ClearaCleara

Privacy Policy

Last updated: 9 November 2025

1. Introduction

Welcome to Cleara ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our meeting recording and conversation analysis platform (the "Service").

By using Cleara, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Data Controller

Cleara is the data controller responsible for your personal data. For any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@withcleara.com
Address: 91 Balfron Tower, London, E14 0XU

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Profile photograph (optional)
  • Password (encrypted)
  • Account creation and update timestamps

3.2 Organisation Information

If you create or join an organisation:

  • Organisation name
  • Organisation logo
  • Member roles and permissions
  • Organisation metadata

3.3 Calendar Integration Data

When you connect your calendar (Google Calendar or Microsoft Outlook):

  • Calendar name and identifier
  • Event titles, descriptions, and locations
  • Event start and end times, timezones
  • Meeting URLs and platform information
  • Organiser and attendee email addresses
  • Calendar sync status and error messages
  • OAuth refresh tokens (encrypted)

3.4 Meeting Recordings and Transcripts

When you record meetings through our Service:

  • Audio and video recordings of meetings (processed by our third-party provider, Recall.ai)
  • Automated transcripts with speaker identification and timestamps
  • Meeting duration and participant information
  • Meeting platform metadata (Zoom, Teams, Google Meet, etc.)

3.5 Conversation Analysis Data

When we analyse your conversations using artificial intelligence:

  • Communication patterns, verbal signals, and speaking metrics
  • Sentiment and affect analysis
  • Performance scores on communication elements (clarity, empathy, structure, etc.)
  • Coaching recommendations and personalised feedback
  • User preferences for analysis perspectives

3.6 Payment Information

For subscription payments:

  • Billing email address and organisation details
  • Payment card information (processed and stored by Stripe; we never store full card details)
  • Subscription status, plan details, and billing history
  • Stripe customer and subscription identifiers

3.7 Technical and Usage Data

When you use our Service, we automatically collect:

  • IP address (anonymised where possible)
  • Browser type and version
  • Device information and operating system
  • Session information and authentication tokens
  • Pages visited, features used, and time spent
  • Error logs and diagnostic information

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Provision

  • Create and manage your account
  • Schedule and record meetings automatically
  • Generate transcripts and conversation analyses
  • Provide personalised communication insights and coaching
  • Sync with your calendar applications
  • Enable collaboration within organisations

Legal Basis: Performance of contract (Article 6(1)(b) UK GDPR)

4.2 Communication

  • Send service-related emails and notifications
  • Respond to your enquiries and support requests
  • Notify you of important changes or updates

Legal Basis: Performance of contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f))

4.3 Billing and Payments

  • Process subscription payments
  • Manage billing and invoicing
  • Track usage for billing purposes (meeting minutes)
  • Prevent fraud and unauthorised transactions

Legal Basis: Performance of contract (Article 6(1)(b)) and Legal obligation (Article 6(1)(c))

4.4 Service Improvement

  • Analyse usage patterns to improve our Service
  • Develop new features and capabilities
  • Train and improve our AI models (in anonymised form)
  • Debug and resolve technical issues

Legal Basis: Legitimate interests (Article 6(1)(f))

4.5 Legal Compliance

  • Comply with legal obligations and regulations
  • Respond to legal requests and prevent misuse
  • Enforce our terms of service
  • Protect our rights and property

Legal Basis: Legal obligation (Article 6(1)(c)) and Legitimate interests (Article 6(1)(f))

5. Third-Party Services and Data Processors

We work with trusted third-party service providers to deliver our Service. These processors have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Recall.ai

Purpose: Meeting recording bot, transcription, and calendar integration

Data Processed: Meeting audio/video, transcripts, calendar events, attendee information

Location: United States

OpenAI

Purpose: AI-powered conversation analysis and coaching insights

Data Processed: Conversation transcripts, user names

Location: United States

Note: OpenAI does not use data submitted via their API to train models

Stripe

Purpose: Payment processing and subscription management

Data Processed: Payment information, billing details, transaction history

Location: United States (EU/UK data protections apply)

