracking or ad networks.

Our Chrome extension uses Chrome's local storage APIs to store your authentication state and extension preferences. It does not set cookies or track your browsing activity outside of explicit web-clip actions you initiate.

6. Data Storage and Security

• Infrastructure: Your cloud-synced data is stored on Google Cloud / Firebase infrastructure in the us-central1 region (Council Bluffs, Iowa, USA).
• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Your data is encrypted at rest using AES-256 on Google Cloud infrastructure.
• Authentication: Account access is secured via Firebase Authentication with Google Sign-In or email/password. We do not store your Google account password.
• Local-first architecture: Your content is stored locally on your device first using encrypted local databases. Cloud sync is a secondary layer for cross-device access and backup. The app remains functional offline.
• Access controls: Firestore security rules ensure that each user can only read and write their own data. Administrative access to production data is restricted and logged.

7. Data Sharing and Sub-processors

We do not sell your data. We do not share your personal content with advertisers, data brokers, or ad networks. We do not engage in cross-site tracking or behavioral advertising.

The following third-party services process your data as part of providing the Service:

• Google Cloud / Firebase: Cloud infrastructure for data storage (Firestore, Cloud Storage), user authentication, cloud functions, and hosting. Firebase Privacy Policy
• Google Gemini API (Firebase AI): AI processing for transcription, image/document analysis, summarization, and conversational AI. Gemini API Terms
• Google Cloud Run: Hosts our MCP cloud server for third-party AI integrations.
• Apple (App Store / Sign in with Apple): App distribution and optional authentication on Apple platforms. Apple Privacy Policy

We may also share data when required by law, to protect our rights, or to prevent fraud or security threats.

8. Data Retention

Active accounts: Your content is retained for as long as your account is active. Local data persists on your device until you delete the app or clear its data.

Account deletion: When you delete your account through the app settings, we initiate permanent deletion of all your cloud-stored data (Firestore documents, Cloud Storage files) within 30 days. Local data on your devices is not affected by cloud deletion — you can clear it by uninstalling the app.

Backups: Automated infrastructure backups may retain encrypted copies of deleted data for up to 30 days after deletion, after which they are permanently purged.

Anonymized analytics: Aggregated, anonymized usage data that cannot be linked to your account may be retained indefinitely for service improvement.

Legal obligations: We may retain certain data for longer periods if required by law, regulation, or legal proceedings.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Export: Export all your content at any time from within the app in standard formats.
• Correction: Update or correct inaccurate personal data through the app or by contacting us.
• Deletion: Delete your account and all associated cloud data from the app settings, or request deletion by contacting us.
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Objection: Object to processing based on our legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@clevernotes.ai. We will respond within 30 days (or sooner if required by applicable law).

10. Regional Privacy Rights

European Economic Area (EEA) and United Kingdom: If you are located in the EEA or UK, your data is processed in accordance with the General Data Protection Regulation (GDPR) and UK GDPR. Your data is transferred to the United States for processing and storage. These transfers are protected by Google Cloud's Standard Contractual Clauses (SCCs) and supplementary security measures. You have the right to lodge a complaint with your local data protection authority.

California (CCPA/CPRA): If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell or share your data for advertising); and not be discriminated against for exercising your rights. To exercise these rights, contact us at privacy@clevernotes.ai.

Other jurisdictions: We comply with applicable data protection laws in the jurisdictions where we operate. If your local law grants you additional rights not listed here, please contact us and we will accommodate your request to the extent required by law.

11. International Data Transfers

Your data is processed and stored in the United States on Google Cloud infrastructure. If you are located outside the United States, your data is transferred internationally. We rely on Google Cloud's compliance frameworks, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure that transfers meet applicable legal requirements for data protection.

12. Children's Privacy

Clevernotes is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact us at privacy@clevernotes.ai so we can promptly delete it.

13. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you through the app, via email, or by posting a prominent notice on our website at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact

If you have questions about this privacy policy, your data, or wish to exercise your rights, contact us at:

privacy@clevernotes.ai