Privacy Policy

This explains what data ClearBuild collects, why we collect it, and what we do with it. We aim to keep this simple and human.

Who we are

ClearBuild Limited is the data controller for the personal data we process. You can reach us at info@clear.build.

What we collect

Account data: your name, email address, and a hashed version of your password. We never store your actual password.

Project data: the projects, areas, tasks, suppliers, quotes, contracts, invoices, files and timeline entries you create in the Service.

Payment data: subscription status, plan, billing cycle, and the last 4 digits of your card. Full card details are stored by Stripe, not by us.

Usage data: the pages you visit, the features you use, and any errors you encounter. This helps us improve the Service.

Communications: any emails you send us and our replies.

Why we collect it (lawful basis)

• To provide the Service: performance of our contract with you.
• To bill you: performance of our contract with you.
• To send transactional email (verification, password reset, trial ending, payment receipts): performance of our contract.
• To improve the Service: our legitimate interest in operating and improving a useful product.
• To comply with law: legal obligation (e.g. retaining billing records for HMRC).

How long we keep it

• Account and project data: while your account is active, plus 60 days after closure.
• Billing records: 6 years (UK tax requirement).
• Usage analytics: 12 months.
• Support emails: 2 years.

Who we share it with

We use these third-party processors to operate ClearBuild. They handle your data on our behalf under contract:

• Stripe: payment processing. Card details and subscription information.
• Postmark: transactional email. Your name and email address.
• AWS S3: file storage for photos and documents you upload.
• Laravel Cloud: application hosting and database.
• PostHog: product analytics. Usage events tied to your user ID.
• Sentry: error monitoring. Error reports including your user ID, email and IP, used to investigate and fix issues.

We don't sell or rent your personal data to anyone. We only share data with the providers above and only what's needed for them to do their job.

International transfers

Some of our processors are based outside the UK (e.g. Stripe, Postmark and Sentry in the US). Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as UK Standard Contractual Clauses or an adequacy decision recognised by the UK.

Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct anything that's inaccurate
• Have your data deleted (subject to our legal retention obligations)
• Restrict how we process your data
• Port your data to another service
• Object to processing based on legitimate interests
• Withdraw any consent you've given
• Complain to the Information Commissioner's Office (ico.org.uk)

To exercise any right, email us at info@clear.build. We'll respond within one month.

Cookies

We use essential cookies to keep you signed in and remember your preferences. Analytics cookies (via PostHog) help us understand how the Service is used. These are optional and can be declined.

Security

We use industry-standard measures to protect your data: encrypted connections (HTTPS), encrypted passwords, encrypted file storage, regular backups, and limited internal access on a need-to-know basis.

Children

The Service is intended for adults. We don't knowingly collect data from anyone under 18. If you believe we have, contact us and we'll delete it.

Changes

We may update this policy as the Service evolves. We'll notify you of material changes by email at least 14 days before they take effect.

Contact

Questions about your data or this policy: info@clear.build

To raise a concern with a regulator: the Information Commissioner's Office, ico.org.uk