Privacy Policy for Claro AI

Effective Date: 08.04.2025

1. Introduction

Welcome to Claro AI ("the App"), developed and operated by Crowd Wisdom SL ("we," "us," or "our"). We are a one-person business based in Spain, with a registered office at Rambla de Catalunya 38, 8-1, 08007 Barcelona. This Privacy Policy describes how we collect, use, store, and share your information when you use Claro AI.

By using Claro AI, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the App.

2. Data We Collect

Account Information

Authentication Data:

We use Firebase Authentication for user management. When you create an account or log in, we collect:

• Email address (for email/password, Google, Apple, and Facebook logins)
• A unique user ID (provided by the authentication provider)
• Authentication provider type (Google, Apple, Facebook, or email/password)
• Whether your account is anonymous or authenticated

Profile Information:

Stored in our Firebase Firestore database, including:

• Email address (if provided)
• Profile picture (if uploaded, stored in Google Cloud Storage in the EU region)
• Account creation date
• Last login date

Device Information

We collect your device type (e.g., Android or iOS) and a device ID for security and anti-abuse purposes. This information is stored in our Firebase Firestore database.

Subscription and Payment Information

When you purchase a subscription, we store:

• Subscription status (active, canceled, etc.)
• Subscription type (one-time or recurring)
• Purchase tokens and verification data
• Payment platform (iOS App Store or Google Play)
• Subscription start and expiration dates

Payment processing is handled via platform-specific APIs. We do not store or access your credit card or payment details.

Usage Data

We log user-specific metrics, such as:

• Total messages sent
• Total tokens used
• Total translation characters
• Total text-to-speech characters
• App settings and preferences
• Other metadata related to App usage

This usage data is associated with your user ID and stored in Google Cloud Firestore (EU region).

Retention & Periodic Review:

We retain usage data for as long as necessary for operational and analytical purposes or until you delete your account. Personal data (e.g., email, profile picture) is deleted immediately upon account deletion, although anonymized usage metrics may be retained. We periodically review our data retention practices to ensure data is not held longer than necessary.

Audio and Text Content

Processing Only, No Storage:

All audio recordings and text are processed locally for transcription, translation, and text-to-speech services. We do not store the content of your messages or recordings on our servers.

Third-Party Processing:

The necessary data (e.g., the audio or text required for processing) is transmitted in real time to our third-party service providers (OpenAI, Google, ElevenLabs, Groq, Deepgram) solely for the purpose of delivering the requested services. We ensure that only the minimum necessary data is sent and that no additional personally identifying information is included.

No Permanent Storage:

Once the processing is completed, your content is not retained by us. Only anonymized usage metadata may be stored for operational and analytical purposes, as described elsewhere in this Privacy Policy.

No Special Category Data

We do not intentionally collect or process sensitive personal data (e.g., health, biometric, or child-specific data).

Children's Data

Claro AI is not directed at or intended for use by children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

3. How We Use Your Data

Account Management:

• To authenticate you and manage your account
• To provide access to premium features based on your subscription status
• To store your optional profile information and settings

Service Provision:

• To deliver speech recognition, transcription, translation, and text-to-speech services
• To personalize your experience based on language preferences and settings

Note: When transferring data to third-party services (OpenAI, Google, ElevenLabs, Groq, Deepgram), we include only the minimum necessary information and do not transmit additional personal identifiers.

Subscription Management:

• To verify and validate your subscription status
• To process renewals and manage trial periods

Analytics and Improvements:

We use Firebase Analytics (and potentially Google Analytics in the future) to understand user interactions and improve the App

Usage data assists with performance evaluation, issue detection, and technical problem diagnosis

Anti-Abuse and Security:

The device ID and other security-related data are used to detect and prevent fraudulent or malicious activities and ensure platform integrity

Future Marketing Efforts:

Currently, we do not share personal data with marketing providers. In the future, should we initiate marketing activities that involve data sharing with third parties (e.g., for newsletters or promotional materials), such sharing will be subject to strict contractual obligations and standard safeguards. Any changes will be reflected in an updated Privacy Policy.

