Privacy Policy

Clarity — published by JSCreatorPro. Last updated: 3 May 2026. Effective: 3 May 2026.

This Privacy Policy explains what personal information the Clarity mobile application and related websites (together, the “Service”) collect, how we use it, and the choices you have. If you disagree with anything below, please do not install or use the Service.

We do not sell your data. Full stop. We do not sell, rent, trade, license, or disclose your personal data to data brokers, marketers, advertisers, or any third party for their own purposes. We have never done so and we never will. The only data that ever leaves our servers is the minimum technical information a specific feature needs to work (for example, your Firebase user ID so a survey provider can credit you, or a purchase receipt so the app store can confirm your subscription) — and that data is listed in §10 below.

Plain-language summary. We collect the minimum data needed for the feature you use. Many features are local-first (Browser, Downloads, GPS routes, Compass, Soundscapes, and on-device AI). Eligible wellness and productivity records can use opt-in cloud sync if you choose multi-device continuity. Cloud AI is also optional for specific actions (for example cloud TTS/STT). Content-creation outputs (Creator Studio history, PDF Studio signature vault/output state, Resume Builder drafts, and E-Sign Vault signatures) are device-local and are not cloud-synced. A small set are required for core account operation (account email, subscription state). Section §2.5 lists feature-by-feature handling. We do not run trackers, do not sell data, and we never use your content to train AI models.

Sync control summary. You decide whether eligible data stays on device or syncs to cloud. If you want the same eligible records across multiple devices, cloud sync must be turned on. Leaderboard participation requires cloud publication for ranking. StatementIQ personal history is not cloud-synced. Content-creation tool histories/outputs are also not cloud-synced.

1. Data controller

JSCreatorPro (“we”, “us”, “our”) is the data controller for personal data processed through the Service. Questions, access requests, or deletion requests: privacy@jscreatorpro.app.

2. What we collect and why

2.1 Account data

Email address & display name — to create and recover your account (Firebase Authentication).
Firebase UID — internal identifier; not PII on its own.
Subscription tier & credit balance — to enforce your plan quotas.

2.2 Content you create

Journal entries, tasks, lessons completed, flashcards, meditations finished, meal logs, weight, mood — stored on-device by default; eligible modules can sync to cloud only when you explicitly enable cloud sync.
Creator Studio output history, PDF Studio signature vault/output state, Resume Builder drafts, and E-Sign Vault signatures are stored on your device and are not cloud-synced.
Bank statements you upload for StatementIQ — processed only for the duration of parsing, then deleted. We do not store the PDF, and we do not store the filename, project metadata, or extracted transactions on our servers. Signing in from another device or the web shows an empty list — by design.

2.3 Device & permission data (opt-in, per feature)

Permission	Why we ask	Stays on device?
Microphone	Voice journal, speech-to-text, speaking practice	Yes by default (processed on your device). Cloud speech-to-text only runs when you explicitly tap “transcribe with cloud”.
Camera	Statement scan, meal scan, barcode scan, Snap & Translate, Canvas reference	ML Kit OCR/recognition runs on-device. If you choose cloud features (e.g., StatementIQ extraction, cloud translation, Canvas generation), selected media may be sent securely for processing.
Location (GPS)	Route tracker (#19)	Always. Routes are saved only in local SharedPreferences; never uploaded.
Activity recognition / pedometer	Step counting for Step-Up; also used on-device for Auto-SOS no-movement detection when that feature is enabled	Yes. Processed on-device only.
Health Connect / HealthKit	Sleep stages, heart rate, weight, exercise	Yes. Granular read-only, per permission you grant.
Notifications	Reminders, streak nudges, session summaries	Yes.
Contacts	Only asked for Secret Santa / Wishlist shares (opt-in)	Only the specific contact you choose is transmitted.

2.4 Diagnostic data

Firebase Crashlytics and Google Analytics for Firebase collect anonymous crash reports and aggregated usage counts (“opened Learn tab 4 times”). No free-text content of your notes, journals, or statements is ever included. You can disable analytics in Profile → Privacy & Sync.

