Privacy Policy

1. Introduction

Clarus Enhanced Limited (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and legal services.

We are authorised and regulated by the Solicitors Regulation Authority (SRA) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Clarus Enhanced Limited is the data controller for personal data collected through this website and in connection with our legal services.

• Registered address: [To be confirmed]
• Company number: [To be confirmed]
• Contact: contact@clarusenhanced.co.uk

3. What Data We Collect

We may collect the following personal data:

• Full name, email address, phone number, and postal address
• Company name (where applicable)
• Documents submitted for legal review
• Photographic identification (via Sumsub — see Section 6)
• Biometric data for identity verification purposes (via Sumsub)
• Payment and transaction information (via Stripe — see Section 6)
• Case-related information (claim numbers, court details, deadlines)
• Voice recordings and transcripts from client objectives calls (via Penelope/ElevenLabs — see Section 6)
• Communications between you and Clarus
• Website usage data (cookies, IP address, browser type)
• Waitlist and early access registration information

4. How We Use Your Data

We process your personal data for the following purposes:

• To provide legal services under an agreed retainer
• To process payments via Stripe
• To verify your identity in accordance with regulatory obligations (AML, KYC, PEP screening) via Sumsub
• To conduct client objectives calls and record instructions via Penelope (ElevenLabs)
• To communicate with you about your matter and our services
• To comply with our legal and regulatory obligations as an SRA-regulated firm
• To manage complaints and disputes
• To improve our website and services
• To manage our waitlist and early access programme

5. Legal Basis for Processing

We rely on the following legal bases under UK GDPR:

• Contract: Processing necessary to perform our legal services and fulfil our engagement with you
• Legal obligation: Compliance with SRA regulations, anti-money laundering rules, KYC obligations, and tax obligations
• Legitimate interest: Improving our services, website functionality, and platform security
• Consent: Where you have given explicit consent, including for marketing communications and call recording

6. Third-Party Processors and Data Sharing

We do not sell your personal data. We work with the following third-party processors who process data on our behalf:

Sumsub — Identity Verification

We use Sumsub to electronically verify client identity and conduct AML, KYC, and PEP screening as required by our regulatory obligations.

Sumsub processes:

• Full name and date of birth
• Photographic identification (passport or driving licence)
• Proof of address
• Biometric facial data for identity matching purposes
• PEP and sanctions screening results

Sumsub is bound by a Data Processing Agreement with Clarus. Data is retained for a minimum of 6 years from the conclusion of the matter in accordance with SRA guidance. For details of Sumsub’s own privacy practices, see: www.sumsub.com/privacy-notice

Stripe — Payment Processing

We use Stripe to process payments for our services. Stripe processes your payment card details, billing information, and transaction history. Clarus does not store payment card details on its own servers. All payment data is tokenised and handled by Stripe in accordance with PCI-DSS standards.

For details of Stripe’s privacy practices, see: www.stripe.com/gb/privacy

ElevenLabs — Penelope AI Paralegal (Call Recording)

For Tiers 2, 3, 4, and 5, your initial client objectives call is conducted by Penelope, an AI voice agent powered by ElevenLabs.

You should be aware that:

• Your call with Penelope will be recorded and transcribed
• The transcript is used solely to record your instructions and pass them to the reviewing solicitor
• By proceeding with a client objectives call, you consent to the call being recorded and transcribed
• Nothing said by Penelope constitutes legal advice
• ElevenLabs is a US-based company; appropriate UK GDPR Chapter V safeguards are in place for any data transfer
• ElevenLabs shall not use your call recording or transcript to train AI models
• Call transcripts are retained for a minimum of 6 years from the conclusion of your matter in accordance with SRA guidance

For details of ElevenLabs’ privacy practices, see: www.elevenlabs.io/privacy

Cloud Hosting Provider

Our platform and all client data are hosted on secure cloud infrastructure. [To be confirmed]. Data is stored in encrypted form with restricted access controls. We seek to maintain UK data residency where possible.

Regulatory Bodies

We may share your data with regulatory bodies where required by law, including the SRA, HMRC, and the courts.

All third-party processors are contractually bound to protect your data in accordance with UK GDPR.

7. Data Retention

We retain personal data for a minimum of 6 years from the conclusion of the relevant client matter, in accordance with SRA guidance and the Limitation Act 1980.

This applies to all categories of data we hold, including:

• Client files and legal documents
• Identity verification records
• Payment records
• Call recordings and transcripts
• Communications

Where a longer retention period is required by law, regulation, or court order, data will be retained for that longer period.

Upon expiry of the applicable retention period, data will be securely and permanently deleted.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data at rest and in transit
• Secure, access-controlled cloud storage
• Role-based access controls
• Regular security reviews

Payment data is processed by Stripe and is never stored on our servers. Documents submitted for review are stored in encrypted cloud storage with restricted access.

9. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal and regulatory retention obligations)
• Object to or restrict processing
• Data portability
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at contact@clarusenhanced.co.uk. We will respond within one calendar month.

10. Cookies

Our website uses cookies to ensure functionality and to understand how visitors use our site. We use the following categories of cookies:

• Essential cookies — necessary for the website to function. These cannot be disabled. They include session management, security, and login functionality.
• Analytics cookies — help us understand how visitors interact with our website (e.g. pages visited, time on site). These are only set with your consent.
• Marketing cookies — used to track visitors across websites for the purposes of displaying relevant advertising. These are only set with your express consent.

You can manage your cookie preferences at any time using the Cookie Preferences link in the footer of our website. You may also manage cookies through your browser settings, but disabling essential cookies may affect website functionality.

11. International Transfers

Where personal data is transferred outside the United Kingdom (for example, to ElevenLabs or Sumsub’s infrastructure providers), we ensure that appropriate safeguards are in place in accordance with UK GDPR Chapter V, including Standard Contractual Clauses approved by the Information Commissioner’s Office where applicable.

12. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at contact@clarusenhanced.co.uk.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated version date. We encourage you to review this policy periodically.