Legal

Privacy Policy.

Last updated: 22 May 2026

Contents

  1. Who we are
  2. Scope of this policy
  3. The personal data we collect
  4. How we use your data
  5. How we share your data
  6. International transfers
  7. How long we keep your data
  8. Your rights
  9. Cookies
  10. Security
  11. Children
  12. Changes to this policy
  13. Complaints
  14. Contact
01

Who we are.

Clarent Labs Ltd ("Clarent", "we", "us", "our") is a company registered in England and Wales (company number [PLACEHOLDER — Companies House registration number]), with its registered office at [PLACEHOLDER — registered office address]. We provide audit and accountability infrastructure for AI agents used by UK-regulated financial services firms.

We are the data controller for personal data collected through this website (clarentlabs.com). For personal data we process on behalf of our customer firms through the Clarent platform, the customer firm is the controller and Clarent acts as a processor; that relationship is governed by a separate data processing agreement signed alongside the platform contract.

We are registered with the Information Commissioner's Office (ICO) under registration number [PLACEHOLDER — ICO registration number]. The registration can be verified on the ICO's public register at ico.org.uk.

02

Scope of this policy.

This policy describes how we collect, use, and protect personal data when you:

  • Visit clarentlabs.com or any subdomain;
  • Submit an enquiry through our pricing form, or contact us through any other mechanism on the website;
  • Correspond with us by email at any address on the clarentlabs.com domain.

It does not cover personal data we process on behalf of our customer firms through the Clarent platform itself. That processing is governed by the data processing agreement signed between Clarent and the customer firm. If you believe personal data about you is being processed through the Clarent platform and you wish to exercise your rights, please contact your firm in the first instance; we will support them in fulfilling your request.

03

The personal data we collect.

We collect and process the following categories of personal data through the website:

  • Identity and contact information you provide when submitting our pricing form: your name, work email, and company. Optionally, anything you choose to write in a free-text field.
  • Email correspondence: if you email us at any address on the clarentlabs.com domain, we process the content of your message and any data it contains.
  • Technical data automatically collected when you visit the site: your IP address, approximate geographic location, browser and device characteristics, the pages you view, and the date and time of your visit. This data is collected through standard web server logs and through Cloudflare, our hosting and content delivery provider.

We do not knowingly collect special category personal data (such as health information, religious belief, political opinion, or biometric data) through this website. We have no need for it. Please do not include such data in free-text fields.

04

How we use your data.

We use your personal data only for the purposes set out below, and only on the legal bases specified, in accordance with Article 6 of the UK GDPR.

Purpose Data used Legal basis
Respond to your pricing enquiry Identity, contact, content of submission Pre-contractual steps requested by you (Art 6(1)(b)) and consent (Art 6(1)(a))
Send a written commercial proposal Identity, contact, content of submission Pre-contractual steps (Art 6(1)(b))
Subsequent sales follow-up where you have engaged with us Identity, contact Legitimate interest (Art 6(1)(f)): pursuing a commercial relationship initiated by you. We always honour withdrawal requests promptly.
Operate, secure, and improve the website Technical data Legitimate interest (Art 6(1)(f)): delivering a working, secure website
Comply with legal and regulatory obligations Any of the above Legal obligation (Art 6(1)(c))

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

We do not use your personal data for marketing communications unless you have specifically asked us to. If we ever introduce a newsletter or similar communication, your participation will be opt-in only.

05

How we share your data.

We share personal data only with the following categories of third parties:

Sub-processors that operate our infrastructure

  • Cloudflare, Inc. — provides DNS, content delivery, edge security, and DDoS protection for clarentlabs.com. Cloudflare may process IP addresses of website visitors for those purposes.
  • Web3Forms — handles delivery of submissions from our pricing form to our internal inbox. They process the form contents (your name, company, work email, and any free-text content) for the duration required to relay the message.
  • Our email provider (currently [PLACEHOLDER — e.g. Google Workspace, Microsoft 365]) — processes the content of email correspondence sent to or received from clarentlabs.com addresses.

Professional advisers

Lawyers, accountants, auditors, and insurers, only where strictly necessary for them to provide their service to us, and only on the basis of professional duties of confidentiality.

