ClauseGuard
PricingAboutFree ScanLog InStart Free Trial

Privacy Policy

Last updated: 15 March 2026

ClauseGuard ("we," "us," or "our") is a trading name operated as a sole trader business based in England. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at clauseguard.uk and use our services (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using ClauseGuard, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is ClauseGuard, contactable at john@clauseguard.uk.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Registration: Email address and name when you create an account
  • Firm Profile Data: Your FCA Firm Reference Number (FRN), firm name, and regulatory permissions/activities. This information is used to personalise the regulatory updates we show you
  • Payment Information: Billing details and payment method information. This is processed directly by our payment processor, Stripe. We do not store your full card details on our servers
  • Communications: Messages, enquiries, and feedback you send to us via email
  • Free Scan Data: If you use our free scan feature, your FCA FRN and email address

1.2 Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referring URLs, pages visited, date and time of access
  • Authentication Data: Session tokens and authentication cookies necessary to keep you logged in
  • Usage Data: Information about how you interact with the Service, including which regulatory updates you view and actions you take within the dashboard

1.3 Information from Third Parties

  • FCA Register Data: Publicly available information from the FCA Financial Services Register about your firm’s regulatory permissions and status
  • Stripe: Transaction confirmations and subscription status updates from our payment processor

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Delivering personalised regulatory intelligence based on your firm’s FCA permissions, including regulatory feed updates, impact scoring, action items, and email digests
  • Account Management: Creating and managing your account, processing subscriptions, and handling billing through Stripe
  • AI Classification: Sending regulatory content to Anthropic’s Claude AI for classification and summarisation. We send the regulatory update content (publicly available regulator publications) along with your firm’s permission categories to generate relevant summaries. We do not send your personal details (name, email) to the AI
  • Transactional Emails: Sending you service-related communications including magic link login emails, regulatory digest emails, and subscription confirmations via our email provider, Resend
  • Security and Fraud Prevention: Monitoring for suspicious activity, preventing abuse, and maintaining the security of our Service
  • Service Improvement: Analysing usage patterns to improve the Service, fix bugs, and develop new features
  • Legal Compliance: Complying with applicable laws, regulations, and legal obligations

3. Legal Basis for Processing (UK GDPR)

Under the UK GDPR, we process your personal data on the following legal bases:

  • Performance of a Contract (Article 6(1)(b)): Processing necessary to provide you with the Service you have subscribed to, including account management, regulatory feed delivery, and email digests
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including improving the Service, maintaining security, preventing fraud, and sending you important service updates. We balance these interests against your rights and only process data where our interests are not overridden by your rights
  • Consent (Article 6(1)(a)): Where you have given us specific consent, such as for marketing communications. You may withdraw consent at any time
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with our legal obligations, such as tax and accounting requirements

4. How We Share Your Information

We do not sell, rent, or trade your personal data. We share your information only with the following categories of third-party service providers, who process data on our behalf:

  • Stripe (Payment Processing): Processes your payment information securely. Stripe is PCI-DSS Level 1 certified. See Stripe’s Privacy Policy
  • Resend (Email Delivery): Delivers transactional emails including magic link logins, regulatory digests, and service notifications. Your email address is shared with Resend for this purpose
  • Anthropic (AI Processing): Regulatory publication content is sent to Anthropic’s Claude AI for classification and summarisation. We do not send your personal data (name, email, payment details) to Anthropic. See Anthropic’s Privacy Policy
  • Vercel (Hosting): Hosts and serves our web application. Your requests pass through Vercel’s infrastructure. See Vercel’s Privacy Policy
  • Neon (Database): Stores your account data, firm profiles, and regulatory updates in a PostgreSQL database hosted in the EU. See Neon’s Privacy Policy
  • Legal Requirements: We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others

5. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. When your data is transferred internationally, we ensure appropriate safeguards are in place:

  • Database: Your data is stored in EU-based PostgreSQL databases hosted by Neon
  • US-based Providers: Stripe, Anthropic, Vercel, and Resend are US-based companies. Transfers to these providers are protected by Standard Contractual Clauses (SCCs) and/or UK adequacy regulations

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account Data: Retained while your account is active. After account deletion or 12 months of inactivity, your personal data will be deleted or anonymised
  • Payment Records: Transaction records are retained for 7 years to comply with HMRC tax and accounting requirements
  • Audit Trail Data: Retained for the duration specified by your subscription plan (30 days for Essentials, unlimited for Professional). After account deletion, audit data is retained for up to 90 days before permanent deletion
  • Server Logs: Automatically deleted after 90 days

You may request deletion of your data at any time, subject to our legal retention obligations.

7. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): You can request a copy of all personal data we hold about you. We will provide this in a commonly used electronic format within 30 days
  • Right to Rectification (Article 16): You can request correction of any inaccurate or incomplete personal data we hold about you
  • Right to Erasure (Article 17): You can request deletion of your personal data where there is no compelling reason for its continued processing. This is subject to our legal retention obligations
  • Right to Restrict Processing (Article 18): You can request that we limit how we process your data in certain circumstances
  • Right to Data Portability (Article 20): You can request your data in a structured, commonly used, machine-readable format (such as CSV or JSON)
  • Right to Object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at john@clauseguard.uk. We will respond to your request within 30 days. If your request is complex, we may extend this by a further 60 days, but we will notify you of any extension within the initial 30-day period.

8. Cookies and Similar Technologies

We use cookies and similar technologies as follows:

  • Essential/Strictly Necessary Cookies: Required for authentication (keeping you logged in via NextAuth session cookies) and security. These cannot be disabled without losing core functionality
  • No Third-Party Tracking: We do not currently use analytics cookies, advertising cookies, or third-party tracking scripts. If this changes in the future, we will update this policy and seek your consent where required

You can control cookies through your browser settings. However, disabling essential cookies will prevent you from logging in and using the Service.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption in transit via TLS/SSL on all connections
  • Passwordless authentication via magic link emails, eliminating password-related vulnerabilities
  • Payment data handled exclusively by Stripe (PCI-DSS Level 1 certified) and never stored on our servers
  • Database hosted on Neon with encryption at rest and restricted access controls
  • Regular security updates and monitoring

While we take every reasonable precaution to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children’s Privacy

Our Service is designed for business use by FCA-regulated firms and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by placing a prominent notice on our website. The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us and Complaints

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please contact us:

ClauseGuard
Email: john@clauseguard.uk
Jurisdiction: England and Wales

If you are not satisfied with our response to your complaint, or believe we are processing your personal data in a way that is not lawful, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Website: ico.org.uk
Helpline: 0303 123 1113

ClauseGuard

Regulatory intelligence for FCA-regulated firms. Monitoring FCA · PRA · HMRC. Updated daily.

ClauseGuard does not provide legal or compliance advice. It provides regulatory intelligence to support your compliance processes.

Navigation

PricingAboutFree ScanLog In

Legal

Privacy PolicyTerms of Servicejohn@clauseguard.uk

© 2026 ClauseGuard. All rights reserved.