← Back to ClarityFP

Privacy Policy

Last updated: May 2026

Plain English Summary

ClarityFP collects the minimum data needed to run the service. We store your financial data securely on UK servers, never sell it, and you can delete it at any time. We are GDPR compliant.

1.1 Who We Are

ClarityFP Ltd ("ClarityFP", "we", "our", "us") is a company registered in England and Wales. We operate the financial performance management platform available at useclarityfp.com. We are the data controller for personal data processed through our platform. Contact for privacy matters: privacy@useclarityfp.com.

1.2 Data We Collect

Account Data

  • Full name and email address (collected at registration)
  • Hashed password (we never store your password in plain text)
  • User role (Business Owner or Advisor)
  • Company name, Companies House number, and VAT number (optional)
  • Profile avatar or firm logo (if uploaded)

Financial Data

  • Profit and loss data, balance sheet data, and cash flow data imported from your accounting software (Xero, QuickBooks, Sage)
  • Bank transaction data accessed via Open Banking connections
  • Budget data and forecasts that you create within the platform
  • Accounts receivable and accounts payable data from your accounting software
  • Management reports and commentary generated within the platform

Usage Data

  • Login timestamps and session information
  • Pages visited and features used within the platform
  • Browser type, device type, and operating system
  • IP address (used for security and fraud prevention, not for marketing)

AI Interaction Data

  • Queries submitted to the "Ask ClarityFP" natural language interface
  • AI-generated insights, summaries, and analysis generated on your behalf
We do not use your financial data to train AI models. All AI processing is performed by Anthropic (Claude) under a data processing agreement that prohibits training on customer data.

1.3 How We Use Your Data

PurposeLegal BasisRetention
Providing the platform and its featuresContract performanceDuration of account + 30 days
Generating AI insights and summariesContract performanceCached for 24 hours, then deleted
Sending alerts and notificationsContract performanceUntil alert is dismissed
Sending transactional emailsContract performanceLog retained 90 days
Preventing fraud and ensuring securityLegitimate interests90 days rolling
Improving platform performanceLegitimate interests12 months anonymised
Complying with legal obligationsLegal obligationAs required by law (typically 7 years for financial records)

1.4 Data Storage and Security

  • All data is stored on servers located in the United Kingdom (AWS eu-west-2, London region)
  • Data is encrypted in transit using TLS 1.3
  • Data is encrypted at rest using AES-256 encryption
  • Accounting software access tokens (Xero, QuickBooks) are encrypted using AES-256 before storage
  • Access to customer data is restricted to ClarityFP staff on a need-to-know basis
  • We maintain audit logs of all data access and modifications
  • We conduct regular security reviews and penetration testing

1.5 Data Sharing

We do not sell your personal or financial data. We share data only in the following circumstances:

With Your Advisor (at your explicit request)

If you invite an accountant or Fractional CFO to access your ClarityFP account, they will be able to see all financial data, reports, and insights within the platform. You control their access and can revoke it at any time.

With Service Providers

We use the following categories of third-party service providers who process data on our behalf under strict data processing agreements:

  • Cloud hosting: AWS (UK region) — database and file storage
  • AI inference: Anthropic (Claude API) — generating insights, summaries, and commentary
  • Email delivery: Resend — transactional emails and alerts
  • Open Banking: TrueLayer (FCA-regulated) — read-only bank data access

With Authorities

We may disclose data to regulatory authorities, law enforcement, or courts where required by law or where necessary to protect the rights, property, or safety of ClarityFP, our users, or others.

1.6 Your Rights Under UK GDPR

  • Right of access — request a copy of all personal data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your account and all associated data
  • Right to restriction — request that we limit how we use your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Rights related to automated decision-making — we do not make solely automated decisions with legal effects

To exercise any right, email privacy@useclarityfp.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

1.7 Cookies

We use essential cookies only. See our Cookie Policy for full details.

1.8 Changes to This Policy

We will notify registered users by email of any material changes to this policy at least 30 days before they take effect. Continued use of the platform after that date constitutes acceptance.

PrivacyTermsCookiesAI DisclaimerData ProcessingSub-Processors