1. Who We Are
ClearlyCompliant is operated by Joe Seabrook, trading as ClearlyCompliant. Our contact email is admin@clearlycompliant.co.uk.
We provide a free automated GDPR compliance checker and detailed compliance reports for websites. This privacy policy explains how we collect, use, and protect your personal data when you use our service.
2. What Data We Collect
When you use our service, we collect:
- Your email address — to deliver your scan results, report, and service communications.
- The domain you submit — to perform the compliance scan.
- Payment information — if you purchase a full report, payment is processed securely by Stripe. We never store your card details. Stripe's privacy policy is available at stripe.com/gb/privacy.
- Account information — if you create an account or log in to our service, we store your email address and account activity to provide the service. The lawful basis for this processing is contract performance.
- Technical data — including IP address, browser type, and access times, collected automatically when you visit our site. The lawful basis for this processing is legitimate interests — specifically, maintaining the security and performance of our service and diagnosing technical issues.
3. How We Use Your Data
- To deliver your free scan results and compliance report — lawful basis: contract performance
- To send you service communications related to your order — lawful basis: contract performance
- To send occasional compliance updates and product news where you have consented — lawful basis: consent
- To maintain and improve our service — lawful basis: legitimate interests
- To maintain the security of our systems — lawful basis: legitimate interests
- To comply with legal obligations — lawful basis: legal obligation
We do not sell your data to third parties or use it for advertising purposes.
4. Third-Party Processors
We share data with the following third-party processors:
- Stripe — payment processing. Stripe is PCI DSS compliant and processes payments under their own privacy policy. Stripe acts as a data processor under a Data Processing Agreement with us.
- IONOS — email delivery of your report and service communications via SMTP. IONOS processes data in accordance with their privacy policy at ionos.co.uk. We have a Data Processing Agreement in place with IONOS. IONOS operates primarily within the UK and EEA; where any transfers outside these regions occur, IONOS relies on Standard Contractual Clauses as the transfer mechanism.
- Anthropic — AI-powered analysis of privacy policies and terms and conditions found on scanned domains. We send only the text of public-facing policy pages to Anthropic's API for analysis. No personal data about you as a customer is sent to Anthropic. Anthropic processes data under Standard Contractual Clauses for international transfers. Given the nature of AI processing, we have assessed that a Data Protection Impact Assessment is not required for this use, as no personal data about individuals is submitted to Anthropic — only publicly available policy text from websites.
5. International Transfers
Stripe and Anthropic may process data outside the UK and EEA. Both providers rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the transfer mechanism. Stripe also holds an adequacy decision for transfers to the United States under the UK-US Data Bridge. IONOS operates primarily within the UK and EEA; any transfers outside these regions are covered by SCCs.
6. Data Retention
- Order records (domain, email, payment reference) — retained for 7 years for accounting and legal compliance purposes under UK financial record-keeping requirements.
- Scan results and reports — retained for 90 days, after which they are permanently deleted.
- Account data — retained while your account is active. Upon account deletion, your personal data is deleted within 30 days, except where retention is required by law.
- Technical logs — retained for 30 days.
- Marketing consent records — retained until you withdraw consent or unsubscribe.
7. Cookies
We use only essential cookies necessary for the operation of our service:
- Session cookie — maintains your session while using the site.
- CSRF protection token — protects against cross-site request forgery attacks on forms.
We do not use analytics cookies, advertising cookies, or any non-essential cookies. You can view and manage your cookie preferences at any time using the Cookie Settings link in the footer.
8. Your Rights
Under UK GDPR, you have the following rights:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate data.
- Right to erasure — you can ask us to delete your data, subject to legal retention obligations.
- Right to restriction — you can ask us to restrict processing of your data.
- Right to portability — you can request your data in a machine-readable format.
- Right to object — you can object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please email admin@clearlycompliant.co.uk with your name, email address, and details of your request. We may ask you to verify your identity before fulfilling your request. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, secure password storage, and access controls. Payment data is handled entirely by Stripe and is never transmitted to or stored on our servers.
10. Changes to This Policy
We may update this privacy policy from time to time. The date at the top of this page indicates when it was last updated. Continued use of our service after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related queries, please contact us at admin@clearlycompliant.co.uk.