How your storage works

Klipr is a different shape from typical capture tools: your captures don't live on our servers. Here's exactly where they go, what we can see, and how sharing works.

The short version. When you connect Google Drive, Klipr creates one folder in your Drive and uploads captures there. The folder is private to your Google account — never link-shared. Klipr only has permission to touch files it created in that folder, nothing else in your Drive. When you share a klip, you hand out a getklipr.app/v/<id> link; Klipr enforces who can view, then streams the file from your Drive on demand. There is no public Drive URL anywhere.

Where your files live

Every screenshot, screen recording, voice clip, meeting recording, and uploaded file (including PDFs) you capture uploads directly to a folder Klipr creates in your Google Drive (default: Klipr Captures) or to your S3-compatible bucket. Klipr's servers never store the file bytes — only metadata: the Drive file id or S3 key, file name, size, upload time, plus any transcripts, extracted document text, AI descriptions, embeddings, comments, and view events tied to the klip.

If you delete the file in your Drive, the klip stops working. If you disconnect Klipr, the files stay in your Drive — they're yours. You can also export Klipr-held account data (or delete your account entirely) from Settings → Account → Data & privacy.

Meeting recordings — what lives where

Meeting capture is the same model with one extra layer of context. The video and audio segments stream straight to your Drive or S3 bucket; Klipr keeps a small index in its database so the viewer page, transcript search, and AI agents can do their jobs.

In your Drive or S3: the recorded video and audio segments themselves, plus your enrolled voice sample (if you set one up so Klipr can label your turns in the transcript).
On Klipr's servers: a calendar snapshot taken at recording time — title, start/end, timezone, meeting URL, provider (Meet, Zoom, Teams, or Webex), organizer email, attendees (email, display name, response status), agenda preview, and location. Plus the diarized transcript (compressed text + timestamp segments + speaker name/role map) and a media-segment index that points at each chunk in your storage.

The calendar snapshot only contains the event you chose at capture time — Klipr never browses or stores the rest of your calendar. The Google Calendar OAuth scope is read-only and limited to listing upcoming events when you arm a recording.

What Klipr can and can't see in your Drive

Klipr requests Google's most restrictive Drive permission: the drive.file scope. This scope grants the app access only to files it created itself or that you explicitly hand it. Concretely:

Klipr can read, update, and delete the captures it uploaded to your Klipr folder.
Klipr cannot see anything else in your Drive — not your other folders, documents, photos, sharing settings, or files shared with you. They're invisible to it.
Klipr cannot list or browse your Drive at the top level. Even if our backend were compromised, the blast radius is the Klipr folder, not your Drive.

How sharing actually works

This is the part most people get backwards. The link you share is not a Google Drive URL. Walk through what happens when someone clicks getklipr.app/v/abc123:

The viewer hits Klipr's servers, not Google's. The viewer page doesn't embed a Drive URL anywhere. The browser only ever talks to getklipr.app.

Klipr checks your access rules. Public klip? Lock-screen protected? Sign-in required? Whatever you've set, Klipr enforces it before serving anything.

If allowed, Klipr fetches the file from your Drive server-side using the Google OAuth token tied to your account, then streams the bytes back through Klipr to the viewer. The viewer never receives a Drive URL or a token.

The Drive file itself stays private. No "anyone with the link can view" sharing is ever applied to your Drive file. The Klipr /v/<id> link is the share token; that's the only way in.

What this means in practice

The /v/<id> URL is the share. Treat it like an unlisted YouTube link — anyone with the URL can view, subject to whatever access rules you've set on the klip.
Sniffing a klip's URL doesn't give anyone access to the rest of your folder. There's no folder listing exposed; share ids are random and per-klip.
If you stop sharing a klip (or delete it), the link stops working immediately — Klipr's gate refuses the next request.

What happens when you disconnect

You can disconnect Klipr from your Drive at any time, from inside the app or from your Google account permissions page. When you do:

Klipr's OAuth token is revoked. Klipr can no longer read or write anything in your Drive.
Your files stay where they are, untouched, in your Drive folder.
Existing /v/<id> share links stop serving content (Klipr can't fetch from your Drive anymore).

What about S3, R2, and other buckets

For teams and self-hosters, Klipr also supports any S3-compatible bucket (AWS S3, Cloudflare R2, Backblaze B2, Wasabi, MinIO, and others). The model is the same: captures go to your bucket, Klipr's servers proxy the bytes through the same access-gated /v/<id> URL, and the underlying object URL is never exposed to viewers. Bucket credentials live encrypted at rest and are scoped to the bucket and prefix you configure.

Other things people ask

Can Klipr read my emails or other Google services?

No. Sign-in uses Google for identity (your name and email only). The Drive scope is separate and limited to drive.file — Klipr cannot see Gmail, Contacts, Photos, or anything outside the files it created. Calendar access is separate, optional, and used only when you enable meeting recording context.

Are transcripts and comments stored on Klipr?

Yes — voice, screen-recording, and meeting transcripts (including the speaker-aware segments and name/role map for meetings), extracted text from uploaded documents (PDFs), AI-generated descriptions and embedding vectors, comments, and voice replies on a klip's viewer page are stored on Klipr's servers (Cloudflare + Neon Postgres). For meeting recordings, the calendar snapshot you attached at capture time (title, attendees, agenda) is stored alongside the transcript. The source audio, video, and documents stay in your Drive or S3 bucket.

Can I download or delete everything Klipr has on me?

Yes. Sign in, open Settings → Account → Data & privacy, and use Download for a JSON export of Klipr-held account data: profile, klips, transcripts, topics, comments, view events, AI/search data, storage connections, and related settings. Stored credentials, hashes, bearer/session tokens, and raw IP fields are excluded or replaced with presence flags. Use Delete account to permanently remove the Klipr-held account data. Account deletion is immediate; the JSON export is generated on demand. Files in your Drive or S3 bucket are not touched by either action — those belong to your storage account.

Can I see Klipr's source for the storage layer?

Klipr's storage code is small enough to audit. Email security@getklipr.app if you'd like a walkthrough or have specific questions for your security team.