Authorities

Law enforcement, regulators, courts, and other public authorities, but only where we are required to disclose by law (for example, in response to a valid court order or statutory request).

What we never do

We do not sell personal data. We do not share personal data with advertising networks or data brokers. We do not transfer your data to third parties for their own marketing purposes.

06

International transfers.

Our hosting and processing infrastructure is located in the United Kingdom and the European Union:

  • The clarentlabs.com website is served from Cloudflare's edge network. Cloudflare uses globally distributed points of presence, but caches public content only; personal data submitted through the pricing form is not cached at the edge.
  • Our Clarent platform infrastructure is hosted on Google Cloud in the europe-west2 (London) region.
  • Some of our sub-processors are headquartered outside the United Kingdom. Where personal data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or equivalent legal safeguards.

If you would like more detail about a specific transfer or want to receive a copy of the safeguards we rely on, contact us at the address below.

07

How long we keep your data.

We keep personal data only as long as we need it for the purposes set out above, then we delete or anonymise it. Specifically:

  • Pricing enquiries that did not result in a contract: kept for up to 24 months after our last meaningful exchange with you, then deleted. This window reflects the typical procurement timeline at large UK financial services firms.
  • Pricing enquiries that resulted in a contract: retained for the duration of the contract plus seven years thereafter, in line with English contract limitation periods and the regulatory expectations of our customer firms.
  • Email correspondence: kept for up to seven years, consistent with UK accounting record-keeping requirements and our limitation-period obligations.
  • Server and Cloudflare logs: kept for a maximum of 30 days, then deleted or anonymised.

If you would like us to delete your data sooner than the periods above, see the next section.

08

Your rights.

UK GDPR gives you a number of rights in relation to your personal data. You can:

  • Access the personal data we hold about you, and receive a copy of it;
  • Rectify inaccurate or incomplete data;
  • Erase your personal data (the "right to be forgotten"), subject to limited exceptions where we are required or permitted to keep it;
  • Restrict our processing of your data in certain circumstances;
  • Object to processing based on legitimate interest;
  • Receive your data in a portable form: a structured, commonly used, machine-readable format, where the processing is based on consent or contract and carried out by automated means;
  • Withdraw consent at any time where our processing is based on consent. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, email us at privacy@clarentlabs.com. We will respond within one month of receiving your request, as required by UK GDPR. We may need to verify your identity before acting on a request. There is no charge to exercise these rights, although we may charge a reasonable fee or refuse manifestly unfounded or excessive requests, as permitted by law.

09

Cookies.

The website uses a small number of cookies, all of which are strictly necessary for the site to function and remain secure. We do not use cookies for analytics, advertising, retargeting, or behavioural tracking. Because the cookies we set are strictly necessary, we do not display a consent banner. Full details — each cookie's name, provider, purpose, and expiry — are in our Cookie Policy.

10

Security.

We protect personal data with technical and organisational security measures appropriate to the risk, including:

  • Encryption in transit (TLS) for all data exchanged with our infrastructure;
  • Encryption at rest where applicable;
  • Role-based access controls and the principle of least privilege for staff access;
  • Multi-factor authentication for staff accounts and administrative interfaces;
  • Regular review of access logs, system configuration, and third-party security postures.

If we ever experience a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it. Where required by law, we will also notify you directly without undue delay.

If you believe you have identified a security issue affecting our website or platform, please disclose it responsibly to security@clarentlabs.com.

11

Children.

The Clarent website and platform are intended for use by professionals in UK-regulated financial services and adjacent industries. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact us and we will delete it.

12

Changes to this policy.

We may update this policy from time to time, for example to reflect changes in our infrastructure, our processing activities, or the law. The "Last updated" date at the top of this page reflects the most recent change. If we make a material change to how we handle personal data, we will give reasonable prominent notice on the website and, where appropriate, contact you directly.

13

Complaints.

If you believe we have not handled your personal data in accordance with this policy or with the law, please tell us first by emailing privacy@clarentlabs.com and we will do our best to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator, without first contacting us:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14

Contact.

For any question about this policy, or to exercise any of your rights: