Privacy Policy

1 | Executive Overview

At Cleft, your privacy isn't just a priority; it's a key part of how we operate. We've put together this policy to clearly explain what information we gather when you use our services, why we collect it, and how we keep it safe. Think of this as a guide to your privacy rights and our responsibilities to you. We've kept it as straightforward as possible, so you'll know exactly where you stand.

1. User Privacy Goals: The service aims for strong data management controls, robust protection against unauthorized access, consistent availability, and risk minimization.
2. Scope of Policy: This policy covers all Cleft services provided globally and indicates user consent as a basis for data processing.
3. Data Collection: Cleft collects various data types, including account information, audio notes, transcription data, summary notes, language preferences, usage data, device information, and communication records.
4. Data Usage: The information collected is used to deliver and manage services, improve user experience, communicate with users, and ensure security.
5. Third-Party Collaboration: Cleft works with third-party providers and subprocessors for services while upholding privacy and data protection compliance.
6. Information Control: Users' data, including encrypted voice recordings and AI-generated summary notes, are processed, with sharing done only with user consent.
7. Regulatory Compliance: Cleft adheres to GDPR and CCPA, providing rights like data access, rectification, deletion, and objecting to processing.
8. Information Sharing: Data is shared with user permission, for service provision, or due to legal obligations.
9. Policy Updates and Change Log: Cleft will notify users of policy updates through their website, and the change log records all amendments.

2 | Our Goals for Your Privacy and Data Protection

At Cleft, we understand that the safety and integrity of your data are fundamental. Our goals are all about ensuring that:

• Solid Controls: We implement strong procedures to manage your data with the utmost care, making sure every step we take is deliberate and secure.
• Robust Protection: We're committed to safeguarding Cleft against unauthorized access or alterations, ensuring that our service lives up to the high standards we've set.
• Unwavering Availability: We strive to provide a service that's consistently available, so you can rely on Cleft being there when you need it.
• Minimizing Risks: We proactively look for ways to reduce risks, constantly evaluating and improving our practices to keep your data as safe as possible.

3 | Scope and Consent

3.1 | Our Coverage

This privacy policy applies to all the services provided by Cleft, headquartered in Ireland. It's relevant to our applications, websites, and any other services we offer, including any new services we might introduce in the future. This policy is dedicated solely to our services and does not extend to any third-party services or applications, even if they are accessible through our own.

3.2 | Your Permission

By choosing to use Cleft, you're giving us your consent to handle your personal information as described in this policy. This is our way of ensuring you're informed and agree to how we collect, use, and share your data. If you're using our services on behalf of an organization, you're confirming that you have the authority to agree to this policy on their behalf.

If our policy doesn't align with your expectations, we understand that you may decide not to use our services. Remember, it’s your choice, and you can discontinue using Cleft at any point if you disagree with our practices.

3.3 | Legal Grounds

As an Ireland-based company, we adhere strictly to the General Data Protection Regulation (GDPR). This means that we only process personal data when we have a lawful basis to do so, which includes your consent, a contract with you, or our legitimate business interests.

3.4 | Policy Modifications

1. We're committed to staying up-to-date with the best practices and legal requirements. If we modify our privacy policy, we'll inform you via this website so you can review the changes.
2. Continued use of our services after such communication will be regarded as acceptance of our updated terms.

4 | Information Collection

4.1 | Types of Data We Collect

At Cleft, we handle a variety of data to make our voice-to-text service efficient and user-friendly. The following is an alphabetical list of the types of data we collect.

4.1.A | Account

Your basic details including:

• full name
• email address
• contact preferences when you sign up

4.1.B | Audio

The voice recordings you make using Cleft create audio files that are transcribed on device. We use locally stored Whisper language models for voice transcription. We transcribe these voice recordings to create text-based transcriptions and summary notes.

4.1.C | Communications

• Messages and communications between users or with customer support.
• Used for facilitating in-app communication, support services, and monitoring for compliance with terms of service.

4.1.D | Communication Records

• If you reach out to us, we keep a record of that communication for future reference and to improve our support. You can always update your preferences by completing the communications preferences form here.

