Privacy Policy

Last updated: November 20, 2025

Introduction

Klara ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our task management application.

Data We Collect

Anonymous Users

If you use Klara without signing in, all your data is stored locally on your device using browser localStorage. We do not collect, transmit, or have access to any of your task data.

Authenticated Users

When you create an account (via Google OAuth, GitHub OAuth, email/password, or passwordless authentication), we collect and store:

Email address
Full name (if provided via OAuth)
Profile picture URL (if provided via OAuth)
Your tasks, including text, importance ratings, deadlines, and completion status
Projects and their configurations
Subscription information (plan type, billing cycle, payment status)
Language preference
For shared projects: collaboration data including project memberships, invitations, and task assignments

How We Store Your Data

Local Storage (Anonymous Users)

For anonymous (non-registered) users, all task data remains on your device in browser IndexedDB. This data never leaves your device unless you create an account. We do not have access to locally stored data.

Cloud Storage (All Registered Users)

For all registered users (Free and Pro tiers), your data is stored securely in Supabase (EU region), an open-source backend-as-a-service platform. Your data is encrypted in transit (HTTPS) and at rest. Cloud sync enables access across all your devices.

Pro Tier Additional Storage

Pro tier subscribers have additional data stored including unlimited projects, project collaboration data (shared project memberships, invitations, member roles), and task assignment information. All data is subject to the same security standards.

Data Sharing in Shared Projects

When you share a project with other users, all tasks in that project become visible to invited members. Your name and email are visible to other project members. We facilitate this sharing but are not a data processor for data shared between users. You control who you share projects with and can revoke access at any time.

Third-Party Services

We use the following third-party services:

Google OAuth & Identity Services

We use Google OAuth for authentication, including Google Identity Services and One Tap for streamlined sign-in. When you sign in with Google, you are subject to Google's Privacy Policy. We only receive the information you authorize Google to share with us (email, name, profile picture). Google One Tap may display an automatic sign-in prompt if you've previously signed in with Google.

GitHub OAuth

We use GitHub OAuth for authentication. When you sign in with GitHub, you are subject to GitHub's Privacy Policy. We only receive the information you authorize GitHub to share with us.

Supabase

We use Supabase for cloud database and authentication services. Your data is stored in accordance with Supabase's security and privacy standards.

Plausible Analytics

We use Plausible Analytics for privacy-friendly website analytics. Plausible does not use cookies, does not collect personal data, and is fully GDPR compliant. We only track page views and basic usage statistics.

Google Tag Manager & Analytics

We use Google Tag Manager (GTM) for event tracking and analytics in privacy-preserving mode (Consent Mode v2). GTM operates cookieless with all consent types set to 'denied' by default (ad_storage, analytics_storage, ad_user_data, ad_personalization). No cookies are stored and no personal data is collected. We track aggregated, anonymized usage events such as task creation and signup completion to improve our service. This tracking is fully GDPR compliant and privacy-preserving.

Google Ads Conversion Tracking

We use Google Ads conversion tracking to measure the effectiveness of our marketing campaigns. This operates in cookieless mode (Consent Mode v2) with all tracking consent denied by default. Only aggregated, anonymized conversion events are tracked (e.g., signups, task completions) without personal identification. No cookies are stored and no personalized advertising is performed. This is privacy-preserving and GDPR compliant.

Stripe (Payment Processing)

We use Stripe to process subscription payments for paid tiers. Stripe handles all payment information securely - we never store your credit card details. Payment data is subject to Stripe's Privacy Policy. Your email, Stripe customer ID, and language preference are shared with Stripe. We automatically sync your language preference to your Stripe customer record to ensure payment communications are in your preferred language.

Brevo (Email Communications)

We use Brevo (formerly Sendinblue) to send transactional emails including payment receipts, project collaboration invitations, password reset links, passwordless authentication links, and account notifications. Your email address and name may be shared with Brevo for this purpose. Marketing emails require explicit opt-in.

HelpScout Beacon (Customer Support)

We have integrated HelpScout Beacon, a customer support chat widget, which is disabled by default. When enabled (via feature flag), it allows you to contact our support team directly from the app. If enabled, your email address and full name are shared with HelpScout to facilitate support conversations. This feature is not active by default and requires explicit configuration to enable.

Cookies and Local Storage

We use the following storage mechanisms:

**localStorage**: Used to store your tasks and app preferences locally on your device
**Session cookies**: Used by Supabase to maintain your authentication session when you're signed in
**No tracking cookies**: We do not use any tracking or advertising cookies. Our analytics and ad conversion measurement operate in a cookieless, privacy-preserving mode.

Your Rights (GDPR)

Under GDPR, you have the following rights:

Right to Access

You can view all your data at any time while using the application. Your tasks are visible in the app interface.

Right to Data Portability

You can export all your tasks using the "Export" option in the User Menu, which downloads your data in JSON format.

Right to Deletion

You can delete your account at any time through the User Menu in the app. Upon deletion, your account and associated data will be permanently deleted immediately from our systems. Active subscriptions are automatically cancelled. Shared projects you created that have active collaborators will be transferred to another member to ensure continuity. Projects you own that have no other members will be permanently deleted. You will be removed from projects you were invited to. For anonymous users, simply clear your browser's localStorage to remove all data.

Right to Withdraw Consent

You can withdraw consent at any time by signing out of your account. This stops any further data collection, though previously collected data remains until you request deletion.

Data Retention

We retain your data for as long as your account is active. If you delete your account, your task and project data will be permanently deleted immediately from our systems. Subscription and payment history may be retained for up to 7 years for legal and accounting compliance. Shared projects you created with active collaborators are transferred to new owners; projects without collaborators are deleted. Your membership in other shared projects is removed.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]
Website: byteventures.se

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy.