Privacy Policy — Clearune
- Effective: 15 July 2026
- Last updated: 16 July 2026
- Controller: Joanna Szamota Blackgrain Workshop
- Address: Zachodnia 24, 05-822 Milanówek, Mazowieckie, Poland
- Tax ID (NIP): 5291840195
- REGON: 521704456
- Email:
In plain language
Clearune is designed so that the journal you save is encrypted in your browser before storage. We do not hold the key needed to read that stored journal. When you ask for an AI response, the text needed for that request must temporarily be processed in readable form by our server, OpenRouter, and the selected model provider. We do not sell personal data, serve behavioural advertising, or use journal text for our own model training.
This Policy explains what we process, why, who receives it, and the choices available to you. It applies to the Clearune website and application (the Service).
1. Who is responsible
Joanna Szamota Blackgrain Workshop, Zachodnia 24, 05-822 Milanówek, Mazowieckie, Poland, is the data controller for the Service. Contact us at .
2. Data we process
Account and contract data
We process your email address, Supabase user identifier, authentication records, account timestamps, language, plan, subscription status, and evidence that you accepted the Terms and gave any required consent. Supabase handles your password and stores a password verifier; we do not receive your plaintext password.
Optional Google sign-in data
If you choose Google sign-in, Google provides Clearune through Supabase Auth with your email address, name, profile image, and provider account identifier. We use this information only to create and authenticate your Clearune account and associate the sign-in method with that account. We do not request access to Gmail, Google Drive, Google Contacts, calendars, files, or other Google account content. We do not sell Google user data, use it for behavioural advertising, or use it to train AI models.
Optional Apple sign-in data
If you choose Sign in with Apple, Apple provides Clearune through Supabase Auth with a provider account identifier and either your email address or an Apple private relay address. Apple may also provide your name during the first authorisation. We use this information only to create and authenticate your Clearune account and associate the sign-in method with that account. We do not receive your Apple Account password or access iCloud, photos, contacts, files, purchases, or other Apple Account content.
Encryption and recovery data
Your browser creates a master encryption key. We store versions of that key wrapped under your password and recovery code, together with salts and technical key metadata. We do not store the recovery code itself. The unlocked key may be held in your browser's session storage so the journal remains open during that browser session.
Encrypted journal content
The following are encrypted in your browser before being stored in Supabase: entries and AI replies, memory summaries, moods, reflections, reports, margin notes, letters, dream readings, volume prefaces, gifts, attachment captions, and uploaded photo or audio bytes. We store ciphertext plus limited metadata needed to organise it, such as record ID, account ID, date, content type, file type, storage path, and timestamps.
Because we do not possess your unwrapped key, we cannot routinely read or recover this stored content. Encryption does not prevent processing you actively request while the text is temporarily decrypted in your browser and sent for AI processing.
AI request content
When you request an AI response, memory, reflection, report, mood reading, dream reading, or embedding, we process the relevant text and context in readable form over TLS. This may include current writing, prior AI replies, and relevant memory summaries selected in your browser. The request and output are processed by OpenRouter and a downstream model provider. We do not write that plaintext to our journal database.
Sensitive data
Journals may reveal health, racial or ethnic origin, political opinions, religion or beliefs, trade-union membership, sexuality, or other information protected as a special category under Article 9 GDPR. We do not ask you to include it. If you choose to do so, we process it only to store your encrypted journal and provide the AI features you request, on the basis of your separate explicit consent. See Section 5.
Please avoid entering another person's sensitive information unless you have a lawful reason to do so. You are responsible for the personal data about other people that you choose to include.
Embeddings and derived signals
The Service may create numerical embeddings from memory summaries to find relevant past context. Embeddings are not readable sentences, but they are derived from your writing and may reveal information. They are stored without the journal encryption layer and are treated as sensitive personal data. We also create coarse mood signals and other derived reflections; those stored results are encrypted.
Billing data
If you buy a subscription or Ink Pack, Stripe processes your payment method, billing details, transaction, tax, invoice, and fraud-prevention information. We receive Stripe customer and subscription identifiers, plan, payment or subscription status, and renewal period. We do not receive full card numbers.
