Type of website: Company Website
Effective date: 10th day of June, 2025
This website “The Site” is owned and operated by Clairo Ltd.There are legal and ethical responsibilities around the handling of data and this notice provides information about the way in which we ensure the highest standards of legal compliance and governance.Clairo Ltd is a company registered in the United Kingdom.Contact - support@clairo.ai.
Purpose
The purpose of this Data Protection Notice (this "Notice") is to inform users of our Site of the following:
The personal data we will collect;
The way collected data are used;
Who has access to the data collected;
and The rights of Site users.
This Notice applies in addition to the terms and conditions of our Site.
Data Protection Legislation
For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the "GDPR"). For users in the United Kingdom, we adhere to the UK GDPR and the Data Protection Act 2018, For users in Jersey, we adhere to the Data Protection (Jersey) Law 2018 (the DP Law), collectively known as ‘data protection legislation’.
Clairo is registered as a controller and a processor for the purposes of the data protection legislation.Clairo is a controller for the processing of responding to enquiries, communicating with clients and potential clients, and entering into contractual or other service agreements.
Clairo is a processor for the processing of personal data for which the contracted client is a controller. Find out more about how we look after that data here.
Consent
By using our Site users agree that they consent to: The conditions set out in this Notice.
Legal Basis for Processing
We collect and process personal data about users only when we have a legal basis for doing so under data protection legislation.
We rely on the following legal basis to collect and process the personal data of users:
Legitimate interests - Processing of user personal data is necessary for us or a third party to pursue a legitimate interest. Our legitimate interest is not overridden by the interests or fundamental rights and freedoms of users. Our legitimate interest(s) are: For providing relevant information to users that want to know about what the company can offer as services.
Necessary for the performance of a contract.
When you enter into a contract for services with us, the legal basis for the processing of associated personal data will be contractual.
Personal Data We Collect
We only collect data that helps us achieve the purpose set out in this Notice. We will not collect any additional data beyond the data listed below without notifying you first.
Data Collected in a Non-Automatic Way
We may also collect the following data when you perform certain functions on our Site:
First and last name;
Email address;
Details of the enquiry;
and Company information.
This data may be collected using the following methods: Services Enquiry.
How We Use Personal Data
Data collected on our Site will only be used for the purposes specified in this Notice or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Notice.
The data we collect when the user performs certain functions may be used for the following purposes:
Responding to enquiries and associated communications.Performance of a contract.
Who We Share Personal Data With
Employees
Personal data processed by Clairo will be made available to authorised members of our organisation who reasonably needs access to user data to achieve the purposes set out in this Notice.
Other Disclosures
We will not disclose your data to third parties, except in the following cases:
If the law requires it;
If it is required for any legal proceeding;
You have given us your consent: To establish, exercise, or defend our legal rights; and To buyers or potential buyers of this company in the event that we seek to sell the company where appropriate controls are in place.
If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their data protection notices, privacy policies and practices.
How Long We Store Personal Data
User data will be stored until the purpose the data was collected for has been achieved and in accordance with our retention schedule.
How We Protect Your Personal Data
In order to protect the security of your data, we use the strongest available browser encryption and store all of our data on servers in secure facilities. All data is only accessible to our employees on a need to know basis. Our employees are bound by strict confidentiality agreements and a breach of this agreement would result in the employee's termination.
While we take all reasonable precautions to ensure that user data is secure and that users are protected, it is impossible to guarantee that there is no risk. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.
Your Rights
Under the data protection legislation, you have the following rights relating to the processing of your personal data:
Right to be informed;
Right of access;
Right to rectification;
Right to erasure;
Right to restrict processing;
Right to data portability; and
Right to object.
Children
We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact us to request deletion.
How to Access, Modify, Delete, or Challenge the Data Collected
If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the data protection legislation, please contact us at: support@clairo.ai
Modifications
This Notice may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Notice we will update the "Effective Date" at the top. We recommend that our users periodically review our Notice to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Notice.
Complaints
If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue. If you feel we have not addressed your concern in a satisfactory manner you may contact a supervisory authority. You also have the right to directly make a complaint to the supervisory authority. In your jurisdiction.
Contact details of the Jersey regulator below
Jersey Office of the Information Commissioner
2nd Floor 5 Castle Street
St. Helier Jersey
JE2 3BT
Telephone: +44 1534 716530
Email: enquiries@jerseyoic.org
https://jerseyoic.org
------
How we look after your data.
Data is at the heart of the work you do.
When you use the services of any organisation to support the successful delivery of your business objectives, you need to know that the highest standards of data governance and assurance are in place.
We believe that innovation does not need to compromise those high standards. At Clairo, we have built these standards into everything we do, and our clients interact with Agents through a structured and secure data flow.
The process begins with ingesting client data (structured, unstructured, or semi-structured) into a private repository. This data informs the output of our bespoke Agents, which are configured to specific business use-cases.
Agents are composed of three core elements:
1. Dataset: The client's proprietary documents or databases.
2. Model: A private or open-weight model tailored to the client's needs.
3. Prompts: Instructions, tone, and rules that define the agent’s behaviour.
Our architecture is designed with a "model to the data" approach. Rather than moving data to third-party servers, models are deployed securely within the client’s environment or Clairo’s dedicated systems. This ensures the highest levels of compliance, control, and performance.
Clairo acts solely as a processor in these relationships, never storing customer data beyond session-specific or diagnostic metadata required for real-time processing or feedback loops.
Clients maintain full data ownership.
Agents operate within strict parameters to respect organisational governance, and all data flows are minimised and secured using best practices.
We do not engage in long-term data retention or repurposing of data for model training unless explicitly instructed under enterprise agreements.
We are fully aligned with global compliance frameworks. Clairo is certified under ISO/IEC 27001:2022 for information security management. We are actively pursuing ISO/IEC 42001:2023, the emerging standard for Artificial Intelligence Management Systems. These certifications underpin our commitment to robust datagovernance, secure deployment, and responsible AI practices which also includes compliance with the EU AI Act where relevant.
Clairo targets strategic growth in regions with strong data protection and privacy frameworks and enterprise AI demand, with a core focus on:·
United Kingdom
European Union (EU)
Middle East
Southeast Asia
North America
Our emphasis on privacy and data sovereignty makes us a preferred partner for clients navigating GDPR, UK GDPR, and region-specific data residency requirements. We understand the value of your data and the importance of trust and confidence in the data journey.
