Clearance — Privacy Policy
Effective date: [●]
1. Who we are
Clearance is operated by S Squared Digital (company number 11921000), a company registered in England and Wales, trading as "Clearance" ("we", "us", "our"). For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), we are the controller of the personal data described in this policy.
Registered office: 13 FBX, The Boulevard, Imperial Wharf, London SW6 2TL, United Kingdom · Contact for privacy matters: saif@ssquareddigital.com
2. The short version
- Ad copy and creative you check in the web tool never reaches us. The analysis — including text extraction from images and video — runs in your browser, on your device. We do not receive, store, or see it.
- Material submitted through our API is processed in memory to generate the response and is not stored or logged. We keep only metadata (such as timestamps, the sector/channel selected, flag counts and the verdict level).
- We collect the minimum personal data needed to run accounts, billing and the service: your email address, billing records held by our payment processor, and usage metadata.
- We do not sell personal data, and we do not use your submitted advertising material for any purpose, including training or benchmarking — we never have it.
3. What personal data we collect
Account data. Email address and authentication data when you create an account; your plan and settings.
Billing data. Payments are handled by our payment processor (Stripe). We receive and keep records of your plan, payment status and invoices. We do not receive or store full card details. If we enable pay-per-call payments via the x402 protocol, we will process the paying wallet's public address and settlement references as payment metadata.
Usage metadata. When you run a check (web or API): timestamp, sector and channel selected, whether media was included and its type (image/video), the number and severity of flags, the verdict level, and — for API calls — the API key identifier or payment reference, request latency and status codes. This metadata never includes the text you checked or the creative you uploaded.
Technical and analytics data. Server logs (IP address, user agent, request path) kept briefly for security and rate-limiting; privacy-focused, aggregated analytics about site usage. [● Insert your analytics tool once installed, e.g. Plausible, which does not use cookies or collect personal identifiers.]
Communications. Emails you send us (support, feedback) and our replies; your marketing preferences.
Local storage on your device. The web tool uses your browser's local storage to operate the free-check meter and remember your session/plan state. This is strictly necessary for the service to function and stays on your device.
4. What we deliberately do not collect
- The advertising copy you paste into the web tool, and any image or video you add to it: processed entirely in your browser; never transmitted to us.
- The text submitted to our API: received, processed in memory to produce the response, and discarded. It is not written to databases, logs, backups or analytics, and is not shared with any third party.
- We design tests into our systems intended to prevent submitted copy from appearing in logs or storage.
5. Why we use personal data, and our lawful bases
| Purpose | Data | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Providing the service: accounts, checks, quotas, API keys | Account data, usage metadata | Contract (Art. 6(1)(b)) |
| Billing and subscription management | Billing data | Contract; legal obligation (tax/accounting records) |
| Security, fraud prevention, rate limiting, abuse prevention | Technical data, usage metadata | Legitimate interests (running a secure service) |
| Improving the product (aggregate usage patterns, e.g. most-triggered rule areas) | Aggregated usage metadata only | Legitimate interests |
| Service emails (receipts, important changes to terms or rules coverage) | Contract / legitimate interests | |
| Marketing emails (e.g. our newsletter) | Email, preferences | Consent — you can unsubscribe at any time |
| Responding to support requests | Communications | Legitimate interests |
| Complying with law and enforcing our terms | As relevant | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have considered and balanced them against your rights; you can ask us about this or object (section 9).
6. Who we share personal data with
We use a small number of service providers (processors) acting under contract on our instructions:
- Supabase — account authentication and our database (account data, usage metadata)
- Stripe — payment processing and billing
- Lovable — application hosting and deployment infrastructure
- [● Analytics provider, e.g. Plausible]
- [● Email provider for transactional/marketing email]
We may also disclose personal data where required by law, to professional advisers under confidentiality, or as part of a business sale or restructuring (in which case this policy continues to apply to your data).
We do not sell personal data and do not share it with advertisers or data brokers.
7. International transfers
Some of our providers process data outside the UK (including in the United States and the EEA). Where they do, we rely on appropriate safeguards recognised under UK law — UK adequacy regulations (including, for US providers, certification under the UK Extension to the EU–US Data Privacy Framework where applicable) or the UK International Data Transfer Agreement / Addendum. You can contact us for more information about the safeguards used.
8. How long we keep data
- Account data: for as long as your account is open, then deleted or anonymised within 90 days of closure, except where retention is required by law.
- Billing records: 6 years (UK tax and accounting requirements).
- Usage metadata: up to 24 months, then deleted or aggregated.
- Security/server logs: up to 30 days.
- Support correspondence: up to 24 months after the matter closes.
- Submitted ad copy and creative: not retained at all (see section 4).
9. Your rights
Under UK data protection law you have the right to: access your personal data; have it corrected; have it erased; restrict or object to processing (including any processing based on legitimate interests, and direct marketing — objection to marketing is absolute); data portability; and to withdraw consent at any time where processing is based on consent.
To exercise any right, contact saif@ssquareddigital.com. We will respond within one month. We may need to verify your identity.
You also have the right to complain to the Information Commissioner's Office (ICO) — ico.org.uk, helpline 0303 123 1113 — though we would welcome the chance to address your concern first.
10. Cookies and similar technologies
We aim to run without tracking cookies. We use: (a) strictly necessary local storage for the free-check meter and signed-in session (no consent required under PECR as it is essential to provide the service you request); and (b) [● if applicable: cookieless, aggregate analytics that do not identify you]. If we ever introduce non-essential cookies, we will ask for consent first via a cookie banner and update this section.
11. Security
We take appropriate technical and organisational measures: encryption in transit, hashed credentials and API keys (we store only hashes of API keys, never the keys themselves), access controls, and an architecture designed so the most sensitive material — your advertising content — never reaches our systems at all. No system is perfectly secure; if a personal data breach occurs that risks your rights, we will notify you and the ICO as required by law.
12. Children
The service is intended for business and professional use by adults. It is not directed at children, and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided us personal data, contact us and we will delete it.
13. Automated decision-making
The compliance checks are automated, but they produce informational risk indications about text, not decisions about you, and they have no legal or similarly significant effect on you as an individual. We do not use personal data for automated decision-making of that kind or for profiling.
14. Changes to this policy
We may update this policy from time to time. We will post the updated version with a new effective date and, for material changes, notify account holders by email or in-product notice.
S Squared Digital (company number 11921000), trading as Clearance
Registered office: 13 FBX, The Boulevard, Imperial Wharf, London SW6 2TL, United Kingdom · Privacy contact: saif@ssquareddigital.com