Privacy

Effective date: August 31, 2025

Cleve is your second brain — helpful, private, and under your control. This page explains how we handle your data.

TL;DR

Your notes and content should live with you. When you ask Cleve for help, only the minimum necessary context is used. We never sell your data.

  • Your content is encrypted and stored locally and in secure databases we control.
  • Requests may use trusted AI partners; they may not train on your data.
  • You can delete your data at any time.

Privacy by design

  1. Your data lives on your device.

    Conversations, ideas, writings, and history are stored locally and securely. Only data relevant to a request is used when you ask Cleve for help.

  2. Only shared when needed.

    When routing to AI/search, we send the minimum context (e.g., your question or active note). Partners are restricted from training on your data.

  3. Delete anytime.

    Clear chats, notes, or account data whenever you want. If you opt-in to improvements, content data is deleted within 30 days.

  4. Your data is not for sale.

    We use your data only to operate Cleve and provide features you enable.

Sharing content data to improve Cleve

If you opt in, certain content data (like questions and responses) may be used to improve speed and quality. When data leaves your device, it’s processed without being tied to your profile and deleted within 30 days.

You can turn this off any time in Settings.

Definitions

Personal data means information that identifies or relates to an identifiable person. Content data means notes, chats, files, and other user-provided materials. Usage data means technical data about how you use Cleve (e.g., events, device info).

Intro

This Privacy Policy explains how we handle personal data when you use Cleve. By using Cleve, you agree to these practices.

What does this cover?

This policy covers how we collect, use, and share personal data in Cleve across web and mobile. It doesn’t cover third-party services we don’t control.

What is personal data?

Information that identifies or relates to you, such as account/contact data, payment data, content data (notes, chats), and device data (IP, device type).

Categories we collect

  • Account data: email, authentication data, subscription status.
  • Content data: ideas, writings, chats, files you upload or create in Cleve.
  • Usage and device data: app telemetry, crash reports, approximate location (IP).
  • Payment data: processed by our payment partner (e.g., Stripe); we store minimal billing metadata.

Sources of data

We collect data you provide directly, data generated during your use of Cleve, and limited data from third-party services you choose to connect (e.g., Google). We only request the minimum scopes required for features you enable.

How we use your data

  • Provide features (chat, ideas, writings, search).
  • Secure accounts, debug issues, and improve performance.
  • Optional communications (product updates, if you opt in).
  • Comply with legal obligations.

When processing under GDPR, our lawful bases include: contractual necessity (providing Cleve), legitimate interests (security, product improvement), consent (optional improvements, marketing), and legal obligation.

How we may disclose data

We disclose data to service providers (hosting, analytics, payments), to partners you authorize, or to comply with law. We may disclose de-identified data for analytics.

Service providers are contractually bound to process data only on our instructions and with appropriate safeguards. We do not sell your personal data.

Cookies

Cleve’s web client may use cookies and similar technologies for essential features and analytics. You can manage cookies in your browser settings; disabling some may affect functionality.

Where required, we will request your consent for non-essential cookies.

Data security

We use industry-standard security to protect your data. No system is perfectly secure, so also protect your account with strong credentials and device hygiene.

  • Encryption in transit and at rest for core services.
  • Role-based access controls and audit logging.
  • Incident response procedures and periodic reviews.

Data retention

We retain personal data only as long as needed to provide Cleve or meet legal requirements. We may keep de-identified data for analytics.

If you opt-in to improvements, content data used for quality is deleted within 30 days.

Personal data from children

Cleve isn’t intended for children under 18. If we learn we’ve collected data from a child, we’ll delete it promptly.

U.S. State Privacy Rights

Depending on your state, you may have rights to access, delete, correct, or export your personal data. Contact us to exercise these rights.

EU/UK data subject rights

If you are in the EU/UK, you may have rights under GDPR, including access, rectification, erasure, portability, objection, and restriction. Contact us to exercise these rights.

International transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards such as Standard Contractual Clauses to protect personal data transferred from the EEA/UK.

Managing your data

  • Access & export: request a copy of your data.
  • Correction: update account details and content.
  • Deletion: clear content or close your account to delete associated data, subject to legal retention.
  • Opt-outs: disable product communications and improvements at any time.

Contact

Questions? Reach us at privacy@cleve.app.