PRIVACY POLICY

Privacy policy

What Klemento collects, what it doesn't, and what you can do about it. Plain English, no dark patterns.

Last updated

Who we are

Klemento is a meeting-coaching product operated by Klemento Ltd, a company registered in England and Wales. When this policy says we, us, or Klemento, it means Klemento Ltd.

For the purposes of UK GDPR, we are the data controller for information you give us through klemento.com and the Klemento web app at app.klemento.com. We're registered with the Information Commissioner's Office. If you have a privacy question or want to exercise a right under GDPR, the contact details are at the bottom of this page.

What we collect

We collect three kinds of information.

Account information

When you sign up: your name, email address, and a password (which we hash using PBKDF2-SHA256 and never store in plain text). If you sign in with a magic link, we don't store a password at all.

Meeting content you submit

When you analyse a meeting: the transcript text you paste or connect via a note-taker, plus the call type you tag it with. See Transcripts and PII for what happens to that content.

Usage information

Standard server logs (IP address, user agent, timestamp), feature usage counters (how many analyses you've run), and aggregate analytics on which pages of klemento.com you visit. We use Google Analytics 4 with IP anonymisation enabled.

How we use it

  • To run the analysis you asked us to run, and to show the report to you.
  • To bill you for a paid plan, if you have one.
  • To send transactional email (sign-in links, receipts, account changes).
  • To send the weekly digest, if you've opted in.
  • To improve the product. We look at aggregate patterns (which call types are most-analysed, which dimensions correlate with retention) but we do not read your transcripts or your reports.
  • To keep the service secure (rate limiting, abuse detection).

We do not use your meeting content to train AI models. Anthropic, our coaching provider, has the same commitment under their commercial API terms.

Transcripts and PII

This is the part that matters most, so it gets its own section.

Raw transcripts are never stored. When you submit a transcript, our server scrubs structured personally identifiable information (emails, phone numbers, postcodes, IBANs, URLs) using a regex pass before sending the scrubbed text to Anthropic's Claude API for coaching. The coaching prompt instructs Claude to anonymise any names that appear in quoted moments (replacing them with role descriptors like "the manager" or "the client"). We then store the structured coaching output (scores, coaching, anonymised quoted moments) in our database. The original transcript is discarded the moment the request completes.

The reason for this isn't legal hedging. It's a competitive moat. Even in a worst-case data breach, there is no transcript and no identifiable name to leak.

Who we share with

We use a small number of third-party processors to actually run the service. Each is bound by a data processing agreement.

  • Cloudflare hosts the website, app, and API, and stores the structured analyses in Cloudflare D1. Servers run in Western Europe by default.
  • Anthropic processes the scrubbed transcript via the Claude API to return the coaching analysis. Anthropic does not retain prompt content for training under the commercial API terms.
  • Brevo handles transactional and marketing email (sign-in links, receipts, weekly digest).
  • Lemon Squeezy processes payments. We never see your full card number.
  • Google Analytics 4 records anonymised page-view data on klemento.com only. The app and report pages are not analytics-tracked.

We do not sell your data, share it with advertising networks, or hand it to anyone else. If we ever receive a legally-binding request for data, we'll push back where we can and tell you about it where the law allows.

How long we keep it

  • Account data for as long as your account is active, plus 30 days after deletion to handle any final billing.
  • Analyses (the structured coaching output) until you delete them, or until you delete your account.
  • Transactional email logs for 90 days.
  • Server logs for 30 days.
  • Backups for up to 30 days, after which deleted data is permanently purged.

Your rights

Under UK GDPR, you have the right to access, correct, export, restrict, or delete the data we hold about you, and to object to certain kinds of processing.

Most of these you can do yourself from your account settings (export your data as JSON, delete your account, change your email). For anything else, email us and we'll handle it within 30 days.

If you're not happy with how we've handled your data, you can complain to the Information Commissioner's Office. We'd rather you came to us first so we can fix it.

Cookies

klemento.com sets a small number of cookies. None of them are used for advertising.

  • Session cookies on app.klemento.com to keep you signed in. Strictly necessary, no consent banner required.
  • Google Analytics cookies on klemento.com (the marketing site) for aggregate page views. IP address is anonymised before it's sent to Google. You can opt out by enabling Do Not Track in your browser, or by installing the Google Analytics opt-out add-on.

Children

Klemento is built for working adults and is not directed at children under 16. We don't knowingly collect personal data from children. If you believe a child has signed up, email us and we'll delete the account.

Changes

If we materially change this policy, we'll email everyone with an active account at least 14 days before the change takes effect. Smaller wording changes get bumped on the "last updated" date at the top of this page.