2.5 Per-feature data handling — required vs optional

This is the canonical per-feature breakdown. “Required” means the feature cannot work without that data; “Optional” means you can use the feature without it (you may lose part of the experience). “On-device” means the data never leaves your phone unless an explicit opt-in cloud sub-feature is used.

Feature	Required data	Optional data	Where it lives	Retention
Account & sign-in	Email + password (or OAuth identity), Firebase UID, subscription tier	Display name, avatar	Firebase Auth + our PostgreSQL DB (asia-southeast1)	Until you delete your account
Clarity Browser (web tab)	None — browsing is anonymous and not linked to your account	Open-tab URLs (only if you enable session restore); bookmarks; lite-mode and incognito toggles	Local AES-encrypted Hive box on device only	Until you tap “Clear browser data” or uninstall
Browser safety check	None	First 5 chars of a SHA-256 URL hash, sent only when you enable the safety toggle (k-anonymity — server cannot reconstruct your URL)	Hashes processed in-memory on our edge; never logged with account	Not retained per-user
Browser Downloads (zip / mp4 / mp3 / wav / pdf / any file type)	None server-side. The OS download manager (Android `DownloadManager` / iOS `URLSession`) streams bytes direct from the source server to your device. Bytes never touch our backend.	Download history (filename, URL, size, status) stored locally only	On device only — saved files in your OS Downloads / Files app, history in encrypted Hive box	Until you tap Remove or Clear completed
Browser autofill	None	Saved passwords are stored by the OS credential manager (Android Autofill / iOS Keychain) — not by Clarity	OS keystore on device	Controlled by the OS, not Clarity
PWA install & tab groups	None	Installed-PWA list, tab-group names and colors	Local Hive box only	Until removed
Step-Up (steps, route, leaderboard)	Daily step count + activity-recognition permission for the live counter	GPS route track (local only); leaderboard publish is opt-in in Settings → Privacy → Cloud sync — when enabled we publish only your daily step count and chosen display name, never raw GPS	Steps + routes on device. Leaderboard step counts in our DB only when opted in.	Local: until cleared. Leaderboard: rolling 30 days.
SOS / Safety	None unless you trigger SOS	Emergency contacts are stored on-device by default. If you enable cloud-backed SOS/live tracking link sharing, selected contact phone details and active safety session metadata are sent to our server to deliver that feature. If you enable the optional SOS settings cloud backup (toggle in SOS Settings → Cloud Backup), your SOS configuration (emergency contacts, emergency country / number choice, and other SOS preferences) is synced to our cloud so you can restore it on a new device. This sync is off by default and requires explicit opt-in. If you enable Shake-to-SOS, the app listens to the accelerometer sensor continuously in the background while SOS is armed — this data is processed entirely on-device and is never sent to our servers. If you enable Auto-SOS (no-movement detection), the app monitors your device's motion sensors for a 10-minute window of inactivity while SOS is armed — again on-device only, nothing is transmitted unless the SOS alert actually fires.	On device by default; selected safety-session contact metadata and live-tracking data are processed server-side while active, then cleared from active tables after the session ends (event retention up to 30 days). SOS settings cloud backup (if enabled) is retained until you disable it or delete your account.	Active event window only; SOS settings backup: until disabled or account deletion
Journal & Mind	Numeric metadata (mood score, timestamp) when you log an entry	Device-first by default. Eligible Mind/Flow records can be cloud-synced only when you enable cloud sync.	Local Hive by default; optional cloud sync for eligible records when enabled	Local: until deleted. Cloud copy (if enabled): until removed or account deletion.
Creator Studio / PDF Studio / Resume Builder / E-Sign Vault	None server-side for history storage	Some generation actions may use cloud processing, but generated history/output state remains local on your device	On device only (local app storage)	Until you clear history/data or uninstall
Money / Vault	None — we never connect to your bank	Transactions, budgets, balances you self-enter — stored on device. Optional encrypted backup is opt-in.	Local SQLite. Backup blob (if enabled) is client-encrypted.	Until you delete it
StatementIQ (bank statement → CSV/Excel)	The PDF you choose to upload (processed in-memory only, deleted within ~60 seconds of conversion)	Account numbers, IBAN, card numbers, email, phone, gov IDs are stripped on our server before any text is sent to AI sub-processors for low-confidence-row repair	Original PDF: never persisted. Extracted transactions: returned to your device only.	PDF: ~60 seconds in memory. Transactions: not stored on our servers.
Learn / Lessons / Flashcards	Lesson progress, flashcard reviews	Mistake history (on-device only, never uploaded)	Local Hive + cloud sync of progress counters	Until you delete or close account
Canvas (image gen)	The text prompt you submit (sent to the cloud AI provider for generation)	Reference image (if you opt in to image-to-image / pose / upscale)	Generated image returned to your device + saved to your Hive gallery; provider does not retain prompt for training	Output: until you delete it
Coach chat / AI features	The message you send (forwarded to AI sub-processor for that turn only)	Conversation history (kept on device by default; cloud backup is opt-in)	Local Hive. Cloud only if backup is enabled.	Until you clear chat
Voice features (TTS / STT)	None for on-device modes	Audio bytes are sent to a cloud STT provider only when you tap “transcribe with cloud”; cloud TTS is invoked only when you choose a cloud voice. Otherwise audio stays on device.	Cloud provider processes in-memory; not retained for training	Per-request only
Camera (OCR, scan, meal scan, barcode, Snap & Translate)	Camera frame (processed by on-device ML Kit only)	None	On device — frames never uploaded	Discarded after recognition
Location (GPS)	None unless you start route tracking or trigger SOS share	Route tracks stored locally; SOS share is per-event and opt-in	Local SharedPreferences; not synced to our servers	Until cleared
Health Connect / HealthKit	None unless you grant access	Per-permission read access (sleep, heart rate, weight, exercise) — read-only, processed on device, numeric summaries may sync if Cloud sync is on	OS health store + local Hive	Mirrors your OS health-store retention
Notifications	FCM token (so reminders can be delivered)	Reminder times, streak prefs (on device)	FCM token in our DB, prefs on device	Until you disable notifications
Ads (free tier only)	OS device advertising identifier (resettable in OS settings) — required by the ad SDK	None — ads are disabled entirely on Pro / Elite	Google AdMob SDK	Per ad request
Rewarded surveys (BitLabs)	None unless you choose to participate	Firebase UID + transaction ID only — survey answers go to BitLabs / sponsor under their policy; we never see them	Provider only	Per survey
Contacts	None	Only the specific contact you pick for Secret Santa / Wishlist share	Only that contact transmitted, on demand	Per share only
Diagnostics	Anonymous crash stack traces (Crashlytics)	Aggregated event counts (you can disable in Profile → Privacy & Sync)	Firebase	90 days rolling

