Privacy Policy
Clarence Legal Limited ("Clarence", "we", "us", "our") takes your privacy seriously. This Privacy Policy explains what personal data we collect when you use clarencelegal.ai (the "Platform"), why we collect it, who we share it with, how long we keep it, and the rights you have over it. It is written to comply with the UK GDPR and the Data Protection Act 2018.
If you only read one section, read Section 5 ("How we use AI") — Clarence is an AI‑assisted contract mediation platform, and we want you to understand exactly what that means for your data.
A note on language. Some of the wording below has to be precise because regulators and lawyers read it carefully. Where we can plain‑English a concept without losing precision, we have. Where we can't, we've kept the legal phrasing and added a friendlier sentence next to it.
1. Who is the data controller?
The data controller for personal data processed through the Platform is:
Clarence Legal Limited Company No. 16983899 (incorporated 23 January 2026, registered in England and Wales) Privacy contact: privacy@clarencelegal.ai
For most of our enterprise customers, Clarence acts as a processor of personal data that the customer (the controller) puts into the Platform — for example, the names and contact details inside their contract drafts. The Data Processing Agreement we sign with each enterprise customer governs that processor relationship. This Privacy Policy describes Clarence's role as a controller in respect of:
- account information about the individual users of the Platform (you);
- usage telemetry, security logs, billing records and support correspondence that we generate or collect about you directly; and
- any personal data you submit to us outside a customer account (for example, signing up for our newsletter or contacting our sales team).
We have not designated a statutory Data Protection Officer (UK GDPR Articles 37–39 do not require one in our circumstances). Our privacy contact for all data‑protection matters is privacy@clarencelegal.ai.
Clarence Legal Limited is in the process of registering with the UK Information Commissioner's Office (ICO) as a data controller and will pay the annual data protection fee shortly after go‑live. The ICO registration reference will be added here once issued.
2. The personal data we collect
We collect personal data in five broad categories.
2.1 Account data
When you (or your employer) create an account, we collect: your name, work email address, the company you say you belong to, your role/title (if you choose to share it), the pricing tier you are on, the password hash we use to authenticate you, and (for invited beta testers) the invitation we sent you. We collect this so we can give you access to the Platform.
2.2 Content you create or upload
This is the data you put into the Platform to use it: contract drafts and final contracts, playbooks and rulebooks you upload or build, training scenarios you create, your negotiating positions, fallback strategies, BATNAs, your comments inside Contract Chat, your party‑chat messages with the other side of a negotiation, files you attach, and the metadata that goes with all of this (who created what, when).
We treat this content as commercially sensitive. It is held in a multi‑tenant database with company‑scoped Row Level Security: another customer cannot see your content, and our staff only access it where you have asked us to support you, where we are debugging a fault, or where we are legally compelled to. (See Section 9 on data isolation.)
2.3 Usage telemetry
To run the service we record events such as: which pages you visited, which features you used, which AI operations you triggered (logged in our ai_usage_events table for billing and product analytics), how many credits you spent, error events, and load‑performance data. Where this data is linked to your account, it is personal data; we minimise the identification we attach to it where we can.
2.4 Payment and billing data
When you take out a paid plan or top up credits, we collect billing name, billing email, billing address and (for B2B reverse‑charge under Stripe Tax) your VAT or other tax identifier. We do not see your full card number or CVV — those are handled by Stripe and tokenised. We retain transaction metadata (amount, currency, plan, date, Stripe charge ID) for accounting purposes.
2.5 Security and support data
We log IP addresses, user‑agent strings, sign‑in events and admin actions for security purposes (detecting credential stuffing, anomalous logins, suspected abuse). If you contact us — by email to support@clarencelegal.ai, through the in‑app help, or via sales — we keep the correspondence so we can answer you and so we can refer back to the conversation later.
3. Where we get your personal data from
Most personal data comes from you directly — when you sign up, fill in your profile, upload content, or contact us.
Some comes from your employer — for example, if your company purchases an enterprise seat for you and pre‑provisions your account, we receive your name and email from them.
Some is generated by your use of the Platform — telemetry, billing events, audit logs.
A small amount comes from third parties: Stripe (about your payment), Resend (about email deliverability), our hosting providers (about traffic and security events) and (in rare cases) sanctions / fraud screening services we may run a check against before activating a paid account.
4. Why we use your personal data, and our lawful basis
Under UK GDPR we have to tell you both the purpose of each kind of processing and the lawful basis that makes it legitimate. The table below sets that out.
| Purpose | Categories of data | Lawful basis |
|---|---|---|
| Provide the Platform to you (account, contract drafting, playbook engine, AI mediation, training studio, document generation) | Account data, Content, Usage telemetry | Contract performance (UK GDPR Art. 6(1)(b)) — we need to process this to deliver the service you signed up for. |
| Bill you and take payment | Account data, Payment data | Contract performance (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for tax record‑keeping. |
| Detect, prevent and investigate fraud, abuse and security incidents | Security data, Usage telemetry, Account data | Legitimate interests (Art. 6(1)(f)) — keeping the service and our customers safe. |
| Provide customer support and respond to your questions | Support correspondence, Account data, Content (only what's necessary to answer) | Contract performance (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)). |
| Improve the Platform — fix bugs, debug AI outputs, measure feature usage, prioritise the roadmap | Usage telemetry, anonymised/aggregated content excerpts where strictly necessary | Legitimate interests (Art. 6(1)(f)). |
| Send you marketing emails (newsletters, product tips, offers) | Account data, marketing‑consent flag | Consent (Art. 6(1)(a)) — only if you tick the marketing checkbox at signup or in Settings. You can withdraw at any time. |
| Send you service emails that are not marketing (security alerts, billing receipts, important changes to the service or these terms) | Account data | Contract performance (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)). You cannot unsubscribe from these while your account is active. |
| Comply with legal obligations (HMRC accounting, court orders, lawful regulator requests) | Whatever the obligation requires | Legal obligation (Art. 6(1)(c)). |
| Establish, exercise or defend legal claims | Whatever is necessary | Legitimate interests (Art. 6(1)(f)) and (where applicable) legal claims (Art. 9(2)(f)). |
We do not engage in fully automated decision‑making that produces legal or similarly significant effects on you under Article 22. AI outputs on the Platform are advisory and require a human to act on them.
5. How we use AI ☆
Clarence is an AI‑assisted contract mediation platform. AI is at the centre of what we do, so we want this section to be unmissable.
Which AI we use. We use large language models from Anthropic — specifically Claude Sonnet 4 and Claude Haiku — accessed via Anthropic's API under their enterprise terms.
What we send to the AI. When you use a feature that calls the AI, we send the relevant content to Anthropic so the model can act on it. That can include: the contract or clause you are drafting, the playbook rule being applied, training scenario inputs, your typed questions and prompts, and the necessary context the model needs to give a useful answer. We do not send your password, your card details, or any data unrelated to the operation you triggered.
Anthropic does not train on your data. Under Anthropic's enterprise terms, the inputs and outputs we send to Anthropic's API are not used to train Anthropic's foundation models. We hold a written commitment from Anthropic to that effect, available on request.
AI outputs are not legal advice. Clarence is decision‑support software. AI outputs — clause suggestions, playbook compliance assessments, training scoring, the "Honest Broker" mediation library — are not legal advice and must not be relied on for binding decisions without qualified legal review. Your continued use of the Platform is on that basis.
Logging. We log that an AI call happened — which feature, when, how many credits it cost — in our ai_usage_events table for billing and analytics. Where we log content (for debugging or quality‑review), we do so for short, defined retention periods (see Section 8) and access is restricted to authorised staff.
