User Data And Internet Access (ClaroRead)

Internet access and encryption

All connections use HTTPS to encrypt data in transit.

All Applications

For all our applications:

• All our Applications use Google Analytics in accordance with their usage policies – so we cannot individually identify any users.

• All our Applications call our online Claro Software licensing system to make at least one licensing decision. Depending on how the user licenses – a licence key, SSO – we may have some information on the user: at most this is an email address.

• All our Windows and Mac update programs (ClaroUp, Claro Voice Setup) call our servers to look for updates and download new installers. This is all anonymous and not stored.

• However, for site licences (e.g. schools or corporates) we supply network versions that have none of Google Analytics nor licensing or automatic updates. They may have Internet features listed below, but unless these are used then there is no Internet access by these versions.

All our servers are at one of:

• *.clarosoftware.com

• *.clarodownloads.com

• *.claroreadocr.com

Our ClaroRead Chrome voice (TTS) servers are at:

• For ClaroRead in Sweden: claroacapelavoiceserver.azurewebsites.net
• For all other voice servers: *.clarospeech.com

Our ClaroRead Mac and Windows voice (TTS) servers are at:

• *.speechstream.net/

Windows and Mac Applications

All the connections listed in All Applications above, plus:

• ClaroRead Windows has a dictionary lookup feature for non-English and non-Swedish languages which calls our server with words to look up and gets a result from Wiktionary. Network versions also have this feature. It is all anonymous and is not stored. The end-point is at clarodownloads.com.

• ClaroRead Windows and Mac offers online voices in some versions, indicated in the user settings where they are clearly differentiated and can be selected by the user. Until they are selected these servers are not accessed. These voices use different services and servers.

  • Google voices call Google servers, potentially located in the USA or EU. Cloud Data Processing Amendment.

  • Amazon Polly voices call servers located in Stockholm. Amazon Data Privacy. 

  • Nuance voices are hosted in the EU by us. User data stays in the region, and is not cached or stored.

  • Cereproc voices are hosted in the EU. The text is not stored but the generated audio is kept for 48 hours. 

• ClaroRead Windows (Capture) calls our server to look up references, which in turn calls two USA services, Google Books and CrossRef. This is anonymous.

• ClaroRead Windows version 11 and earlier had an online translation feature which sends text the user selects to a server and gets back the translation. We do not keep the text. This is off by default and not available in UK English versions of ClaroRead. Network versions also have this feature. It is all anonymous and is not stored. This was removed in ClaroRead Windows 12 in November 2023.

ClaroRead SE has only the connections listed in All Applications above.

Chromebook and Web Applications

All the connections listed in All Applications above, plus:

• ClaroRead Chrome uses an online server to do prediction and spellcheck, to which it sends snippets of text. This is all anonymous and is not stored.

• ClaroRead Chrome uses online servers and services to do text-to-speech, to which it sends text to read. This is all anonymous and is not stored.

• ClaroRead Chrome uses online servers to perform OCR (scanning) and document conversion, to which it sends entire documents and images and receives documents back. This is all anonymous and is not stored.

iOS and Android Applications

All the connections listed in All Applications above.

Internet Access Diagram

Local Data

All our applications store local data on their local device: this consists of user settings and other data relevant to the user (e.g. “preferred text-to-speech voice”) but not personal data (e.g. date of birth, sex, name). User data might sometimes include an email address (e.g. alasdairking@westhaven.edu) to store log-in information, but nothing more.

Data Processing Agreement

The following explicitly excludes all of the following, for which you should check our standard company data processing agreements:

• Licensing and provisioning systems (e.g. customer management, invoicing, receipts, payments for the software)

• Website analytics (e.g. cookies)

• Marketing and promotional databases (e.g. EventBrite events, MailChimp mailing lists)

It includes all data processing for ClaroRead in the operation of its services. 

1. Purpose, object and nature, including types of personal data

We process information provided by the user (not the customer) which may or may not be personal information as detailed above for the following purposes:

• Text-to-Speech (TTS). Our most popular ClaroRead feature is TTS. ClaroRead speaks the text you give it, so if you have any problems reading, you can listen instead. If ClaroRead uses on-board local speech, then there is no data transferred anywhere. However, if ClaroRead uses Cloud-based speech, provided by a server, then there is a data transfer. This might be completely anonymous text, like "Here is the news from the BBC today." Or it might be personal text: for example, if I write a letter then use ClaroRead to proofread it, then when ClaroRead reads the address on the letter this personal information will be passed over the Internet to the remote server to generate speech. We cannot guarantee that no PII is passed to ClaroRead by the user, then passed to a TTS server. However, all traffic is encrypted, anonymised and not stored, as detailed above. 
• Optical Character Recognition (OCR) This works very much like TTS: this is when a document is converted into text for ClaroRead to read. If the document is a newspaper page, there is no personal information. If the document is a bank statement, then there is. However, all OCR we provide is either local (on the user's device) or on our one OCR server, which we host. All traffic is encrypted, anonymised and not stored, as detailed above. 
• Identity Services. ClaroRead, like most applications, lets you sign in to it with your Microsoft or Google account (among others). During this process ClaroRead hands you off to that service's sign-in page, and only gets back a unique token, generally an email address or an obfuscated email address, which we then store as detailed above. For example, if I click the "Log in with Google" button in ClaroRead I am taken to google.com in my web browser where I do any personal activity (e.g. signing in) and then passed back to ClaroRead with some unique token. Google does not get any information from ClaroRead except "this application wants to confirm this person has a Google Account and wants to know the email address." ClaroRead gets no information from Google except that email address. There is no data processing going on, and all traffic is encrypted.
  • The five Identity Services we support are Microsoft, Google, Skolon, Apple and Facebook. 

Categories of Data Subjects

Depending on how you deploy the software you have purchased, data subjects may include employees, students, children, and vulnerable adults.

For example, if you put ClaroRead on a tablet and give it to a six-year-old child, then we may process the personal data of that child because the child might provide it to ClaroRead by having ClaroRead read its name aloud. 

Logging requirements for the Processing of Personal Data and who should have access to it

We perform no logging.

Other Instructions regarding the Processing of Personal Data by the Processor

The Personal Data shall not be Processed by the Processor for any other purpose or in any other way than as set out in this Data Processing Agreement.

Data Sub Processors

Our only third-party data sub processors are providers of Analytics (Google) and text-to-speech (Acapela, Amazon, Cereproc, Google)

Name	Purpose	Data Processed	Location	Additional Information
Google Analytics (GA4)	Product usage analytics.	IP addresses.  Features used.	USA	Google Analytics 4 Data Privacy Alphabet Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 USA
Acapela VaaS	Text-to-speech (TTS)	Strings of text to be spoken by the application.	Sweden	Acapela Privacy Acapela Group SA,  33, boulevard Dolez, 7000 Mons, Belgium
Amazon Polly	Text-to-speech (TTS)	Strings of text to be spoken by the application.	Sweden (Stockholm)	Amazon Web Services Malmskillnadsgatan 36, 111 57 Stockholm, Sweden
Cereproc Cloud	Text-to-speech (TTS)	Strings of text to be spoken by the application.	EU	Hosted in AWS in the EU.
Google Voice	Text-to-speech (TTS)	Strings of text to be spoken by the application.	USA	Google endpoints will be determined by Google, and will be located in the USA.