Data Processing Notice

1. Data Controller

Clarus Enhanced Limited is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

• Contact: contact@clarusenhanced.co.uk
• Registered address: [To be confirmed]
• Company number: [To be confirmed]

We are committed to handling all personal data lawfully, fairly, and transparently.

2. Lawful Basis for Processing

We process personal data:

• For the performance of a contract (provision of legal services)
• To comply with legal and regulatory obligations, including AML and SRA requirements
• For legitimate interests in managing and administering our business
• Where required, on the basis of client consent (including call recording consent)

3. Categories of Data Processed

Depending on the nature of the instruction, we may process:

• Identity and contact details
• Biometric identity data (via Sumsub for AML/KYC verification)
• Financial and payment information (via Stripe)
• Litigation-related documentation
• Employment or corporate information
• Voice recordings and transcripts from client objectives calls (via ElevenLabs/Penelope)
• Special category data where relevant to a dispute or matter

We only collect data that is necessary for the defined scope of the retainer.

4. Our Third-Party Processors

Sumsub — Identity Verification

We use Sumsub to verify client identity and conduct AML, KYC, and PEP screening as required under our regulatory obligations as an SRA-authorised firm. Sumsub may process biometric facial data for identity matching purposes. This data is processed solely for identity verification and regulatory compliance. It is not used for any other purpose.

Stripe — Payment Processing

Payments are processed securely via Stripe. Clarus does not store payment card details. Stripe processes payment data in accordance with PCI-DSS standards.

ElevenLabs — Penelope AI Paralegal

Penelope is an AI voice agent powered by ElevenLabs. She conducts client objectives calls for Tiers 2–5 and records and transcribes client instructions.

• By proceeding with a client objectives call, you consent to recording and transcription
• Nothing said by Penelope constitutes legal advice
• Call transcripts are passed to the reviewing solicitor and retained for 6 years in accordance with SRA guidance

Cloud Infrastructure

All platform data is hosted on secure, encrypted cloud infrastructure. [To be confirmed]. Access is restricted to authorised personnel only.

5. AI-Assisted Document Review

Where clients submit documents generated using artificial intelligence tools, Clarus processes those documents solely for the purpose of regulated legal review.

Clarus does not:

• Train AI models using client data
• Sell or commercially exploit client data
• Share data with AI platforms beyond what is strictly necessary for secure drafting support

Any use of AI within our internal systems remains under solicitor supervision and subject to confidentiality obligations. All regulated legal work is performed by a qualified, SRA-regulated solicitor.

6. Confidentiality and Security

All client information is treated as strictly confidential and is protected by:

• Solicitor-client confidentiality obligations
• Professional regulatory duties under SRA Standards and Regulations
• Secure cloud-based legal practice management systems
• Restricted internal access controls
• Encryption at rest and in transit

7. Data Retention

All personal data is retained for a minimum of 6 years from the conclusion of the relevant client matter, in accordance with SRA guidance and the Limitation Act 1980.

This applies to all categories of data, including:

• Identity verification records
• Payment records
• Client documents
• Legal outputs
• Call transcripts

Data is securely deleted upon expiry of the applicable retention period.

8. Client Rights

Under UK GDPR, clients have the right to:

• Request access to their personal data
• Request correction of inaccurate data
• Request restriction of processing
• Object to certain processing
• Request erasure (where legally permissible and not in conflict with SRA retention obligations)

Requests should be made in writing to: contact@clarusenhanced.co.uk

We will respond within one calendar month of receiving your request.

9. Regulatory Oversight

If you have concerns regarding data handling, you may contact:

Information Commissioner’s Office (ICO)

• Website: ico.org.uk
• Telephone: 0303 123 1113

Clarus’s AI-assisted workflow is designed to enhance compliance and risk reduction — not to replace professional legal judgment. All regulated legal work is performed by a qualified solicitor.

10. Changes to This Notice

We may update this Notice from time to time. Any changes will be posted on this page with an updated version date.