Anthropic's region. Today, AI calls run against Anthropic's direct API, which processes data in the United States. We rely on the International Data Transfer mechanisms set out in Section 10 to make that transfer lawful under UK GDPR. Where an enterprise customer has a data‑residency requirement that needs EU or UK‑region inference, we can route Claude calls via AWS Bedrock (EU regions, including Frankfurt) or Google Cloud Vertex AI (EU regional endpoints) under that customer's order form; the available regions and any incremental cost are set out at contracting.
6. Who we share your personal data with
We share personal data with the following categories of recipient, all of whom act under contract and on documented instructions.
Sub‑processors that help us run the Platform:
| Sub‑processor | What they do for us | Where they process data |
|---|---|---|
| Anthropic, PBC | Large language model inference (AI features) | United States |
| Supabase, Inc. | Database, authentication and file storage | UK/EU by default |
| Vercel, Inc. | Application hosting and global edge delivery | United States (global edge network) |
| Stripe Payments Europe Ltd / Stripe, Inc. | Payment processing, subscription management, Stripe Tax | Ireland / United States |
| Resend, Inc. | Transactional and marketing email delivery | United States |
| APITemplate.io | Server‑side PDF document generation | Singapore / EU |
| n8n Cloud GmbH | Workflow orchestration (Clarence Legal instance) | Germany |
We keep an up‑to‑date sub‑processor list and will publish material changes here with reasonable notice before they take effect.
Other recipients. Professional advisers (lawyers, accountants, auditors) under duty of confidence; competent authorities where we are legally required to disclose; and, in the event of a corporate transaction (sale, merger, restructuring), the counterparty under appropriate confidentiality undertakings.
We do not sell personal data. We do not share personal data with advertising networks for cross‑site behavioural advertising.
7. International data transfers
Most of our sub‑processors process personal data inside the UK or the EU. The UK and the EU have reciprocal adequacy decisions in place (the EU recognises the UK's data‑protection regime as adequate, and the UK recognises the EU's), so transfers between them do not require additional safeguards.
Some sub‑processors process personal data outside the UK/EU — notably Anthropic, Vercel, Resend and parts of Stripe in the United States. Where data is transferred to a country that the UK has not deemed to provide an adequate level of protection, we use one or more of the following safeguards:
- the UK International Data Transfer Agreement (IDTA); or
- the EU Standard Contractual Clauses with the UK Addendum issued by the ICO; or
- another lawful transfer mechanism recognised under UK GDPR.
We will conduct a transfer risk assessment for each onward transfer to a third country as part of our pre‑launch readiness, and will put supplementary measures in place (encryption in transit and at rest, access controls, sub‑processor commitments) where the assessment recommends them. Enterprise customers can request a copy of the assessment summary for the sub‑processors in scope of their service by writing to privacy@clarencelegal.ai (commercial pricing and other confidential terms may be redacted).
8. How long we keep your personal data
We keep personal data only as long as we need it for the purpose it was collected for, plus any period required by law. The table below sets out our target retention periods. We are operationalising these as part of our pre‑launch readiness — some require deletion processes and vendor‑contract alignment that are in progress.
| Category | Target retention period |
|---|---|
| Account data (name, email, profile) | Lifetime of the account, then deleted 30 days after account closure. |
| Content you create or upload (contracts, playbooks, training data, chats, documents) | Lifetime of the account, then deleted 30 days after account closure, subject to your right to extend or accelerate. Enterprise customers may set their own retention under their DPA. |
Usage telemetry / ai_usage_events logs | 24 months from event date, then deleted or fully anonymised. |
| Security and audit logs (sign‑ins, admin actions, IP, user‑agent) | 24 months from event date. |
| Support correspondence | 3 years from last message in the thread. |
| Billing records (invoices, Stripe transaction metadata, tax records) | 7 years after the end of the accounting period (UK statutory retention). |
| Encrypted database backups | 35 days rolling. Backups are restored only for disaster recovery. |
| Marketing consent records (when you ticked the box, what version of the consent text you saw) | For the life of your account plus 3 years, as evidence of consent. |
| Marketing email content sent to you | 24 months (with Resend); after that we keep only the metadata that you were sent the email. |
Where the law requires us to retain something for longer than the period above (for example, a court preservation order), we will do so for the duration of that requirement.
