Privacy Policy

Clera

Last updated:

1. Introduction

Clera ("we", "our", or "the app") is an audio capture and AI summarization application. This Privacy Policy explains what information we collect when you use Clera, how we use it, and your rights with respect to your data.

By installing or using Clera, you agree to the practices described in this policy. If you do not agree, please uninstall the app and contact us to request deletion of any data we hold.

2. Information We Collect

2.1 Audio Recordings

Clera captures audio playback from your device (Android) or your device microphone (iOS) while the recording feature is active. Audio is processed entirely on-device by a local Whisper speech-to-text model. Raw audio files are deleted immediately after transcription is complete.

2.2 Transcription Text

Text produced by on-device transcription may be sent to our cloud server for AI summarization. Transcriptions and summaries are stored locally on your device in an encrypted database. If you use the Google Drive export feature, transcription text is sent to your own Google Drive account.

2.3 Device Identifier

We generate a random, anonymous device identifier on first launch, stored in your device's secure storage. This identifier is included in API requests for rate-limiting and fraud prevention. It cannot be used to identify you personally and is not linked to your name or email.

2.4 Crash Reports and Diagnostics

We use Firebase Crashlytics (Google) to collect crash reports. A report may include:

Device model and manufacturer
Operating system version
App version number
Stack trace at the time of the crash
Limited app state information (no audio, transcription text, or personal data)

Crash collection is disabled in debug builds.

2.5 Google Account Information

If you connect your Google account for Drive export, we receive your Google name and email address via Google Sign-In, used solely for authentication. This information is not stored on our servers.

2.6 Server Logs

Our API server (hosted in Germany with Hetzner) logs inbound requests. Logs may include your IP address, request timestamp, and HTTP response code. Logs are retained for a maximum of 30 days.

3. How We Use Your Information

Data	Purpose
Transcription text	AI summarization via our backend (Google Gemini)
Device identifier	Rate-limiting API requests; fraud prevention
Crash reports	Diagnosing and fixing app bugs
Google account info	Authenticating Google Drive export
Server logs / IP	Security monitoring; abuse prevention

4. Third-Party Services

Clera relies on the following third-party services, each subject to their own privacy policy:

Google Gemini API — processes transcription text for AI summaries. ai.google.dev/terms
Firebase Crashlytics (Google) — receives crash diagnostics. firebase.google.com/support/privacy
Google Sign-In / Google Drive — used only if you enable Drive export. policies.google.com/privacy
Hetzner — API gateway hosted in Germany (EU). hetzner.com/legal/privacy-policy

We do not sell or share your data with advertisers or data brokers.

5. Data Storage and Retention

Audio recordings are deleted from device storage immediately after transcription.
Transcription text and summaries are stored locally on your device under your control.
The anonymous device identifier persists until you uninstall the app or clear app data.
Server logs are retained for a maximum of 30 days, then automatically deleted.
Crash reports are retained by Firebase Crashlytics for 90 days per Google's policy.

6. Data Security

All communication between the app and our server is encrypted with HTTPS/TLS.
API requests are authenticated with HMAC-SHA256 request signing; replay attacks are prevented.
The local database is stored in app-private storage, inaccessible to other apps.
Sensitive values are stored in platform secure storage (Android Keystore / iOS Keychain).

No security measure is 100% effective. If you believe your data has been compromised, please contact us immediately.

7. Children's Privacy

Clera is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Your Rights

Depending on your location, you may have the right to:

Access — request a copy of the data we hold about you.
Deletion — request that we delete your data. On-device data can be deleted directly in the app; for server logs, email us.
Portability — request your data in a machine-readable format.
Objection — object to certain types of processing.

To exercise any of these rights, contact us at nbgslv@gmail.com. We will respond within 30 days.

9. International Data Transfers

Our API server is located in Germany (EU). If you are located outside the EU, your transcription text may be transferred to our server for processing. By using the app, you consent to this transfer.

Crash reports and Gemini data are processed by Google on servers that may be located outside your country. Google's data transfer mechanisms comply with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you via an in-app notice for material changes. Continued use of the app after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

Clera / InstaListen

Email: nbgslv@gmail.com

Website: instalisten.duckdns.org