Privacy Policy
This Privacy Policy explains what Clozely LLC (“Clozely,” “we”) collects when you use the Clozely desktop application and clozely.app (the “Service”), why, and the choices you have.
1. Information we collect
Account information. When you sign in, we receive your email address and a stable account identifier from your identity provider (Google or Apple), or the email you verify via a sign-in link. If you use Apple’s “Hide My Email,” we store the relay address Apple provides.
Student verification. If you request student pricing, we collect your academic email address and the fact and date of verification.
Billing information. Purchases are processed by Lemon Squeezy, our merchant of record. We receive order and subscription metadata (plan, status, renewal dates, order identifiers) — we never receive your card number.
Documents and study content.
- Documents you open in Clozely are read and rendered locally on your device. We do not receive them unless you invoke an AI feature.
- When you use AI card generation, the text you selected (or the document excerpt needed for your request) is sent to our servers and processed by our AI infrastructure provider to produce the cards you asked for, then discarded. We do not retain your documents, the cards you accept or edit, or any cards you create manually.
- When you export cards or send them to Anki, and when you open PowerPoint files, the content involved (card text and images, or the presentation file) is transmitted to our servers for processing and returned to you. This content is processed transiently: it is not stored, logged, or retained after your request completes.
- We keep anonymous aggregate counts of how many AI cards are accepted, edited, or rejected (totals only — no content, not linked to any account) to monitor generation quality.
- When you reject an AI-generated card, we keep that card and a short, automatically redacted excerpt of the surrounding source text for up to 7 days to improve quality, then delete it automatically. You can delete it sooner in Settings → Privacy.
Usage and quota data. Card counts, AI generation counts, plan entitlement checks, timestamps, and the app version — what’s needed to enforce plan limits and keep the Service working.
Crash and diagnostic data. If the app or our server crashes, a report is sent to Sentry. Reports are scrubbed of document text and personal data before transmission to the extent technically feasible.
Waitlist and correspondence. If you join the waitlist or email support, we keep that email address and the correspondence.
Beta agreement acceptance. If you take part in the beta, when you accept the Beta Tester Agreement in the app we record that you accepted it, which version, and the date/time, together with the IP address and app/device user-agent of that request. This is kept as a legal record of your acceptance.
What we do NOT collect: advertising identifiers, browsing history outside the app, contacts, or location. The public website sets no analytics cookies and loads no third-party trackers.
Waitlist
If you join our pre-launch waitlist on clozely.app, we store the email address you submit, the date and time, the page you submitted it from, your browser’s user-agent string, and your IP address. We use this only to notify you when the product is ready and to understand and protect signup volume. To be removed, reply to the confirmation email or contact support@clozely.app; we delete your waitlist record (including the IP address) on request.
2. How we use information
- Operate the Service: accounts, sign-in, syncing entitlements, enforcing quotas, generating cards you request.
- Billing: provisioning purchases made through the merchant of record.
- Communications: transactional email (sign-in links, verification, receipts, student-status reminders), beta or launch announcements you signed up for, and replies to your support requests.
- Quality and safety: diagnosing crashes, preventing abuse and fraud, monitoring AI generation quality via anonymous aggregate accept/reject counts.
- Legal compliance.
We do not sell personal information or share it for cross-context behavioral advertising.
3. AI processing
AI card generation runs on enterprise AI infrastructure (currently Google Cloud Vertex AI). The excerpt you submit is processed to generate your cards. Our infrastructure agreements do not permit the provider to use your content to train their general-purpose models.
4. Legal bases (EEA/UK users)
Where GDPR applies, we process data under: contract performance (accounts, billing, providing features you invoke), legitimate interests (security, anti-abuse, product diagnostics), consent (marketing emails, optional feedback), and legal obligation (tax and accounting records).
5. Sharing
We share personal data only with the service providers in §8 (acting on our instructions), with the merchant of record (acting as an independent controller for the purchase), to comply with law, or in connection with a merger/acquisition (in which case this policy continues to apply until amended with notice).
6. Your choices and rights
- Access, correction, export: contact support@clozely.app.
- Account deletion: request deletion in the app or by email. Deletion cancels active subscriptions, removes your account record, sign-in sessions, stored study content, and AI-related records, and anonymizes residual data — except records we must keep (e.g., tax/transaction records, kept by the merchant of record and us for statutory periods).
- Marketing email: every non-transactional email includes unsubscribe.
- Depending on your jurisdiction, you may also have rights to object, restrict, or lodge a complaint with a supervisory authority.
7. Retention
- Account and entitlement data: while your account exists, then deleted or anonymized via the deletion flow.
- AI generation records: a billing/quota row per request (counts, tokens, cost — no document or card content), retained while your account exists.
- Anonymous accept/edit/reject counts: retained as aggregate totals (no identity, no content).
- Rejected-card captures (the rejected card + a redacted source excerpt): automatically deleted after 7 days, or sooner if you delete them in Settings → Privacy.
- Reported cards (cards you explicitly flag): retained for review.
- Beta-agreement acceptance record (that you accepted, which version, when): retained as a legal record, and kept even after account deletion for the applicable limitations period; the associated IP/user-agent metadata is deleted or anonymized on account deletion.
- Crash reports: per Sentry retention settings (90 days or less).
- Transaction records: up to 7 years (tax law).
- Waitlist emails: until launch outreach completes or you ask to be removed.
8. Service providers
| Provider | Purpose | Data touched |
|---|---|---|
| Fly.io | API and website hosting | requests to our servers |
| Neon | database hosting | account, entitlement, usage data |
| Cloudflare | DNS, email routing, object storage (R2) | requests; stored study artifacts |
| Google Cloud (Vertex AI) | AI card generation | text excerpts you submit |
| Lemon Squeezy | merchant of record | billing details (independent controller) |
| Google / Apple | sign-in | identity token, email |
| Resend | transactional email | your email address, email content |
| Sentry | crash reporting | scrubbed diagnostic reports |
9. Security
Transport encryption (TLS) everywhere; tokens stored using your operating system’s secure storage on device; least-privilege access internally; secrets management and routine dependency and secret auditing. No system is perfectly secure — report vulnerabilities to security@clozely.app.
10. Children
The Service is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, contact support@clozely.app and we will delete it.
11. International transfers
We are a US-based service; data is processed in the United States (and in our providers’ regions). Where required, transfers rely on appropriate safeguards such as standard contractual clauses.
12. Changes
We will post updates at clozely.app/privacy and, for material changes, notify you by email or in-app at least 14 days in advance.
13. Contact
Clozely LLC
8735 Dunwoody Place #7020
Atlanta, GA 30350
support@clozely.app