9. Multi‑tenant data isolation
The Platform serves many customers from shared infrastructure. We isolate your data from other customers' data using:
- Row‑Level Security (RLS) in our PostgreSQL database, with a company‑scoped policy on every table that contains tenant data. Every query is automatically filtered to the requesting user's company.
- Tenant‑scoped storage paths in our file store, so a signed download URL for one tenant cannot resolve files belonging to another.
- Tenant identifiers carried through to AI calls, so model context for one tenant is not mixed with another's in the same request.
- Audit logging of any administrative access by Clarence staff to a customer's data, which we will share with the relevant customer on request.
We test the isolation continuously and treat any cross‑tenant leakage as a P0 security incident.
10. Your rights
Under UK GDPR you have the following rights in respect of personal data we hold as controller:
- Access — you can ask for a copy of the personal data we hold about you.
- Rectification — you can ask us to correct inaccurate data.
- Erasure ("right to be forgotten") — you can ask us to delete personal data we no longer need to keep.
- Restriction — you can ask us to pause processing while a query is resolved.
- Portability — you can ask for a structured, commonly used, machine‑readable copy of data you have given us.
- Object — you can object to processing based on legitimate interests, and to direct marketing.
- Withdraw consent — for any processing based on consent (e.g., marketing), you can withdraw it at any time, free of charge.
- Complain to a regulator — you can lodge a complaint with the UK Information Commissioner's Office (ico.org.uk, 0303 123 1113). If you are based outside the UK you may also have rights to complain to your local data protection authority.
To exercise any of these rights, email privacy@clarencelegal.ai. We will respond within 30 days. We may ask for proof of identity to make sure we are not handing your data to someone else. If your data is being processed because your employer asked us to (i.e., Clarence is acting as a processor), we will route your request to your employer in line with our DPA with them and let you know we have done so.
There is no charge for exercising these rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request — and we will explain why if we do.
11. Cookies and similar technologies
We use a small number of cookies and similar technologies to run the Platform — primarily an authentication session cookie set by Supabase, and a limited amount of first‑party analytics. We do not use third‑party advertising cookies.
See our Cookie Notice for the full list, including each cookie's name, purpose, duration and category, and how to control them in your browser.
12. Security
We protect personal data with:
- TLS 1.2+ encryption for all data in transit;
- AES‑256 encryption at rest in our database and file storage;
- role‑based access control inside Clarence with the principle of least privilege;
- multi‑factor authentication for all staff with production access;
- audit logging of administrative actions;
- segregated test, staging and production environments;
- routine third‑party security testing, with a penetration test before broader launch and at least annually thereafter;
- a documented incident response process aligned to the 72‑hour breach notification requirement under UK GDPR.
No system is perfectly secure. If you spot a vulnerability, please disclose it responsibly to security@clarencelegal.ai. We will acknowledge within two working days.
13. Children
The Platform is a B2B service intended for use by professionals and adult individuals. It is not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has created an account, please contact us at privacy@clarencelegal.ai and we will remove the account and any associated data.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will:
- update the version number and "Last updated" date at the top;
- post the new version at /legal/privacy;
- where the change is material, give existing users reasonable notice (by email and/or in‑product banner) before it takes effect, and where the change requires renewed consent, prompt you to re‑consent at next sign‑in.
We keep the version history at /legal/version-history so you can see what changed and when.
15. Contact us
For any privacy question, request or complaint:
Version v0.2 — prepared 2026-05-26 incorporating John's review comments on v0.1. Not yet in force.