Reading the table: if a row has only “Optional data” and the “Where it lives” column is on-device, then by default nothing about that feature ever leaves your phone.

3. AI processing and where credits are used

Clarity uses both on-device AI (deterministic, private, free) and cloud AI (billed in credits).

Feature	Runs on	Credits charged
OCR, ML Kit text recognition, on-device translation, ML Kit barcode, ML Kit face detection	Your device	0
On-device text-to-speech, on-device speech-to-text, local embeddings	Your device	0
Offline AI packs (writing, learning, wellness, voice, and semantic search) — optional downloads. All inference runs on your device. Model files are delivered by Clarity, are not used to train any service, and do not send your prompts to third parties.	Your device	0
Soundscapes (bundled ambient audio)	Your device	0
GPS route tracking, sleep-stage summary, nutrition DB lookup	Your device	0
Statement conversion to CSV / Excel / QIF / OFX (all modes)	Clarity cloud	From 1 credit + 1 credit / page (server processing & export)
Daily Calm reflection	Clarity cloud	0 (absorbed as daily freebie)
Sleep story, Learn lessons, Journal reflection, Coach chat	Clarity cloud	1–5 credits
Credit coach, Bill negotiator, Portfolio rebalance advice	Clarity cloud	3 credits each
Canvas text-to-image	Clarity cloud	1 credit
Canvas image-to-image, upscale, pose/reference	Clarity cloud	8 credits
Cloud text-to-speech, cloud speech-to-text	Clarity cloud	15/min, 5/min

Cloud requests include only the minimum content needed (e.g. the sentence to translate, the prompt to generate). They are sent over TLS. Our AI sub-processors (listed in §10) contractually agree not to retain request content for training.