4.1.E | Device Information

• Details about the devices you use for Cleft, like the operating system and unique identifiers.

4.1.F | External Links

• Associated with notes and thoughts created by the user.
• These links are collected to enrich the content and provide context, allowing users to revisit the source or share it with others.
• The service may store these links as part of the note metadata to maintain the association between the note and its references.
• Links are typically not processed for content but may be checked for validity and to ensure they do not lead to malicious sites.
• Security measures include scanning for known malicious URLs and ensuring secure data transmission when links are shared or clicked.

4.1.G Image

• Any visual content uploaded by users for profile pictures or shared within the service.
• Images are processed for display, resized, or analyzed for content moderation

4.1.HI | Language

Cleft saves your spoken language to improve transcription. Cleft may automatically detect the language being spoken and save it on your behalf. We support a wide range of languages, not just English, to accommodate diverse user needs.

4.1.I | Location

• Geographic information provided by the user or derived from the device IP address.
• Used for location-based services, content localization, and compliance with regional regulations.

4.1.J | Transcription

When you record audio notes using Cleft, our chosen voice transcription technology, Whisper, it generates a transcription. This transcription is processed locally on your device, turning your spoken words into written text.

4.1.K | Summary Note

Cleft provides a feature that creates summary notes from your transcriptions. These summaries are generated by sending the written text from your transcription to Open AI to condense the content of your transcriptions into shorter, summarized text, giving you quick insights into your recordings. It is a free form text input system.

4.1.L | Usage

• Data on how users interact with the service, including usage patterns and preferences.
• Used to improve user experience, service functionality, and for personalisation.

4.1.M | Videos

• Video files uploaded by users for sharing or personalisation of their account.
• Videos are stored and potentially processed to extract text or understand content.

4.1.N | Website Cookies and Tracking

Please refer to our section 16, our cookie policy, for further information.

We do not collect the following:

• Information collected via cookies and similar tracking technologies to remember user preferences and sessions.
• Enables personalised user experiences and effective service operation.

4.2 | How and Why We Collect Data

• Directly From You: Much of the data we collect, like your account info and audio notes, comes directly from your use of Cleft.
• Through Technology: We gather usage and device information automatically as you interact with our service.
• From Third Parties: Occasionally, we might receive data about you from other sources, especially if you link a third-party application with Cleft.

The data we collect serves several key purposes:

• Service Delivery: Your information is essential for the basic functionality of Cleft, from transcribing your notes to managing your account.
• Service Improvement: We analyze usage patterns to enhance Cleft and develop new features that respond to your needs.
• Customer Support and Communication: We use your data to communicate with you about important updates and respond to your inquiries.
• Security and Safety: Monitoring for potential issues helps us keep Cleft secure for all users.

5 | Use of Information

Understanding how your data is used within Cleft is crucial. Here's a transparent breakdown:

Enhancing Your Experience

• Service Delivery: Your information is primarily used to deliver the Cleft service to you, from transcribing your voice memos to personalizing your user experience.

Improvement and Innovation

• Feedback Loop: We analyze how you interact with Cleft to address your needs better, fix what doesn't work, and innovate where we can.

Communication

• Updates and Support: We use your contact details to send you important service updates, respond to your support requests, and engage with you based on your feedback and suggestions.

Safety and Compliance

• Security Measures: To keep Cleft safe, we use your data to help protect against fraud, abuse, and misuse, in accordance with legal requirements.

Your Consent

• Sharing With Consent: We will not share your personal data with third parties without your explicit consent, except where required by law.

By using Cleft, you trust us with your information. We're committed to using this data responsibly, to improve your experience and the services we provide.

6 | Third-Party Providers and Subprocessors

At Cleft, we place great value on your privacy and the protection of your personal data. To enhance our services while maintaining the highest standards of privacy, we engage with a carefully selected group of third-party providers and subprocessors. These entities play a pivotal role not only in the operational excellence of Cleft but also in upholding our privacy commitments to you.

