Clearly — Trust Overview
For the legal and IT teams of agencies evaluating Clearly. Version 1.1 (draft) — [DATE]
Clearly transcribes client meetings and builds the project brief live. We know exactly what that means: you are deciding whether to let a tool listen to the most confidential conversations your agency has. This page states, in plain language, what the system does — each claim is implemented in the architecture, not just promised in a policy.
The six facts that matter
1. Audio is never stored — and never even reaches our servers. The facilitator's browser streams audio directly to our speech-to-text provider (Deepgram) over an encrypted connection, authorized by a single-use token that expires in seconds. There is no audio file. There is nothing to leak, subpoena, or "accidentally retain."
2. A human gates everything a client sees. The AI suggests; the facilitator decides. Nothing — no flag, no note, no field — appears on the shared client display unless the facilitator explicitly surfaces it. This is enforced on the server: the display screen is technically incapable of receiving unsurfaced content, because it is served by an endpoint that filters it out before it leaves the backend.
3. Your meetings never train AI models. Our agreements with OpenAI (analysis) and Deepgram (transcription) exclude customer content from model training. Transcripts are processed to build your brief, returned, and stored only in your workspace.
4. Workspaces are isolated twice. Every database row is protected by row-level security tied to workspace membership, and every API route independently re-checks membership before acting. Two layers, so a bug in one is caught by the other. Sessions, transcripts, briefs, clients, and billing are all scoped this way.
5. We never see payment data. Checkout and subscription management run on Stripe's hosted surfaces. Card numbers never touch Clearly.
6. Your data lives in the EU — and you decide how long it lives. Everything stored — transcripts, briefs, accounts — sits in Ireland (AWS eu-west-1); application compute runs in Dublin. Deletion is self-service at every level: per session (transcript, brief, and record gone; the billing entry survives content-free), per client, per workspace, per account. A workspace retention policy can auto-delete transcripts after a number of days you choose, keeping the briefs — enforced nightly, no ticket required.
Who processes what
| Stage | What leaves your workspace | Who receives it | Where |
|---|---|---|---|
| During the meeting | Audio stream (transient) | Deepgram (STT) | USA, SCCs + Swiss addendum, model-improvement program opted out in every connection |
| Every ~30s during the meeting | Transcript text + brief state | OpenAI (analysis) | USA [EU residency under evaluation], no training, limited retention |
| Storage | Transcript, brief, summaries | Supabase (database) | EU — Ireland (AWS eu-west-1), encrypted at rest |
| Compute | Application requests | Vercel (hosting) | Dublin (dub1); static assets via global edge |
| Payments | Billing identity | Stripe | Stripe DPA |
| Optional | Calendar events you connect | Microsoft (your own tenant) | Your M365 region |
Full list with transfer mechanisms: SUBPROCESSORS.md / DPA Annex B. Cross-border transfers rely on the Swiss–U.S. and EU–U.S. Data Privacy Frameworks for certified providers, otherwise on EU Standard Contractual Clauses with the Swiss addendum (UK: UK Addendum / Data Bridge).
Consent, because Switzerland takes it seriously (and US states do too)
Recording a private conversation without everyone's express consent is a criminal offense in Switzerland (Art. 179ter Criminal Code), and several US states (California, Washington, Florida, Illinois, and others) require all-party consent as well. We treat live transcription the same as recording and built the product around announced, affirmed consent: notice templates for invitations and meeting openings (EN/DE/FR), the live brief visible to participants as ongoing transparency, contractual obligations on every customer to obtain all-party consent before starting a session, and a consent confirmation step in the pre-session flow that records the facilitator's confirmation with a timestamp. One practice satisfies every all-party regime. Details: Meeting Participant Notice.
AI posture
- Suggestions, not decisions: every AI output is reviewed by the facilitator; no automated decision-making with legal effect.
- Every brief field cites the verbatim sentence it came from — provenance is a product feature, not an audit afterthought.
- AI-assisted content shown to meeting participants is labeled ("built with Clearly"), in line with the EU AI Act's transparency obligations applicable from August 2026. Switzerland currently has no AI-specific statute; we follow the FDPIC's position that data protection law fully applies to AI processing.
Data lifecycle
- Live: session state in memory + your workspace's database.
- After the meeting: brief, transcript, and summary persist in your workspace until you delete them — per session, per client, or by retention policy (auto-delete transcripts after N days, briefs kept, enforced nightly).
- Deleting a session removes transcript, brief, and meeting record; only a content-free billing-ledger entry (minutes, timestamps) survives. Deleting a client keeps its meetings, detached.
- Offboarding: workspace deletion (owner, type-to-confirm) and full account deletion are self-service; post-termination export window and deletion timelines in ToS §10 / DPA §8.
Compliance documents
- Privacy Policy (FADP / GDPR / UK GDPR / CCPA-CPRA)
- Terms of Service (Swiss law, B2B, worldwide)
- Data Processing Agreement + TOMs (incl. CCPA service-provider terms)
- Subprocessor list (public, with change notification)
- Meeting Participant Notice (EN/DE/FR + US state guide)
- Regional privacy notices (CH / EU / UK / US / world)
- Infrastructure attestations: SOC 2 reports of our database and hosting providers available on request. [Clearly's own SOC 2 / ISO 27001: state roadmap honestly here.]
Questions from your counsel or security team: [trust@clearly.app]. We answer security questionnaires for Team and Enterprise plans.
Draft for counsel review; bracketed items to be resolved before publication.