4. Financial data (StatementIQ, Vault)

Clarity is not a bank, broker, credit reporting agency, or lender. We do not access your bank accounts; we only parse statement PDFs or CSVs that you upload, and we do not store the original file. The Credit Coach and Bill Negotiator features provide coaching suggestions only based on numbers you self-report. They are not credit repair services and are not governed by the US Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), nor equivalent regimes. The Portfolio Rebalance feature provides educational guidance only; it is not personalised investment advice and does not recommend specific securities.

5. Legal basis for processing (GDPR / UK GDPR)

Contract (Art. 6(1)(b)) — to deliver the features you use.
Consent (Art. 6(1)(a)) — for optional permissions (mic, camera, location, analytics, marketing emails). Withdraw any time in settings.
Legitimate interest (Art. 6(1)(f)) — fraud prevention, abuse detection, aggregate product analytics.
Legal obligation (Art. 6(1)(c)) — tax records for paid subscriptions.

6. Your rights

Regardless of where you live, you can:

Access the personal data we hold about you
Correct or update it
Export a copy (JSON + CSV)
Delete your account and all associated data
Opt out of analytics and marketing
Object to automated decision-making (none of our AI features makes legally significant automated decisions about you)

EU/UK residents also have the right to lodge a complaint with a supervisory authority. California residents have additional rights under the CCPA/CPRA (right to know categories sold — we do not sell personal data — and right to limit use of sensitive data). Indian residents have rights under the DPDP Act 2023.

7. Data retention

Account + content: until you delete it or close your account.
StatementIQ uploads: bank and credit-card statement PDFs are processed in-memory only and are deleted as soon as parsing finishes (typically within 60 seconds). We do not retain your statement PDFs while your account is active. Extracted transactions, filenames, and project metadata are stored only on the device that uploaded them — if you sign in from another phone, tablet, or the web, your StatementIQ history will be empty. Only anonymised usage counters (page count, success/failure) are kept on the server, and only for billing limits.
Other uploaded files (e.g. profile images): deleted from our servers within 60 minutes of upload completion if you did not save them.
Diagnostic logs: 90 days rolling.
Subscription & payment records: 7 years (tax law).

7.1 Personal exports and chat attachments

Health Report, Food Log, and Cycle Tracking exports are user-initiated personal exports through the operating system share sheet (for example WhatsApp or personal email). StepUp chat is text-only and does not accept user file attachments.

8. Children

Clarity is an 18+ service and is not directed to minors. We do not knowingly collect personal data from anyone under 18. Contact us and we will delete it.

9. International transfers

Clarity is operated globally by JSCreatorPro Pte. Ltd. (incorporated in Singapore) and uses the sub-processors listed in §10 below, based in the US, EU, and Singapore. International transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework.

10. Sub-processors

These are the only third parties that ever receive any data associated with your account, and only the minimum listed below. None of them receive your journals, AI prompts, AI outputs, health metrics, financial data, statement PDFs, or location history.