Why We Work With Them

• Specialized Services: Our partners bring specialized expertise and services that are essential for various aspects of Cleft's operations, from infrastructure management to customer support.
• Performance and Reliability: They help us ensure that Cleft is always performing at its best, with reliability you can count on.
• Innovation and Improvement: Through collaboration, we leverage the latest technological advancements to continually improve our services.

Our Standards for Partners

• Privacy by Design: We select partners who prioritize privacy at the core of their services, aligning with our own privacy-by-design philosophy.
• Data Protection Compliance: Each partner is evaluated to ensure they adhere to strict data protection standards, including GDPR and CCPA compliance.
• Security Measures: We require all partners to implement robust security measures to safeguard your data from unauthorized access or breaches.

Your Data, Respectfully Handled

Here is an overview of our trusted third-party providers, their roles in our service ecosystem, and the purpose behind our use of their services:

Vendor: Amazon Web Services

Role(s): Cloud Service Provider

Purpose: Hosting infrastructure, storing data and files securely.

Vendor Privacy Policy: https://aws.amazon.com/privacy/

Vendor: Brevo

Role(s): Customer Relationship Management (CRM) Platform

Purpose: Brevo is leveraged as a CRM tool that enables Cleft to cultivate and manage customer relationships through various communication channels such as email, SMS, and chat. It plays a role in organizing customer data and interactions, ensuring personalized and efficient communication while maintaining the privacy and integrity of customer information.

Vendor Privacy Policy: https://www.brevo.com/legal/privacypolicy/

Vendor: Fathom Analytics

Role(s): Analytics Provider

Purpose: Collects aggregated and anonymized data for website traffic analysis to help understand user interactions and improve the overall user experience without tracking individual users.

Vendor Privacy Policy: https://usefathom.com/legal/privacy

Vendor: Google Workspace

Role(s): Productivity Suite Provider

Purpose: Internal document creation and communication, user account management and email services.

Vendor Privacy Policy: https://policies.google.com/privacy

Vendor: Notion

Role(s): Productivity and Organizational Tool

Purpose: Notion is utilized as a collaborative workspace for internal documentation, task management, and project tracking, which assists in organizing and streamlining Cleft’s operational processes. Notion’s platform is employed to maintain efficiency and enhance productivity within our team, contributing to the improvement of our service offerings.

Vendor Privacy Policy: https://www.notion.so/Privacy-Policy-3468d120cf614d4c9014c09f6adc9091?pvs=4

Vendor: OpenAI

Role(s): AI Services Provider

Purpose: AI model hosting and processing for features such as natural language understanding and response generation.

Vendor Privacy Policy: https://openai.com/policies/privacy-policy

Vendor: Sentry

Role(s): Application Monitoring and Error Tracking

Purpose: Error tracking to help identify and fix issues in the app, improving user experience.

Vendor Privacy Policy: https://sentry.io/privacy/

Vendor: Slack

Role(s): Communication Platform

Purpose: Internal team communication and user support channels.

Vendor Privacy Policy: https://slack.com/trust/privacy/privacy-policy

Vendor: Stripe

Role(s): Payment Processor

Purpose: Processing payments and managing transactions securely.

Vendor Privacy Policy: https://stripe.com/ie/privacy

Vendor: Tally

Role(s): Survey and Form Builder Tool

Purpose: Form management, conducting surveys and collecting user feedback for service improvement.

Vendor Privacy Policy: https://tally.so/help/privacy-policy#:~:text=Tally does not sell personal,Deliver our service to you

Vendor: Webflow

Role(s): Web Development Platform

Purpose: Website hosting and content management system; used to create and maintain the service's website, which may include forms for user registration, feedback, and support inquiries.

Vendor Privacy Policy: https://webflow.com/legal/privacy

Vendor: Zapier

Role(s): Automation Platform

Purpose: Zapier acts as an intermediary that integrates Cleft with over 2,000 web services, enhancing productivity through automated workflows. It enables users to connect Cleft to their preferred apps and services.

Vendor Privacy Policy: https://zapier.com/privacy

‍

By being transparent about our use of third-party providers, we aim to earn and keep your trust. We understand that these partnerships are integral to delivering a seamless experience while also respecting and protecting your data.

