KLAR
Deutsch English

Privacy Policy

Last updated: April 2026

1. Data Controller

Julian Huth, Kölnische Str. 87, 34119 Kassel, Germany, Email: kontakt@huthfabrik.de

2. Data We Collect

  • Account data: Email address upon registration — Legal basis: Art. 6(1)(b) GDPR (contract performance)
  • Content data: Extracted text from screenshots, emails and voice notes (titles, amounts, dates) — Legal basis: Art. 6(1)(b) GDPR
  • Device data: Device type, OS version and app version — Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

3. Special Privacy Measures

  • Original images never leave your device: Text recognition (OCR) runs entirely on-device via Apple Vision Framework. Only extracted text and a compressed thumbnail (max 200px) are sent to our server.
  • Encrypted local storage: Original photos are stored AES-256 encrypted in the app's private storage. The key is held in the iOS Keychain.
  • Automatic camera roll cleanup: After import, screenshots are optionally removed from your camera roll to keep your photo library tidy.
  • Raw data deletion: Raw input data (e.g. forwarded emails) is automatically deleted from our server within 24 hours.

4. AI Processing and Third-Party Services

KLAR uses AI models to automatically recognize and structure your information (appointments, payments, tasks). Before any AI processing occurs, you will be asked for your explicit consent within the app.

What data is sent to AI?

  • Only extracted text from your screenshots, emails or voice notes
  • No original images — text recognition (OCR) runs entirely on your device (Apple Vision Framework)
  • Only a compressed thumbnail (max 200px) is stored for reference

Which services receive data?

  • Backend server (Google Cloud Run, EU region europe-west1): Processing of extracted text — data stays in the EU
  • Mistral AI (Mistral AI SAS, Paris, France): AI-powered text analysis and structuring — EU-based provider, data processed under Mistral AI Data Processing Agreement
  • Firebase Cloud Messaging (Google LLC, USA): Push notifications only — Transfer basis: EU-US Data Privacy Framework

Privacy guarantees for AI processing

  • No training data: Your data is never used to train AI models
  • No persistent storage: Raw data is automatically deleted within 24 hours after processing
  • EU processing: Mistral AI is a European provider based in France — your data does not leave the EU
  • Consent: AI processing only occurs after your explicit consent in the app (Art. 6(1)(a) GDPR)

5. Data Usage

  • Recognition and structuring of appointments, payments and tasks
  • Cross-device synchronization (extracted metadata only, never original images)
  • Sending reminder notifications for appointments and deadlines

6. Data Retention

  • Raw data (emails): maximum 24 hours after processing
  • Extracted items: as long as your account exists
  • Original images: only locally on your device, permanently deleted upon uninstallation

7. Your Rights

You have the right to access, rectification, erasure, restriction of processing and data portability. Contact us at kontakt@huthfabrik.de.

8. Account Deletion

You can delete your KLAR account at any time directly in the app: Settings → Privacy → Delete Account. Upon deletion, all your server-side data is immediately and permanently removed (account, items, members, categories, sources, raw data). Alternatively, you can request deletion by emailing kontakt@huthfabrik.de.