Legal

Privacy Policy

How Klaara collects, uses, and protects your data. We believe in transparency — no legalese, no hidden clauses.

Contents

1. Overview2. Data controller3. Information we collect4. Legal basis for processing5. How we use your information6. Who we share data with7. Data retention8. International data transfers9. Your rights10. Security measures11. Children’s privacy12. Changes to this policy13. Contact us

1. Overview

Klaara GmbH ("Klaara," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at klaara.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Data controller

The data controller responsible for your personal data is:

CompanyKlaara GmbH
AddressTorstraße 138, 10119 Berlin, Germany
Emailprivacy@klaara.com
Data Protection Officerdpo@klaara.com

3. Information we collect

Account information

When you create an account, we collect your name, email address, and authentication credentials. If you sign up via a third-party provider (e.g., Google), we receive your name, email, and profile photo from that provider.

Usage data

We automatically collect information about how you interact with the Service, including pages visited, features used, videos processed, timestamps, and referring URLs. This data is collected via server logs and privacy-respecting analytics.

Video processing data

When you submit a YouTube URL, we process the publicly available video content (transcript, metadata, thumbnails) to generate summaries. We do not download or store the video file itself. Generated summaries and notes are stored in your account.

Payment information

If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full credit card number. We receive and store a truncated card number, expiration date, and billing address for invoice purposes.

Device & browser data

We collect your IP address, browser type and version, operating system, device type, screen resolution, and language preference. This information helps us optimise the Service and diagnose technical issues.

Cookies & similar technologies

We use strictly necessary cookies to maintain your session and preferences. We use privacy-respecting analytics (no cross-site tracking). We do not use advertising cookies or sell data to ad networks. You can manage cookie preferences in your browser settings.

5. How we use your information

  • To provide, operate, and maintain the Service
  • To process YouTube videos and generate summaries, flashcards, and exports
  • To manage your account, subscription, and billing
  • To communicate with you about updates, support, and (with consent) new features
  • To monitor and analyse usage patterns to improve the Service
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our Terms of Service

6. Who we share data with

Service providers

We share data with trusted third-party providers who assist in operating the Service: Stripe (payments), Vercel (hosting), Postmark (transactional email), and cloud infrastructure providers within the EU. All providers are contractually bound to process data only on our behalf and in compliance with GDPR.

Legal requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

Business transfers

In the event of a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

We never

Sell your personal data to third parties. Share data with advertising networks. Use your content to train AI models without explicit consent. Provide data to data brokers.

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Account data is retained for the lifetime of your account plus 30 days after deletion. Generated summaries and notes are deleted within 30 days of account deletion. Usage analytics are anonymised after 26 months. Payment records are retained for 10 years as required by German tax law (AO § 147). Server logs are retained for 90 days for security purposes.

8. International data transfers

Your data is primarily processed and stored within the European Union. Where transfers outside the EU/EEA are necessary (e.g., to US-based sub-processors), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical measures such as encryption in transit and at rest.

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — restrict processing in certain circumstances
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@klaara.com. We will respond within 30 days. You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

10. Security measures

We implement industry-standard security measures to protect your data, including: encryption in transit (TLS 1.3) and at rest (AES-256), regular security audits and penetration testing, access controls with principle of least privilege, multi-factor authentication for internal systems, and automated vulnerability scanning. While no method of electronic storage is 100% secure, we strive to use commercially acceptable means to protect your personal data.

11. Children’s privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@klaara.com.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and, where appropriate, sending you an email notification. The "Last updated" date at the bottom of this page indicates when the policy was last revised. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Generalprivacy@klaara.com
Data Protection Officerdpo@klaara.com
PostalKlaara GmbH, Torstraße 138, 10119 Berlin, Germany

Also read

Terms of Service

Also read

Imprint

Last updated: February 1, 2026