7 | Data Collection and Usage

Your Information, Your Control

At Cleft, we respect that your thoughts and voice memos, which we term "thoughts," are your own. We're committed to ensuring they remain private and under your control. Here's how we handle your information:

• Encrypted for Your Eyes Only: We protect your thoughts with end-to-end encryption during transmission, ensuring they're for your eyes only.
• Local Processing: Your thoughts are processed on your device using advanced Whisper technology, meaning the audio files stay with you.
• Selective Sharing: We send only the text transcripts, not the audio files, to OpenAI, upholding your voice privacy.

Privacy of Notes

• By Default, It’s Just for You: All notes are private unless you decide to share them. They’re accessible only to you by default.
• Sharing on Your Terms: If you choose, you can share your notes with a shareable link. Once you share, anyone with the link can access these notes.
• In Your Hands: You have full control. At any point, you can retract access by removing the shareable link through the Cleft app.

How We Use Your Data

• To Serve You: We use your information to provide and manage the Cleft services you know and love.
• To Improve and Innovate: We analyze how you use Cleft to make it better, more intuitive, and more responsive to your needs.
• To Connect with You: We communicate with you about important updates and are here to help when you reach out to us with questions or need support.
• To Protect You: We take proactive steps to keep Cleft secure and guard against unauthorized access or misuse of your data.
• To Comply and Cooperate: We may use your data to comply with laws and cooperate with regulators and law enforcement bodies when required.

Your data enables us to provide a seamless Cleft experience while prioritizing your privacy and control at every turn.

8 | GDPR and CCPA Compliance

In our digital world, your privacy rights are more important than ever. That's why at Cleft, we've tailored our practices to align with two of the most rigorous privacy laws out there: the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Commitment to International Standards

• Adherence to Regulations: Our commitment goes beyond just following the rules. We actively design our services to meet the high standards set by GDPR and CCPA. This means considering your privacy at every step, from collecting data to creating new features.

Your Empowerment

• User Rights Under GDPR and CCPA: We don't just protect your data; we ensure you're in the driver's seat. Under these regulations, you have the right to:
• Access: Ask us for details about the personal data we hold about you.
• Correction: Update or correct any incorrect personal data.
• Deletion: Request that we delete personal data in certain circumstances.
• Portability: Obtain a copy of your data in a machine-readable format.
• Object: Challenge certain types of processing or uses of your data.
• Restriction: Limit how we use your data while keeping your account active.

Transparency and Action

We believe in transparency and are proactive in our approach to compliance. If you want to exercise any of your rights or have questions about our data protection practices, our team is here to help. We're committed to responding to your requests promptly and respectfully, ensuring that your data is managed in accordance with your wishes and legal rights.

9 | Information Sharing and Disclosure

Your trust is the cornerstone of our service, which is why we approach the sharing and disclosure of your information with the utmost caution and clarity.

Controlled Sharing

• With Your Permission: Your personal data is shared only when you've explicitly agreed to it. This might be for features that require interaction with third-party services or when you've chosen to use integrations that enhance your Cleft experience.
• For Service Provision: We share information with trusted partners who help us provide and improve our services. These partners are bound by confidentiality agreements and are strictly monitored for compliance.

Legal Compliance and Safety

• Legal Requests: If the law says we must, we may disclose your information to authorities. This could be in response to legal processes or to comply with statutory obligations, such as a court order or a government investigation.
• Safety and Protection: To ensure the safety and integrity of our services, we may share information if we believe it’s necessary to detect, prevent, or address fraud, security, or technical issues, or to protect against harm to the rights, property, or safety of Cleft, our users, or the public as required or permitted by law.

Partnerships and Corporate Transfers

• Service Providers: We engage certain trusted third parties to perform functions and provide services to us. We share your personal data with these service providers, but only to the extent necessary to perform these services.
• Business Transfers: In the event that Cleft is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be sold or transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

Transparency

Whenever we share your data, we remain committed to ensuring that it’s done with your privacy as our priority. You'll always be informed about the sharing of your data, and we’ll be transparent about the parties with whom we share it and the reasons behind it.

