Privacy Policy

Effective date: December 16, 2025

Cleve is your second brain — helpful, private, and under your control. This page explains how we handle your data.

TL;DR

Your notes and content should live with you. When you ask Cleve for help, only the minimum necessary context is used. We never sell your data.

  • Your content is stored in secure cloud infrastructure we control (Supabase) and synced to your devices, with transmission over TLS and provider-managed encryption at rest.
  • Requests may use trusted AI partners (OpenAI, Anthropic, Google, Perplexity); they do not train on your data.
  • You can delete your data at any time.

Privacy by Design

  1. Your data is stored securely in the cloud and on your devices.

    Conversations, ideas, writings, and history are transmitted over TLS and stored in our cloud (Supabase) with provider-managed encryption at rest, then synced to your devices. Only data relevant to a request is used when you ask Cleve for help.

  2. Only shared when needed.

    When routing to AI/search, we send the minimum context (e.g., your question or active note). Partners are restricted from training on your data and process it only to return results.

  3. Delete anytime.

    Clear chats, notes, or account data whenever you want. We don't use your content to train models; transient processing data is short-lived.

  4. Your data is not for sale.

    We use your data only to operate Cleve and provide features you enable.

Sharing Content Data to Improve Cleve

We do not use your content to train models. Content is processed only as needed to provide responses. Limited diagnostic logs may be retained briefly to ensure reliability and abuse prevention, then discarded.

Definitions

Personal data means information that identifies or relates to an identifiable person. Content data means notes, chats, files, and other user-provided materials. Usage data means technical data about how you use Cleve (e.g., events, device info).

Introduction

This Privacy Policy explains how we handle personal data when you use Cleve. By using Cleve, you agree to these practices.

What Does This Cover?

This policy covers how we collect, use, and share personal data in Cleve across web and mobile. It doesn't cover third-party services we don't control.

What is Personal Data?

Information that identifies or relates to you, such as account/contact data, payment data, content data (notes, chats), and device data (IP, device type).

Categories We Collect

  • Account data: email, authentication data, subscription status.
  • Content data: ideas, writings, chats, files you upload or create in Cleve, and content imported from connected accounts (e.g., socials, email, notes) when you enable those features.
  • Usage and device data: app telemetry, crash reports, approximate location (IP).
  • Payment data: processed by our payment partner (e.g., Stripe); we store minimal billing metadata.

Sources of Data

We collect data you provide directly, data generated during your use of Cleve, and limited data from third-party services you choose to connect (e.g., email, social, notes). We only request the minimum scopes required for features you enable, and you can revoke access in those services at any time.

How We Use Your Data

  • Provide features (chat, ideas, writings, search).
  • Secure accounts, debug issues, and improve performance.
  • Optional communications (product updates, if you opt in; you can opt out anytime).
  • Comply with legal obligations.

When processing under GDPR, our lawful bases include: contractual necessity (providing Cleve), legitimate interests (security, product improvement), consent (optional marketing), and legal obligation.

How We May Disclose Data

We disclose data to service providers (hosting, analytics, payments), to partners you authorize, or to comply with law. We may disclose de-identified data for analytics.

Trusted AI processors (for chat and generation) currently include OpenAI, Anthropic, Google, and Perplexity. They process only the context needed to return results and are contractually restricted from training on your data; we do not train models on your data.

Other key processors include Supabase (database and storage), Vercel (hosting for web properties), PostHog (product analytics with masking), Google Tag Manager (for GA4/Ads/LinkedIn/Clarity), Meta Pixel, Stripe/RevenueCat (payments/subscriptions), and Resend (transactional email). These processors act on our instructions to provide the Services.

Service providers are contractually bound to process data only on our instructions and with appropriate safeguards. We do not sell your personal data.

Cookies

Cleve's web client uses cookies and similar technologies for essential features and, with your consent, analytics/marketing tags (PostHog with session recording/masking, Google Tag Manager for GA4/Ads/LinkedIn/Clarity, Meta Pixel).

You can manage cookies via the cookie banner or “Cookie settings” in the footer; disabling some may affect functionality.

Data Security

We use industry-standard security to protect your data. No system is perfectly secure, so also protect your account with strong credentials and device hygiene.

  • Encryption in transit and at rest for core services.
  • Role-based access controls and audit logging.
  • Incident response procedures and periodic reviews.

Data Retention

We retain personal data while you have an account and as needed to provide the Services or meet legal requirements. Content you delete is removed from active systems, with backups purged on a rolling basis (typically within 30-90 days). We may keep de-identified data for analytics.

We do not use your content for training; transient processing artifacts and diagnostic logs are short-lived and cleared on a rolling basis. You can request export or deletion of your account data; legal obligations may require limited retention (e.g., billing records).

Personal Data from Children

Cleve isn't intended for children under 18. If we learn we've collected data from a child, we'll delete it promptly.

U.S. State Privacy Rights

Depending on your state, you may have rights to access, delete, correct, or export your personal data. Contact us to exercise these rights.

EU/UK Data Subject Rights

If you are in the EU/UK, you may have rights under GDPR, including access, rectification, erasure, portability, objection, and restriction. Contact us to exercise these rights.

To exercise any privacy right, contact support@cleve.ai. We may need to verify your request and will respond within timelines required by applicable law.

International Transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards such as Standard Contractual Clauses to protect personal data transferred from the EEA/UK.

Managing Your Data

  • Access & export: request a copy of your data.
  • Correction: update account details and content.
  • Deletion: clear content or close your account to delete associated data, subject to legal retention.
  • Opt-outs: disable product communications at any time.
  • Connected accounts: disconnect connected email/social/note accounts in your settings or via each provider to stop further imports.

Contact

Questions? Reach us at support@cleve.ai.