Your meetings are confidential by design.

What’s true today

The current build is local-only. There is no database. Sessions live in the dev server’s memory and are gone the moment the process restarts. There are no analytics SDKs, no error trackers, no third-party scripts on any page. Nothing you say in a meeting leaves the machine running Clearly except the calls you yourself authorize: your transcript chunks go to your Deepgram endpoint, your tick payloads go to your Anthropic endpoint. Clearly itself does not see, store, or proxy that traffic.

User-managed preferences (color tags on clients, manual ordering, scheduled meetings, recipe drafts) live in your browser’s localStorage — never sent to a server.

Bring your own key — your data, your contract

Live mode runs against your own Anthropic and Deepgram API keys. The relationship that governs your meeting data is the relationship between you and Anthropic, not the one between you and Clearly. We never see the keys, the prompts, or the model responses — they travel directly from your browser session to the API endpoints you signed up for.

For an agency considering this for client work, BYOK has a quiet but important consequence: your client’s words never enter our infrastructure, so they can’t be subpoenaed from us, leaked from us, or used by us. The data handling you’ve already negotiated with Anthropic is the data handling that applies.

Anthropic’s default protections

Anthropic’s commercial API is the data plane Clearly runs on. As of April 2026, three defaults are in force on every paid API call without any extra agreement:

• No training on customer data. Inputs and outputs from commercial API traffic are not used to train Anthropic models. (The same is true for Claude Code and any product that uses your commercial-org API key.)
• 30-day backend auto-delete. Anthropic deletes inputs and outputs from its backend within 30 days of receipt or generation, except where retention is required to enforce its Usage Policy or to comply with law.
• No prompt logging for the user. The Anthropic console exposes your own usage to your team; prompts and completions aren’t shared back to anyone outside your organization.

Authoritative source: Anthropic Privacy Center · How long do you store my organization’s data?

Enterprise — Zero Data Retention

For agencies handling regulated client work — pharma, legal, financial services, government — the 30-day default is often still too long. Anthropic offers Zero Data Retention (ZDR) agreements to qualifying enterprise customers: under ZDR, Anthropic does not store inputs or outputs at all, except as strictly required to enforce its Usage Policy or comply with law. The agreement applies to the eligible Anthropic APIs and to any product (including Claude Code) called with your commercial-org API key.

Clearly’s recommended Enterprise posture is a stack of three things, each owned by you:

1. Your Anthropic Enterprise plan with a Zero Data Retention agreement signed directly with Anthropic. Your prompts and completions never persist on their backend.
2. Your Deepgram Enterprise plan with the equivalent retention controls and a member-scoped key. Audio is processed and discarded.
3. Clearly self-hosted on your infrastructure (or a managed deployment in your region). The application itself stores no client content outside the user’s own browser plus an encrypted per-account vault.

With this stack: meeting transcripts and brief content travel from the meeting room to your Anthropic endpoint and nowhere else. No copy lives at Anthropic, none at Deepgram, none at Clearly.

Authoritative source: Anthropic Privacy Center · Zero retention agreement scope.

Encryption

Any content Clearly does persist on behalf of an account — the user-managed vault: scheduled meetings, client preferences, recipes, brief drafts — is encrypted with AES-256 at rest and scoped per account. Encryption keys are derived per-tenant; cross-tenant access is impossible at the storage layer, not just the application layer.

In transit, every connection — browser to Clearly, Clearly to Anthropic, Clearly to Deepgram — runs over TLS 1.3.

Data residency

Anthropic’s commercial API runs on Microsoft Azure globally; data residency commitments are negotiated per-customer via the Anthropic Enterprise plan. Clearly customers who need residency in a specific jurisdiction (EU, US, UK, Switzerland) can request the corresponding region in their Anthropic agreement; Clearly’s own deployment will follow.

Default offered configurations:

• Americas: US-based processing through your Anthropic Enterprise agreement.
• Europe: EU-based processing on request via your Anthropic Enterprise agreement.

For HIPAA-covered work, Anthropic’s native API is now an Eligible Service under a Business Associate Agreement (BAA) without requiring a separate ZDR agreement. Anthropic Privacy Center · BAA scope.

What we never do

• We do not train on, mine, or aggregate your meeting content. Cross-customer learning is not how Clearly improves; the prompt-craft is our work, not your transcripts.
• We do not sell, rent, or trade meeting data, contact lists, or any derived insights.
• We do not embed third-party trackers, analytics SDKs, ad pixels, or session replay tools on any page where meeting content can appear.
• We do not require account creation to evaluate the product. The deterministic demo runs from a clean clone with no identity attached.

Reporting a concern

If you believe a privacy issue exists in Clearly’s code, its prompts, or its handling of your data, please open an issue on the public repository or email the project maintainer. Security-sensitive disclosures should be sent privately first. Open an issue.

Status of this page

Clearly is a hackathon-scope project at the time of writing. The “What’s true today” section describes the current build literally; the Enterprise sections describe the posture an Enterprise customer would receive once that tier ships. Anthropic-side claims are quoted from their published documentation as of April 2026 and link out to authoritative sources. This page is the editorial expression of intent — a binding privacy notice and DPA would be separate documents agreed at contract.