Privacy Policy
How we collect, use, and protect your information.
Clairvoyant AI Limited, trading as Clairvynt ("Clairvynt", "we", "us", "our"), is committed to protecting the privacy and security of personal data. This policy explains how we collect, use, and protect your information.
Clairvoyant AI Limited is a company registered in Scotland (company number SC693791), with registered office at 25 Cairn Road, Bieldside, Aberdeen, AB15 9AL.
We are registered with the Information Commissioner's Office (ICO) as a data controller. Registration reference: C1889720.
1. What Information We Collect
1.1 Information You Provide
- Contact details when you enquire about our services: name, email address, phone number, job title, and company name
- Contract and billing information when you become a client: company details, invoicing information, authorised contact names
- Communication records: emails, meeting notes, and correspondence related to our business relationship
1.2 Information Collected via Our Website
- Contact form submissions: when you use the "Contact Us" form on our website, we collect the information you provide (typically name, email address, and your message)
- We do not use cookies, analytics tracking, or other automated data collection on our website
1.3 Information We Process on Behalf of Clients
When providing our products (Synapse | Organisational Intelligence, Tender Response Assistant, Workpack Generator, and R&D Tax Claim Assistant), we process our clients' operational documents as a data processor. This processing is governed by a separate Data Processing Agreement (DPA) with each client, not this privacy policy. We do not use client data for any purpose other than providing the agreed service, and we do not use client data to train AI models.
2. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Responding to enquiries and providing quotes | Legitimate interest (Article 6(1)(f)) |
| Delivering our contracted services | Performance of a contract (Article 6(1)(b)) |
| Invoicing and financial administration | Performance of a contract / legal obligation |
| Sending relevant product updates to existing clients | Legitimate interest (Article 6(1)(f)) |
| Improving our website and services | Legitimate interest (Article 6(1)(f)) |
| Complying with legal and regulatory obligations | Legal obligation (Article 6(1)(c)) |
We do not use your data for automated decision-making or profiling.
3. Who We Share Your Data With
We use sub-processors to help deliver our services. The current list of sub-processors, including AI model providers used inside our products, is maintained at:
The register identifies each sub-processor, the purpose of processing, the region in which processing takes place, and the applicable safeguard (for example, the provider's DPA, UK Standard Contractual Clauses, or the UK-US Data Bridge).
Clients are given at least 30 days' prior written notice of material changes to sub-processors within their agreed Hosting Tier, with the opportunity to object.
No AI model provider uses client data to train its models. We do not sell your personal data to third parties and we do not share it with third parties for their marketing purposes.
4. How We Protect Your Data
We take the security of your data seriously. Our measures include:
- Encryption of data in transit (TLS) and at rest
- Multi-factor authentication on all business systems
- Access controls restricting data access to authorised personnel only
- Regular review of security measures
- Logical separation of each client's data (separate databases and search indexes)
We are working towards Cyber Essentials and ISO 27001 certification.
5. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes described above:
| Data type | Retention period |
|---|---|
| Enquiry / prospect data | 2 years from last contact, then deleted |
| Client contract data | Duration of contract + 6 years (legal/accounting requirement) |
| Invoicing and financial records | 6 years from end of financial year (HMRC requirement) |
| Contact form submissions | 2 years from last contact, then deleted |
| Employee / contractor records | Duration of engagement + 6 years |
After the retention period, data is securely deleted or anonymised.
6. Your Rights
Under UK GDPR, you have the following rights:
- Access your personal data (Subject Access Request)
- Rectification of inaccurate data
- Erasure of your data (where there is no legal basis for continued processing)
- Restriction of processing
- Data portability (receive your data in a machine-readable format)
- Object to processing based on legitimate interest
- Withdraw consent at any time (where consent is the lawful basis)
To exercise any of these rights, contact us at: privacy@clairvynt.com
We will respond within one month. If a request is complex, we may extend this by a further two months and will inform you within the first month.
7. Cookies
Our website (clairvynt.com) does not use cookies or similar tracking technologies. If this changes in the future, we will update this policy and implement a cookie consent mechanism where required.
8. International Transfers
8.1 Storage
Client operational data processed through our products is stored in the United Kingdom (Azure UK South) under all Hosting Tiers.
Personal data collected under this policy (contact enquiries, client administration) is held in the United Kingdom and European Economic Area (EEA), which the UK Government recognises as providing an adequate level of data protection under UK GDPR.
8.2 AI model inference
AI model inference may take place in different regions depending on the Hosting Tier agreed with the client:
- Tier 1 — Strict UK: inference in the United Kingdom only
- Tier 2 — UK + EEA (default): inference in the United Kingdom or EEA. Transfers within the UK/EEA do not require additional safeguards
- Tier 3 — UK + EEA + US (opt-in): inference may additionally take place with named US providers under UK IDTA / UK Addendum to EU SCCs and, where applicable, the UK Extension to the EU-US Data Privacy Framework. Tier 3 is only enabled by a signed DPA Variation
Each client's tier is recorded in their signed DPA. The current list of sub-processors by tier is maintained at clairvynt.com/sub-processors.
9. Children
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this privacy policy from time to time. The latest version will always be available at clairvynt.com/privacy. We will notify existing clients of material changes by email. Routine changes to our sub-processor list are notified via the Sub-Processor Register, not this policy.
11. Contact Us
If you have questions about this privacy policy or how we handle your data:
Data Protection Lead: Mark Lunney
Email: privacy@clairvynt.com
Post: Clairvoyant AI Limited, 25 Cairn Road, Bieldside, Aberdeen, AB15 9AL
12. Complaints
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk
Last updated: 14 April 2026 | Version 1.5