Provider	Purpose	Data shared	Region
Google Cloud SQL (PostgreSQL, managed)	Primary app database — accounts, encrypted journals, health / finance / learning records	All your account data (journal bodies are client-side-encrypted before upload)	asia-southeast1
Google Firebase (Auth, Crashlytics, Analytics, FCM)	Sign-in, crash reports, aggregated analytics, push notifications	Email, UID, crash stack traces (no user content), aggregated event counts, FCM token	US/EU
Approved secure AI processing providers	Language and vision inference, image generation, speech services	Only the minimum request payload for the specific task; no retention for training	US / EU
Approved secure document-processing provider	StatementIQ — bank statement OCR and layout extraction. Files are processed only for the duration of parsing, then deleted.	Document page images for OCR; no retention for training	US / EU
Approved secure AI processing providers	StatementIQ low-confidence row repair and other optional cloud AI tasks. Sensitive identifiers are redacted before processing where applicable.	Task-specific redacted text or prompt content only; no retention for training	US / EU
Licensed stock-media libraries	Stock media search (Canvas module)	Only the search query text (for example, "mountain landscape") is sent. No account content is transmitted.	Global
Stripe / Google Play Billing / Apple App Store	Payment processing	Purchase receipt, subscription state (handled by the store — we never see your card)	US / global
RevenueCat, Inc.	Subscription and entitlement management	Firebase UID, store purchase receipt, subscription tier	US
Google AdMob (Google Mobile Ads SDK) — free tier only	Rewarded and interstitial ads for free-tier users	Device advertising identifier (resettable in OS settings) as required by the ad SDK. Disabled for Pro / Elite users.	Global
BitLabs (opt-in surveys)	Rewarded surveys — users choose to participate in exchange for credits	Firebase UID and transaction ID only. Survey answers you give go to BitLabs and the survey sponsor under BitLabs' own privacy policy. You can ignore surveys entirely.	Global
MyMemory (Translated.net)	Browser "Translate page" feature — translates the selected page text into the user's chosen language. The feature is user-initiated (opt-in per page). Only the text fragment is sent; no URL, user ID, or account data is transmitted.	Selected page text fragment (max ~500 chars per call). No retention for training under MyMemory's fair-use policy.	EU (Italy)
Cloudflare	CDN, DDoS protection	IP address and request metadata at the network edge	Global

10.1 What our partners never receive

Under no circumstances do we share any of the following with advertising networks, survey providers, analytics vendors, or any third party for their own purposes:

Your journal entries, voice notes, or AI reflections
Your AI prompts or AI-generated outputs
Your health metrics (mood, sleep, weight, heart rate, steps, meals)
Your financial data (statement content, transactions, balances, budgets, credit coach inputs)
Your bank statement PDFs (processed then deleted; see §7)
Your GPS route tracks (these never leave your device)
Your email address or display name

When a feature needs a third party to work (e.g. a rewarded survey), we share only the minimum identifier required (typically a Firebase UID). We do not build or sell marketing segments, look-alike audiences, or data-broker profiles.

11. Security

TLS 1.2+ in transit; AES-256 at rest on Google Cloud SQL (PostgreSQL, managed by Google Cloud in asia-southeast1); Firebase App Check on every API call; secrets scoped to Cloud Run service accounts; no third-party JS on authenticated screens. Sensitive free-text content (journal bodies, AI reflections) is additionally encrypted client-side with AES-GCM using a user-held key before upload. We support biometric lock on the app (Profile → Privacy & Sync → Require Face ID / Fingerprint).

12. Changes

We will notify you in-app and by email at least 14 days before any material change to this Policy takes effect.

13. How we communicate with you

We keep communication simple and limited:

Email only, for external contact. We contact you by email for: account security and recovery, billing and receipts, subscription changes, legal / privacy notices, and direct replies to your support requests. The only addresses we use are support@jscreatorpro.app, billing@jscreatorpro.app, and privacy@jscreatorpro.app.
Premium weekly / monthly summary reports — if you opt in (Profile → Email Notifications → Weekly Report or Monthly Report), we send you a PDF summary of your app activity by email. This is an opt-in feature and can be turned off at any time in the same setting, or by emailing privacy@jscreatorpro.app with subject line "Unsubscribe from Clarity Summary".
In-app push notifications — optional reminders, streak nudges, and session summaries. These are generated by the app on your device via Firebase Cloud Messaging; they are a product feature, not marketing. You can turn them off in Profile → Notifications or in your OS settings.
We do not send SMS or make phone calls. We will never ask for your password, two-factor code, or payment details by email, SMS, or phone. If you receive such a message claiming to be from Clarity, it is not from us — please forward it to privacy@jscreatorpro.app.
No shared mailing lists. Your email address is never sold, rented, or shared with marketers or third parties. We do not operate affiliate mailing lists or ad-network sync lists.

14. Contact

JSCreatorPro Pte. Ltd. (incorporated in Singapore) — privacy@jscreatorpro.app
EU representative: available on request.