CleverBrag

Privacy Policy

Last updated: June 13, 2026

1. Scope and Definitions

CleverThis ("we", "our", or "us") provides AI assistant, voice, document, reminder, connected-account, and related services. This Privacy Policy describes the personal information and customer content we process, the purposes for which we process it, the limited circumstances in which we disclose it, and the controls available to users and account owners.

In this Policy, "Service" means the CleverThis applications, websites, APIs, and related services. "Customer Content" means information that you or your organization submit to the Service, including prompts, conversations, documents, files, contacts, connected-account data, audio, and related metadata. "Personal Information" means information that identifies, relates to, or can reasonably be associated with an individual.

2. Information We Process

We process the following categories of information, depending on the features enabled by you or your organization:

  • Account and authentication information: Email address, name, account identifiers, organization membership, authentication events, access and refresh tokens, subscription status, and authentication data from email/password, Google Sign-In, Sign in with Apple, or our authentication provider.
  • Voice and audio data: Microphone audio during active voice sessions, audio streams sent over encrypted connections for transcription and response generation, and local audio processing used for optional wake-word functionality.
  • Conversation data: Transcripts of what you say, AI responses, tool results, call history, timestamps, call metadata, summaries, semantic-search embeddings, and related session records.
  • Memory and personalization data: Facts, preferences, names, instructions, and other details that you ask the assistant to remember or that are derived from your interactions to personalize future responses.
  • Contacts: Names, email addresses, phone numbers, and related contact metadata from device contacts, Google Contacts, or information you provide, when you grant permission or choose to import contacts.
  • Connected-account data: OAuth tokens, scopes, account identifiers, account metadata, and authorized data from connected services such as Google, Microsoft, LinkedIn, and X.
  • Email and calendar data: Email messages, headers, folders, labels, calendar events, attendees, attachments, and related metadata when you authorize access to mail or calendar services.
  • Documents and files: Files you upload directly or import from Google Drive, OneDrive, SharePoint, or similar services, including extracted text, chunks, entities, relationships, summaries, embeddings, metadata, and document identifiers.
  • Wake-word voiceprint data: Enrollment samples and derived voiceprint vectors used to support optional wake-word experiences. Raw enrollment samples are not intended to be stored on our servers.
  • Device, usage, and diagnostic data: Device identifiers, IP address, browser and operating-system information, app version, feature usage, API activity, logs, crash reports, security events, and performance data.
  • Notification and local app data: Push notification tokens, notification payloads, onboarding state, consent state, contacts sync state, locally stored auth state, voiceprint data, and other app settings stored on your device.
  • Billing and commercial data: Subscription status, billing-page access data, invoices, payment metadata, plan information, and related commercial records processed by us or our billing providers.

3. Sources of Information

  • Directly from you: When you create an account, configure your profile, subscribe, use voice or chat features, upload documents, create reminders, save contacts, submit support requests, or otherwise interact with the Service.
  • From your device: Microphone audio during active calls or local wake-word use, device contacts with permission, push notification tokens, device identifiers, usage events, diagnostics, and local app state.
  • From linked services: Data returned by Google, Microsoft, LinkedIn, X, Apple, or other third-party platforms after you authenticate or authorize access.
  • From service providers: Authentication, billing, document processing, AI, cloud storage, analytics, security, support, and notification providers that support the Service.

4. Purposes of Processing

We process information only for defined business and product purposes, including to:

  • Provide, operate, maintain, and improve the Service.
  • Authenticate users, enforce access controls, administer accounts and organizations, and manage subscriptions.
  • Provide real-time voice conversations, transcription, spoken responses, text responses, summaries, semantic search, and personalization.
  • Read, search, index, summarize, draft, send, or manage email only when authorized by you.
  • View, create, update, or delete calendar events, reminders, briefings, and related tasks only when authorized by you.
  • Browse, import, upload, process, search, summarize, and retrieve documents and cloud-drive files only when authorized by you.
  • Look up, store, and use contacts during assistant interactions.
  • Post, send, delete, or otherwise act in third-party services only when you request or authorize those actions.
  • Send transactional notifications about reminders, completed tasks, briefings, meeting preparation, document uploads, security events, and important service events.
  • Detect, prevent, investigate, and respond to fraud, abuse, security incidents, policy violations, and technical issues.
  • Comply with legal obligations, enforce agreements, resolve disputes, and support audits and compliance reviews.

5. AI Processing Commitments

CleverThis uses AI model providers, including OpenAI, to provide real-time voice conversations, transcription, response generation, summaries, embeddings, semantic search, tool routing, and personalization features. Data sent to AI providers may include:

  • Audio frames from active voice calls, encoded for real-time processing.
  • Conversation transcripts, AI responses, and prior conversation context.
  • Relevant context from contacts, emails, calendars, documents, connected accounts, tool results, and stored personal facts when needed to answer your request or operate the assistant.
  • Text from emails, conversations, or documents for summaries, embeddings, and semantic search.

