Privacy Policy
Last updated: 9 March 2025
1. Introduction
Short version: we collect what we need to run the product, we don't sell your data, and you can ask us to delete everything whenever you like. Here's the full picture.
CLRITI Ltd ("we", "us", "our") is the data controller responsible for your personal data. We follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
| Category | Examples | Lawful Basis |
|---|---|---|
| Account data | Email address, display name | Contract performance |
| Content data | Strategy text, roadmap data you create | Contract performance |
| Usage data | Pages visited, features used, device & browser info | Legitimate interest |
| Payment data | Billing details processed by Stripe (we do not store card numbers) | Contract performance |
| Communications | Emails or messages you send us | Legitimate interest |
3. How We Use Your Data
- To provide, maintain, and improve the Platform.
- To process payments and manage your subscription.
- To send transactional emails (e.g. password resets, account notifications).
- To analyse usage patterns and improve performance (anonymised where possible).
- To detect, prevent, and address fraud, abuse, or security issues.
- To comply with legal obligations.
4. AI Processing
When you use our AI-powered features, your input text is sent to third-party AI providers (e.g. Google, OpenAI) for processing. This data is used solely to generate your roadmap and is not used by these providers to train their models. We have Data Processing Agreements in place with all AI sub-processors.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Service providers - hosting, payment processing, AI processing, analytics - under appropriate contracts and safeguards.
- Legal authorities - where required by law or to protect our rights.
- Team members - if you invite collaborators, they can see shared project data.
6. International Transfers
Some of our sub-processors operate outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or adequacy decisions.
7. Data Retention
- Account and content data is retained while your account is active.
- Upon account deletion, personal data is removed within 30 days (except where retention is required by law).
- Anonymised usage data may be retained indefinitely for analytics.
8. Your Rights
Under UK GDPR, you have the right to:
- Access - request a copy of the personal data we hold about you.
- Rectification - ask us to correct inaccurate data.
- Erasure - ask us to delete your data ("right to be forgotten").
- Restriction - ask us to limit how we process your data.
- Portability - receive your data in a structured, machine-readable format.
- Objection - object to processing based on legitimate interest.
- Withdraw consent - where processing is based on consent.
To exercise any of these rights, email us at hello@clriti.com. We will respond within one month.
9. Cookies
We use essential cookies required for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are only used with your consent where applicable.
10. Children
The Platform is not intended for individuals under 18. We do not knowingly collect personal data from children.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure authentication, and access controls. However, no method of electronic transmission is 100% secure.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice. The "Last updated" date at the top reflects the most recent revision.
13. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
14. Contact
Data Controller: CLRITI Ltd
Email: hello@clriti.com