Google / Microsoft

Purpose: Calendar integration and OAuth authentication

Data Processed: Calendar events, authentication tokens

Location: Various (subject to provider's privacy policies)

Neon Database

Purpose: Database hosting and data storage

Data Processed: All application data

Location: Configurable (we use EU/UK regions where available)

Resend

Purpose: Transactional email delivery

Data Processed: Email addresses, email content

Location: United States

6. International Data Transfers

Some of our third-party service providers are located outside the United Kingdom and European Economic Area (EEA), including in the United States. When we transfer your personal data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our US-based processors
  • Data Processing Agreements: All processors sign agreements that require UK GDPR-level protections
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions recognising equivalent data protection standards
  • Additional Safeguards: We implement technical and organisational measures to protect data in transit and at rest

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Information:

Retained while your account is active and for 90 days after account deletion (to allow account recovery)

Meeting Recordings and Transcripts:

Retained until you delete them or close your account. You can delete individual recordings at any time.

Conversation Analyses:

Retained while your account is active. Deleted when you delete the associated recording or close your account.

Billing Records:

Retained for 7 years to comply with UK tax and accounting regulations

Technical Logs:

Retained for 90 days for security and debugging purposes

8. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you. You can export your data from your account settings.

8.2 Right to Rectification

You can update your account information and correct inaccuracies directly in your account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. You can delete individual recordings or close your account entirely, which will delete all your data within 90 days.

8.4 Right to Restriction of Processing

You can request that we restrict processing of your personal data in certain circumstances.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

8.6 Right to Object

You can object to processing of your personal data where we rely on legitimate interests as the legal basis.

8.7 Rights Related to Automated Decision-Making

While we use AI to analyse conversations, we do not make automated decisions with legal or similarly significant effects. You maintain full control over how you use our insights.

To exercise any of these rights, please contact us at privacy@withcleara.com. We will respond to your request within one month.

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict role-based access controls and authentication requirements
  • Password Security: Passwords are hashed using industry-standard algorithms (bcrypt)
  • Regular Security Audits: We conduct regular security assessments and vulnerability testing
  • Secure Infrastructure: Our infrastructure partners maintain SOC 2 and ISO 27001 certifications
  • Employee Training: Our team receives regular data protection and security training
  • Incident Response: We maintain an incident response plan and will notify you of any data breaches as required by law

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Recording Consent and Third-Party Rights

Important: You are responsible for obtaining consent from all meeting participants before recording.

When you use Cleara to record meetings:

  • You must inform all participants that the meeting is being recorded
  • You must obtain explicit consent from all participants before starting the recording
  • Our recording bot announces its presence when joining meetings
  • You are responsible for complying with all applicable laws regarding recording, including the Regulation of Investigatory Powers Act 2000 (RIPA) and common law requirements
  • Different jurisdictions have different consent requirements (one-party vs. all-party consent)

We are not responsible for your failure to obtain proper consent. You agree to indemnify us against any claims arising from unauthorised recordings.

11. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete such information.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our Service:

Essential Cookies:

Required for authentication, security, and core functionality. These cannot be disabled.

Session Cookies:

Keep you logged in during your browsing session.

Preference Cookies:

Remember your settings and preferences (theme, language, etc.).

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of our Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date at the top
  • Sending an email notification for significant changes (where required)

Your continued use of the Service after such modifications constitutes your acknowledgment of the modified Privacy Policy.

14. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first at privacy@withcleara.com. We will investigate and attempt to resolve any complaints.

You also have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cleara
Email: privacy@withcleara.com
Support: support@withcleara.com
Address: 91 Balfron Tower, London, E14 0XU

16. Additional Information for UK Users

As a UK-based service, we are committed to compliance with UK data protection laws. This includes:

  • Maintaining comprehensive records of our data processing activities
  • Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing
  • Implementing privacy by design and by default in our Service development
  • Appointing a Data Protection Officer (if required by law)
  • Reporting any personal data breaches to the ICO within 72 hours where required
  • Providing transparency about our AI and automated processing activities

This Privacy Policy was last updated on 9 November 2025. We encourage you to review it periodically to stay informed about how we protect your information.

By using Cleara, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.