4. Data Sharing and Transfers

Third-Party Services

Google Firebase:

We use Firebase for authentication, Firestore for our database, Firebase Analytics, and cloud functions. All personal data is stored on servers in the EU.

Payment Processors:

Subscription payments are processed through the iOS App Store or Google Play. We do not store your payment details.

API Services:

For core functionality such as transcription, translation, and text-to-speech, we utilize:

• OpenAI (transcription, translation, TTS)
• Google (translation)
• ElevenLabs (TTS)
• Groq (transcription)
• Deepgram (transcription)

Only the necessary text or audio data is transmitted to these providers, and we do not include additional personally identifying information.

International Data Transfers

While we aim to keep personal data within the EU, some service providers (e.g., OpenAI, Groq, ElevenLabs) may process data outside the EU/EEA. We ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to comply with GDPR requirements.

No Unauthorized Sharing

We do not sell or rent your personal data.

Your data will only be disclosed if required by law, court order, or valid governmental request.

5. Security Measures

We rely on Google Cloud (Firebase/Firestore) and reputable third-party providers to host and secure our data.

Security practices include:

• Encryption in transit using HTTPS
• Firebase Authentication for secure user management
• Firestore security rules to restrict data access
• Strict internal access controls on personal data

We continuously review our security measures and update them as necessary to meet industry standards.

6. User Rights and Data Deletion

Access, Correction, and Deletion:

You may request access to, correction of, or deletion of your personal data by contacting us at contact@allclaro.com.

You can delete your account at any time via the App settings. Upon deletion:

• Authentication data is removed from Firebase Authentication
• Personal profile data is deleted from Firestore
• Subscription information is retained for record-keeping requirements
• Usage data may remain in anonymized form for analytical purposes

No Download Option:

We do not currently offer an in-app "download my data" feature. Please email us if you wish to exercise data access or portability rights.

Objection and Restriction:

If you are subject to the GDPR, you have the right to object to or restrict certain processing activities. Please contact us to discuss any concerns.

7. Cookies and Tracking Technologies

We do not currently use cookies or similar tracking technologies in the App.

Our website, however, may implement cookies in the future for functionality and analytics. When this occurs, a separate cookie policy and notice will be provided, and this Privacy Policy will be updated accordingly.

8. Disclaimer of Liability

Third-Party Services:

We rely on external APIs (OpenAI, Google, ElevenLabs, Groq, Deepgram) for transcription, translation, and text-to-speech services. We are not responsible for the accuracy, reliability, or content provided by these services.

No Automated Decision-Making:

We do not use your data for automated decision-making or profiling that would produce legal or similarly significant effects.

No Warranty:

We make no warranty or guarantee regarding the accuracy of any transcriptions, translations, or text-to-speech outputs.

9. Data Breach Response

In the unlikely event of a data breach involving personal data, we will follow a standard process that includes:

Immediate Investigation: Assessing and containing the breach as soon as it is detected.

Notification: Promptly notifying affected users and the relevant supervisory authorities, as required under GDPR or other applicable laws.

Remediation: Taking reasonable steps to mitigate any adverse effects resulting from the breach and reviewing our security measures to prevent future occurrences.

While we currently do not have a formalized data breach plan, we commit to adhering to standard best practices in the event of an incident.

10. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version will always be available in the App and on our website, and the "Effective Date" will be revised accordingly. We do not provide direct notifications of policy changes; you are responsible for periodically checking our website for updates.

We are also committed to periodic review of our data handling practices and retention schedules to ensure ongoing compliance with applicable laws and industry best practices.

11. Contact Information

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact:

Claro AI (Crowd Wisdom SL)
Rambla de Catalunya 38, 8-1
08007 Barcelona, Spain
Email: contact@allclaro.com

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of Spain. Any disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts located in Spain.

Last Updated: 08.04.2025