Usage, security, and diagnostics
We process response counts, token counts, plan entitlements, rate-limit records, security signals, timestamps, IP address and request/device information needed to deliver and protect the Service. Technical error reports may contain the error type, truncated message and stack trace, page path, diagnostic identifier, and browser user-agent. Error reporting is designed not to include journal text, email, or account ID.
If you report an AI reply, we receive the selected reason and any note you type. The reported reply excerpt is included only if you actively choose to share it.
Optional product analytics
With your consent, we record a limited set of first-party product events such as signup, first entry, paywall display, upgrade click, personality change, or referral-link copy. An event contains its name, timestamp, small permitted properties such as plan tier, and your account ID when you are signed in. It never contains journal text, prompts, AI replies, email, or advertising identifiers. This is account-linked or pseudonymous analytics, not anonymous analytics.
Optional weather and device permissions
If you enable real-weather ambience, your browser requests location permission and sends coordinates directly to Open-Meteo. We do not receive or store the coordinates. Open-Meteo receives the network request under its own privacy terms. If you use voice input, audio is handled by your browser and encrypted attachment flow as shown in the interface; we do not use it for voice identification.
Legacy waitlist and referrals
If you previously joined a waitlist, we may hold the email address you submitted. If you arrive through a referral link, your browser temporarily stores the referral code and sends it when you create an account so the referral can be credited.
3. Why and on what legal basis we process data
| Purpose | GDPR legal basis |
|---|---|
| Create and authenticate an account; store and retrieve encrypted content; provide requested AI, export, account, and billing features | Performance of our contract, Article 6(1)(b) |
| Process journal content that may contain special-category data | Your explicit consent, Articles 6(1)(a) and 9(2)(a) |
| Optional product analytics | Your consent, Article 6(1)(a) |
| Security, fraud and abuse prevention, rate limiting, service diagnostics, and enforcing our Terms | Our legitimate interests in operating a secure and reliable service, Article 6(1)(f) |
| Invoices, tax records, lawful requests, and handling legal claims | Legal obligation, Article 6(1)(c), or legitimate interests, Article 6(1)(f) |
| Respond to privacy, support, and complaint requests | Contract, legal obligation, or legitimate interests, depending on the request |
Where we rely on legitimate interests, we balance those interests against your rights and limit the data to what is reasonably necessary.
4. AI processing and human review
OpenRouter routes AI requests to model providers. OpenRouter states that prompt and completion logging and use for product improvement are off by default, but downstream providers have their own retention and abuse-monitoring rules. We do not opt in to prompt logging or authorise use of your journal for model training. Provider-side processing may include short security or legal retention where the chosen endpoint permits it. Current details are available in OpenRouter's data collection documentation and provider policy documentation.
Authorised personnel do not have routine access to encrypted journals. Human review is possible only for information you deliberately send outside the encrypted journal, such as a support message, a report note, or an AI excerpt you choose to include in a report.
AI outputs are generated automatically, but the Service does not make decisions that produce legal or similarly significant effects about you. The distress-language feature may display crisis resources; it does not diagnose you and we do not store a user-level record that it triggered.
5. Your explicit consent for sensitive journal data
At signup, we ask separately for explicit consent to process sensitive information you may choose to include, solely to store the encrypted journal and generate requested AI reflections. We record the consent time and notice version.
You may withdraw this consent at any time by deleting your account, or by contacting us. Because processing the journal is the core purpose of the Service, withdrawal means we must stop providing journal processing and erase the account, subject to legal retention exceptions. Withdrawal does not affect processing already carried out lawfully.
6. Cookies and browser storage
We use essential authentication and browser storage. Optional product analytics is off until you allow it. There are no advertising cookies or cross-site trackers. You can refuse optional analytics as easily as accepting it and change the choice from Cookie preferences in the footer. The choice expires after six months so we can ask again.
See the Cookie & Storage Notice for names, purposes, and durations.