10 | Data Security and Your Rights

In a world where data breaches are all too common, we take the security of your information seriously. Here's how we protect your data and what rights you have over it:

Our Commitment to Security

• State-of-the-Art Safeguards: We employ advanced security measures to keep your data safe. This includes using encryption, regular security audits, and industry-best practices to protect against unauthorized access or data breaches.

Empowering You

• Access and Control: It's your data, and you should have control over it. Whether you want to see what information we have, make changes to it, or delete it entirely, you can do so through your account settings.
• Privacy Preferences: We respect your privacy preferences. You can adjust your settings to control the visibility and accessibility of your information within Cleft.

Proactive Protections

• Continual Monitoring: Our security team is on guard, monitoring for potential threats and taking immediate action to address any vulnerabilities.
• Regular Updates: We keep our security systems up to date and refine our protocols regularly to stay ahead of new threats.

Your Rights, Respected

• Right to Know: You have the right to know what personal data we hold about you.
• Right to Amend: If any information is incorrect, you have the right to have it rectified.
• Right to Withdraw: You can withdraw consent for the use of your data where consent is our legal basis for processing it.
• Right to Erasure: You can request that we delete your personal data from our systems.

We're dedicated to not just responding to your requests regarding your rights but also to educating you on how to exercise them. For detailed guidance or to make a request regarding your data, please contact our privacy team at privacy@cleftnotes.com.

11 | Changes to This Privacy Policy

We know that change is constant, and that includes updating our privacy policy to keep up with new laws, technology, and the evolving needs of our community.

Keeping You in the Loop

• How We Notify You: Whenever we make changes to our privacy practices, we'll let you know by posting the updated policy on our website. Keep an eye on changelog in our privacy policy page for the latest information.
• Your Acknowledgement: By continuing to use Cleft after these changes are posted, you agree to the revised policy. We recommend checking the policy periodically so you're always aware of the most current practices.

Record of Updates

• Policy Effective Date: The current version of our privacy policy became effective on 22nd February 2024.
• Documenting Changes: We'll keep a changelog at the bottom of our policy page, so you can easily see what's been updated.

Remember, your privacy is important to us, and we aim to be as transparent as possible about how we protect your data.

12 | Effective Date

Our privacy policy is designed to keep you informed and your data protected.

Current Version: This policy is effective as of 22nd February 2024.

Any future changes or updates to our privacy policy will be reflected in this section, along with an updated effective date.

Remember, using our services after the effective date constitutes acceptance of our new terms. Should you have any questions about these changes, we're here to answer them at privacy@cleftnotes.com.

13 | Additional Provisions for CCPA Compliance

Cleft respects the privacy of all our users, and we are particularly aware of the rights granted under the California Consumer Privacy Act (CCPA). We've taken careful steps to ensure our compliance with the CCPA and to provide California residents with the rights outlined by the law.

CCPA Rights

As a California resident, the CCPA provides you with the following rights:

• Right to Know: You can request information about the specific pieces of personal data we have collected about you, along with the categories of data, the sources from which the data was collected, the purposes for which we use the data, and the categories of third parties with whom we share the data.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions outlined by the CCPA.
• Right to Opt-Out: You can direct us not to sell your personal information. Cleft does not sell personal information, and we will treat requests to opt-out as requests to opt into privacy protection levels that prevent any future sale.
• Right to Non-Discrimination: Exercising your CCPA rights will not result in any discriminatory treatment by Cleft.

Exercising Your CCPA Rights

To exercise any of these rights, please contact us at privacy@cleftnotes.com. We will verify your request using the information associated with your account, including email address. Consumers can also designate an authorized agent to exercise these rights on their behalf.

California 'Shine the Light' Law

In addition to CCPA, California's "Shine the Light" law permits residents to request and obtain from us once a year, free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year.

If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to privacy@cleftnotes.com.

