Privacy policy

ClearSite is provided by Karp Communications Limited, a company registered in England and Wales. We are the data controller for the personal data described in this policy. You can contact us about anything in this policy at info@clearsiteapp.co.uk.

We have not designated a statutory Data Protection Officer because the scale and nature of our processing do not require one under UK GDPR Article 37. The named contact for any privacy question is the email address above, monitored by the founder.

We collect the following categories of personal data:

We do not knowingly process pupil personal data. The Service is built around the public website and does not require pupil information to operate.

For most processing, our lawful basis is performance of a contract: we need this data to provide the Service you have signed up for. Where you use a scan or report feature, that is contract performance.

For audit logs and security monitoring, our lawful basis is legitimate interest: we need to keep records of access and activity to keep the Service safe, to detect abuse, and to respond to incidents. We balance this against your rights and have minimised the data retained.

For analytics and marketing cookies, our lawful basis is consent: those cookies are off by default and only run when you turn them on. See our cookie preferences page.

• To run scans, produce Compliance Reports, and deliver them to you.
• To send transactional emails (signup confirmation, scan completion, billing notifications, security and account alerts).
• To bill the subscription and handle refunds where applicable.
• To answer support requests.
• To detect and respond to abuse, fraud, or security incidents.
• To improve the Service. For this purpose we keep an anonymised analytics dataset (see Section 7).

We use a small number of trusted third-party services to run ClearSite (typical SaaS infrastructure: hosting, database, email, payment processing, AI inference, monitoring, backups). They process personal data on our behalf under written terms that require them to keep the data secure and to use it only for the purpose we give them. The current list of services is available on request to info@clearsiteapp.co.uk and we will tell you if we change which providers we rely on.

We do not sell personal data, and we do not share personal data with advertisers.

We may disclose personal data if required by law (a court order, a regulator's lawful request, or to protect against fraud or harm). We will challenge requests we consider overbroad and will notify the affected customer where we are not legally restrained from doing so.

Customer records and scan artefacts are stored in UK and EU regions. Off-vendor backups are stored in a UK region. Email is delivered from UK and EU regions. Uptime monitoring runs from EU regions.

A small number of services are necessarily provided from outside the UK and EU, currently for payment processing and large-language-model inference used by the scan engine. Personal data sent to those US-based providers is governed by the UK Addendum to the EU Standard Contractual Clauses (or, for payment processing, by financial services adequacy), which are the legal mechanisms for transfer in the absence of a full adequacy decision.

We keep an anonymised analytics dataset to understand how the Service is used and to improve it. Records in this dataset are captured at the moment of an event (signup, scan, recommendation lifecycle) and have direct identifiers replaced with an opaque key before they leave our customer database. The dataset lives in a separate database that the customer-facing app cannot read.

We apply k-anonymity (k=5) to the analytics dataset: any combination of attributes shown in an analytics view must be shared by at least five distinct accounts; otherwise we widen the buckets or hold the data back. This means a row in the analytics dataset cannot be re-identified to a specific account, even by us.

When you exercise the right to erasure, the records in the customer database are hard-deleted. Records already in the anonymised analytics dataset stay there because they cannot be re-identified to you.

Under UK GDPR you have the rights below. You can exercise most of them from the account settings; for anything that does not have a self-service path, email info@clearsiteapp.co.uk and we will respond within one calendar month.

• Access: ask for a copy of the personal data we hold about you. The account settings include a self-service data export that produces a JSON and CSV bundle.
• Rectification: correct your profile details from the account settings, or ask us to correct anything we hold that you cannot change yourself.
• Erasure: ask us to delete your account. Two flows are available: a 30-day grace period (so you can change your mind) or immediate irreversible deletion. Both require re-authentication. After erasure runs, your customer-database records are hard-deleted; your audit-log entries are pseudonymised; anonymised analytics records remain because they cannot be re-identified.
• Restriction: ask us to stop using your data while a question is being resolved.
• Portability: receive your data in a structured, commonly used, machine-readable format (the data export above is in JSON and CSV).
• Objection: object to processing that we are doing on the basis of legitimate interest. We will stop unless we have a compelling legitimate ground that overrides your interests.
• Withdraw consent: where processing is based on consent (analytics or marketing cookies), withdraw the consent at any time from the cookie preferences page.

You also have the right to complain to the Information Commissioner's Office (ico.org.uk) if you think we have handled your data wrongly. We would like the chance to fix it first; please email us before going to the ICO if you can.

Essential cookies keep you signed in and remember your preferences (including this one). Analytics and marketing cookies are off by default and only run after you opt in. Manage your choice on the cookie preferences page.

We protect personal data with appropriate technical and organisational measures. These include: TLS in transit; encryption at rest in the database and backup providers; rate-limit-based abuse protection; multi-factor authentication available on accounts; SSRF protection on the scan engine so it cannot be coerced into reaching internal networks; structured logging with PII scrubbing; access control enforced by both application repository pattern and Postgres row-level security; daily off-vendor backups with quarterly restore drills; and a security digest reviewed weekly with rotation of secrets quarterly.

If we discover a personal data breach affecting you, we will notify you without undue delay (and in any event within 72 hours of becoming aware) along with the information required by UK GDPR Article 33(3) so far as we have it, with updates as the picture clarifies. We will also notify the ICO where required.

We may update this policy from time to time. Where a revision materially affects your rights or how we process your data, we will email the change to your account address at least 30 days before it takes effect, with a plain-language summary of what changed. Non-material revisions (typos, clarifications) are published without advance notice.

Continued use of the Service after the effective date of a revised version constitutes acceptance of that version. If you do not agree to a revision, you can export your data and close your account from the account settings. The version in force at the time of any later question is the one that was in effect on the date the issue arose. The version history is published at /terms/changelog.

For anything in this policy, including subject access requests, email info@clearsiteapp.co.uk.