7. Who receives data
| Recipient | Purpose and data |
|---|---|
| Google LLC | Optional Google account authentication; basic account and profile information only when you choose Google sign-in |
| Apple Inc. and relevant affiliates | Optional Apple account authentication; provider identifier, email or private relay address, and first-authorisation name where supplied |
| Supabase, Inc. | EU-region database, authentication, private object storage, encrypted journal records, account and usage data |
| Netlify, Inc. | Hosting, content delivery, serverless execution, request and security logs |
| OpenRouter, Inc. and selected model providers | Readable AI request text and output during inference; request metadata |
| Stripe group companies | Checkout, subscriptions, payment, invoices, tax and fraud prevention when you purchase |
| Upstash, Inc., if production rate limiting is enabled | Short-lived pseudonymous rate-limit key and count; no journal content |
| Cloudflare, Inc. | Turnstile bot check only when you ask to reveal the protected contact email |
| Open-Meteo | Coordinates sent directly by your browser only when real-weather ambience is enabled |
| Professional advisers and public authorities | Only where reasonably necessary for legal advice, claims, or a binding legal duty |
Our providers process data under their contracts and privacy terms. We do not sell personal data or share it for cross-context behavioural advertising.
8. International transfers
The primary Supabase project is hosted in the European Union. Some recipients, including Google, Apple, Netlify, OpenRouter, model providers, Stripe, Cloudflare, and their subprocessors, may process data outside the EEA. Where GDPR requires it, transfers rely on an adequacy decision, the European Commission's Standard Contractual Clauses, or another lawful safeguard. You may contact us for information about the safeguard relevant to a transfer.
9. Retention
| Data | Retention |
|---|---|
| Account, encrypted journal, embeddings, attachment objects, usage and entitlement data | While the account is active; erased through account deletion, subject to the exceptions below |
| Optional analytics events | Up to 13 months, then deleted or irreversibly aggregated |
| Technical error reports | Up to 30 days |
| AI response reports and voluntarily shared excerpts | Up to 12 months, or longer where needed to investigate a serious safety or legal issue |
| Rate-limit keys | Normally about 60 seconds; security logs may be retained longer by infrastructure providers |
| Referral attribution | Until signup, successful attribution, expiry, or browser-storage clearing |
| Legacy waitlist email | Until the related launch communication is complete or you ask us to delete it |
| Billing, invoice, tax, chargeback and fraud records | For the period required by tax, accounting, payment, and limitation laws |
| Support and legal correspondence | As long as needed to resolve the request and establish, exercise, or defend claims |
When you delete an account, we remove live account-linked data and encrypted attachment objects. Residual encrypted copies may remain temporarily in restricted disaster-recovery backups until the provider's backup cycle overwrites them. They are not used for ordinary processing. We may retain data where law requires it or where strictly necessary for legal claims, security, or fraud prevention.
10. Your rights
Subject to applicable law, you may request access, correction, erasure, restriction, portability, or objection; withdraw consent at any time; and complain to a supervisory authority. Where processing relies on consent or contract and is automated, you may request a portable copy.
The Account page provides a JSON export of written journal records and decrypted captions and lets you delete the account. Attachment metadata is included; media objects may need to be saved separately from the journal interface. For other information or rights, contact . We may need to verify your identity. GDPR requests are normally answered within one month.
You may complain to the President of the Personal Data Protection Office (UODO), ul. Stanisława Moniuszki 1A, 00-014 Warszawa, uodo.gov.pl, or to the supervisory authority where you live or work.
11. Security and the recovery-code limitation
We use browser-side AES-256-GCM encryption, TLS, access controls, private storage, row-level database security, rate limits, and restricted administrative credentials. No system is risk-free.
If you lose both your password and recovery code, the encrypted journal is permanently unrecoverable. We cannot bypass the encryption. Keep the recovery code secure and export important content periodically.
12. Children
The Service is for adults aged 18 or older. We do not knowingly offer it to children. Contact us if you believe a child has created an account.
13. Changes
We may update this Policy when the Service, providers, or law changes. We will post the updated date and give advance notice in the app or by email when a change materially affects your rights or choices. If a new purpose requires consent, we will ask before using data for that purpose.
14. Contact
Joanna Szamota Blackgrain Workshop · NIP 5291840195 · REGON 521704456
Zachodnia 24, 05-822 Milanówek, Mazowieckie, Poland