We do not sell Customer Content. We do not use Customer Content to train our own foundation models. Where an AI provider offers an API data usage policy under which API inputs and outputs are not used to train that provider's models, we configure and use the provider in reliance on that policy or comparable enterprise controls. Before you use voice features, the app presents an in-app disclosure and asks for consent to AI processing where required.

AI outputs may be probabilistic and should be reviewed before being relied upon for legal, financial, medical, employment, safety, or other high-impact decisions.

6. Connected Accounts and User-Directed Actions

When you link an external account, we store OAuth tokens so CleverThis can access that account on your behalf within the permissions you approved. Depending on the provider and scopes you grant, the assistant may read, search, create, update, send, post, or delete information in third-party services.

We treat actions in connected accounts as user-directed actions. Unlinking an account in the app deletes the token stored by CleverThis for that connection. You may also need to revoke access directly in the provider's account settings to invalidate previously granted access or cached sessions maintained by that provider.

7. Contacts

If you grant contact permissions or import contacts, contact names, emails, and phone numbers are stored in your account so the assistant can find people you reference. Contact names and details may be included in prompts or tool results sent to OpenAI when needed for assistant functionality. We do not sell contact data. You can delete individual contacts or clear imported contacts from the app where supported.

8. Documents, Cloud Drives, and Storage

When you upload files or import from Google Drive, OneDrive, or SharePoint, CleverThis may copy the selected files to our document processing service or cloud object storage. Depending on configuration, files may be uploaded directly to that service or through presigned storage URLs. We process files to extract text, chunks, entities, relationships, summaries, embeddings, metadata, and document identifiers so you can search, retrieve, analyze, and discuss them with the assistant.

We apply tenant, account, or user-level access controls to separate Customer Content. We may maintain derived indexes, embeddings, metadata, and audit records to support retrieval, security, troubleshooting, and compliance.

9. Notifications and Local Device Storage

We use Firebase Cloud Messaging and platform notification services to send push notifications. Device tokens and notification title/body/data payloads are sent through those services. The mobile app also stores certain data locally, including auth tokens, notification history, consent state, voiceprint data, contacts sync state, and onboarding state. Local storage may not use the device's secure keychain or hardware-backed secure storage for every item.

10. Disclosures and Subprocessors

We do not sell your personal information. We share information as needed to provide, secure, support, and improve the Service, including with:

  • AI providers: Audio, conversation text, context, summaries, embeddings, tool inputs, and other AI-processing inputs and outputs.
  • Google: Sign-in, OAuth, Gmail, Calendar, Drive, Contacts, and Firebase Cloud Messaging services, depending on your choices.
  • Apple: Sign in with Apple and platform notification services.
  • Microsoft: OAuth, Outlook, Calendar, Teams, OneDrive, SharePoint, and Microsoft Graph services, depending on your choices.
  • LinkedIn and X: OAuth and posting or deletion actions you request or authorize.
  • Infrastructure, security, and operations providers: Cloud hosting, storage, databases, logging, monitoring, security, email, support, billing, and document processing providers.
  • Law enforcement, regulators, or other parties: When required by law or necessary to protect our rights, users, or services.

Service providers are authorized to process information only as necessary to provide services to CleverThis or as otherwise permitted by law. We may disclose aggregated or de-identified information where it cannot reasonably be used to identify you.

11. Google API Services - Limited Use Disclosure

The use and transfer of information received from Google APIs by CleverThis adheres to the Google API Services User Data Policy, including the Limited Use requirements.

12. Retention, Deletion, and Export

  • We retain account, conversation, personalization, contact, connected-account, document, notification, and billing-related records only for as long as needed to provide the Service, meet documented business purposes, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support auditability.
  • You can unlink connected accounts in the app, which deletes locally stored OAuth tokens for those accounts. You should also revoke access in the provider's own account settings if you want the provider to invalidate the grant.
  • You can delete contacts, voiceprint data, documents, and other supported data from available app settings or feature screens.
  • You can delete your account through the account deletion flow when available, or request help by contacting support@cleverthis.com. Account deletion removes the main account and associated CleverThis backend data, subject to legal, security, backup, accounting, dispute-resolution, and operational limits.
  • Deleted data may persist in encrypted backups, logs, or archives for a limited period before being overwritten or purged in the ordinary course of business.

13. Your Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. You may withdraw AI-processing consent, revoke connected-account access, or ask us for help by contacting us. Some choices may limit or disable assistant functionality.

If you use the Service through an organization, some requests may need to be directed to your organization's administrator. We may take reasonable steps to verify your identity before fulfilling a request.

14. Children's Privacy

CleverThis is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13.

15. Security

We use technical and organizational measures designed to protect Personal Information and Customer Content, including encryption in transit, logical data separation, access controls, logging, monitoring, vulnerability management, and operational security practices. Access to production systems and Customer Content is limited to personnel and service providers with a business need.

No method of transmission, processing, or storage is completely secure, and we cannot guarantee absolute security.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy within the app or on our website. Continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy, please contact us at support@cleverthis.com.

CleverBrag