clairo
LEGAL

Privacy Policy

Last updated: 1 March 2026

Clairo ("we", "us", "our") is committed to protecting your personal data. This policy explains what we collect, why we collect it, and your rights under GDPR, CCPA, and other applicable laws.

1. Who We Are

Clairo is operated by Clairo Ltd. For questions about this policy, contact us at privacyclairo.co.uk.

2. Data We Collect

We collect the following categories of data:

  • Account data — name, email address, password hash (bcrypt).
  • Billing data — subscription tier and status. Payment card details are held by Stripe, not us.
  • Domain configuration — hostnames, banner settings, geo rules.
  • Scan results — cookies and trackers detected on your domains.
  • Consent records — hashed visitor IDs (SHA-256), consent choices, timestamps, country, framework. Raw IPs are never stored.
  • Usage analytics — page views and feature interactions within the dashboard (used to improve the product).

3. How We Use Your Data

  • To provide and operate the Clairo service.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (scan complete, payment failed, etc.).
  • To comply with legal obligations (e.g., GDPR data subject requests).
  • To improve our product using aggregated, anonymised usage data.

4. Data Retention

Account data is retained for the lifetime of your account plus 30 days after deletion. Consent records are retained for 3 years to meet legal audit requirements. Backups are purged on a 30-day rolling cycle.

5. Third Parties

We share data only with the following processors:

  • Stripe — payment processing.
  • AWS — hosting and email delivery (SES).
  • Cloudflare — CDN, DDoS protection, and edge geo-detection.
  • Resend / MailHog (dev) — transactional email delivery.

We do not sell your data to any third party.

6. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (right to erasure — GDPR Art. 17).
  • Restrict or object to processing.
  • Data portability (receive your data in machine-readable format).
  • Opt out of sale of personal information (CCPA).

To exercise any of these rights, email privacyclairo.co.uk. We respond within 5 business days.

7. Cookies on This Site

This marketing website uses only essential cookies required for navigation. No third-party tracking or advertising cookies are set. See our Cookie Policy for full details.

8. Changes to This Policy

We may update this policy. Material changes will be communicated by email to registered users. The "last updated" date at the top of this page reflects the most recent revision.