Contact for More Information

If you have any questions or concerns about our CCPA compliance, our Privacy Team is ready to assist you at privacy@cleftnotes.com. We're committed to protecting your privacy and ensuring you feel confident about the security of your personal information with Cleft.

14 | Additional Provisions for GDPR Compliance

Cleft recognizes and upholds the General Data Protection Regulation (GDPR) requirements to ensure the privacy and protection of personal data for individuals within the European Union (EU) and European Economic Area (EEA).

GDPR Rights

Under GDPR, you are afforded comprehensive rights over your personal data:

• Right of Access: You can request access to your personal data that Cleft processes and obtain a copy of it.
• Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete personal data completed.
• Right to Erasure ('Right to be Forgotten'): You can ask for your personal data to be deleted from our systems in certain circumstances.
• Right to Restrict Processing: You may request the restriction of processing your personal data under specific conditions.
• Right to Data Portability: You can receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or when the processing is based on legitimate interests.

Exercising Your GDPR Rights

To exercise any of these rights, please reach out to us via privacy@cleftnotes.com. We will respond to your request promptly and in accordance with GDPR guidelines.

Data Protection Officer

Cleft has appointed a Data Protection Officer (DPO), Jonny Cosgrove, to oversee compliance with GDPR and to be a point of contact for data protection matters. Our DPO, can be reached at dpo@cleftnotes.com.

Additional GDPR Compliance Measures

Cleft has implemented data protection principles into our products and services from the ground up, ensuring that our users' privacy is an integral part of our business. We engage in regular reviews of our data processing activities, carry out impact assessments, and have established procedures for handling data breaches that comply with GDPR notification requirements.

Contact for More Information

For more details on how we comply with GDPR or if you have any questions regarding your rights under GDPR, please contact our Privacy Team. We're dedicated to ensuring your rights are fully honored and that your data remains secure and properly managed.

15 | Making a Subject Access Request (SAR)

Under GDPR, you have the right to make a Subject Access Request to obtain a copy of your personal data that Cleft processes. To make this as straightforward as possible:

• Access Request Form: We've created a simple form that you can use to request access to your data. This ensures that we have all the information needed to accurately respond to your request promptly.
• Submitting Your SAR: You can find the SAR form here. Once submitted, our team will review your request and get back to you within the time frame stipulated by the GDPR (for guidance, we aim to come back to you within approx 25 days).
• Assistance with Your Request: If you need any help or have questions about the SAR process, our Privacy Team is ready to assist you. Contact us at privacy@cleft.ai for support.

We're committed to providing you with full access to your data as part of our GDPR compliance efforts.

16 | Cookie Policy

Our Stance on Cookies

At Cleft, we value simplicity and transparency. In line with our commitment to protect your privacy, we want to be clear about our use of cookies.

No Cookies Collected

• Zero Cookies: We do not collect cookies of any kind. This means when you use Cleft, we don't store any data in your browser or track your activity through cookies.

Why No Cookies?

• Privacy by Design: Our service is built with your privacy at its core. Avoiding cookies means one less way your data could be at risk.
• Simplicity: We believe in keeping things straightforward for our users, and that includes a no-cookie policy for a cleaner, faster, and more private experience.

What About Third-Party Services?

• Third-Party Sites: While Cleft itself does not use cookies, third-party services integrated with Cleft may have their own cookie policies. We recommend reviewing the privacy policies of any third-party services you interact with, listed above.

Updates to Our Cookie Policy

• Staying Informed: If our policy on cookies changes, we will update this page to keep you informed. Your continued use of Cleft after any changes indicates your acceptance of our new policy.

For any questions about our cookie policy, please reach out to us at privacy@cleftnotes.com.

17 | Change Log

Keeping our users informed about changes to our privacy policy is important to us. Below you will find a record of amendments and updates made. We recommend you do read the updated policy in full upon release.

1.0 | December 27, 2023

• Inaugural Privacy Policy: Established the first version of our comprehensive privacy policy.

1.1 | February 22, 2024

• Pre-Release Updates: Made necessary revisions to our privacy policy to reflect the latest product functionalities and ensure full alignment with our upcoming release. Subject Access Request form added.

‍