Privacy Policy

1. Introduction

ClarLabs ("we," "our," or "us") is committed to protecting your privacy and the security of your personal information. As a company specializing in security and compliance services, we hold ourselves to the highest standards of data protection in all our operations.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise interact with us. This policy is designed to be transparent and comprehensive, giving you clear information about your data rights and our practices.

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with the terms of this policy, please do not access the website or use our services.

2. Information We Collect

Personal Information You Provide to Us

We may collect personal information that you voluntarily provide to us when you:

• Register for an account or create a profile
• Sign up for our newsletter or marketing communications
• Complete forms or surveys on our website
• Request a demo or consultation
• Submit a support request or contact our customer service
• Apply for a job
• Purchase or use our services
• Participate in webinars, events, or promotions

This information may include your name, email address, phone number, job title, company name, company size, industry, business address, billing information, and any other information you choose to provide.

Information We Collect Automatically

When you visit our website, use our applications, or interact with our services, we and our third-party service providers may automatically collect certain information about your device and usage patterns. This information may include:

• Device information (IP address, browser type and version, operating system, device type)
• Usage data (pages visited, time spent on pages, referring website)
• Location information (country, region, city based on IP address)
• Performance data (response times, download errors, page interaction information)
• Log data (search terms, date and time of access, features used)

We collect this information using cookies, web beacons, server logs, and similar technologies. For more detailed information about our use of these technologies, please refer to our Cookie Policy.

Information from Third-Party Sources

We may receive information about you from other sources, including:

• Business partners (when they share information with us for joint marketing efforts)
• Data enrichment providers (to verify and enhance the information we have about our customers)
• Public databases and directories (for business contact information)
• Social media platforms (when you interact with our content or connect your social media account)

We use this information to maintain the accuracy of our records, enhance our ability to provide relevant services, and improve our marketing and communication efforts.

Special Categories of Data and Sensitive Information

In general, we do not collect or process special categories of personal data (such as health information, biometric data, or information about political opinions). However, in specific circumstances where such processing is necessary for our services (such as specific compliance implementations), we will only do so with appropriate legal basis and safeguards in place, and will provide explicit notice to you.

3. How We Use Your Information

We may use the information we collect for various purposes, including to:

• Provide, maintain, and improve our services: Including processing transactions, managing your account, and delivering the functionality you request
• Communicate with you: Sending service notifications, technical updates, security alerts, administrative messages, and support responses
• Personalize your experience: Tailoring content, recommendations, and offers based on your preferences and usage patterns
• Marketing and promotion: Informing you about new services, features, or events that may be of interest (subject to your preferences and consent where required)
• Research and analytics: Understanding how our services are used, testing new features, and analyzing trends to improve user experience
• Security and compliance: Protecting our services, preventing fraud, and meeting legal obligations
• Customer support: Responding to your inquiries, troubleshooting issues, and providing technical assistance
• Business operations: Managing our everyday business needs, such as accounting, internal auditing, and legal compliance

Automated Decision Making and Profiling

We may use automated systems to analyze your information and make decisions or predictions. For example, we may use algorithms to:

• Recommend services based on your organization's profile and needs
• Detect potential security threats or suspicious activity
• Determine which marketing communications might be most relevant to you

You have the right not to be subject to decisions based solely on automated processing if they produce legal effects or similarly significantly affect you, except where such processing is necessary for a contract, authorized by law, or based on your explicit consent. If you wish to contest an automated decision, please contact us using the information in the "Contact Us" section.

4. Legal Basis for Processing

We process your personal information under one or more of the following legal bases:

• Performance of a Contract: When processing is necessary to fulfill our contractual obligations to you, such as providing our services after you purchase a subscription
• Legitimate Interests: When processing is necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your rights and freedoms (such as improving our services, preventing fraud, or direct marketing to business customers)
• Legal Obligation: When processing is necessary to comply with a legal or regulatory obligation
• Consent: When you have given clear, specific consent for us to process your personal information for a particular purpose (such as to receive marketing emails)

Where we rely on legitimate interests as a basis for processing, we conduct a balancing assessment to ensure that our processing is necessary and that your fundamental rights and freedoms do not override those interests. You can obtain information about this balancing assessment by contacting us.

Where we rely on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

Service Providers

We may share your information with third-party vendors, service providers, contractors, or agents who perform services on our behalf, such as:

• Cloud hosting and infrastructure providers
• Analytics and business intelligence platforms
• Customer relationship management systems
• Marketing and communication tools
• Payment processors
• Professional service providers (legal, accounting, etc.)

These third parties have access to your information only to perform these tasks on our behalf and are contractually obligated to protect your data and not use or disclose it for any other purpose.

Corporate Transactions

If we are involved in a merger, acquisition, sale of all or a portion of our assets, financing, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to:

• Enforce our terms, agreements, or policies
• Protect our legal rights, privacy, safety, or property, or that of our users or others
• Protect against legal liability
• Detect, investigate, or prevent potential unlawful activities

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Aggregated or De-identified Data

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, for various purposes including research, analysis, and service improvement. This information may be shared publicly or with business partners, affiliates, or other third parties.

6. Data Security Measures

As a security and compliance company, we implement robust technical, administrative, and physical safeguards designed to protect the security, confidentiality, and integrity of your personal information. Our security program includes:

• Encryption: We use industry-standard encryption technologies to protect data in transit (TLS) and at rest (AES-256)
• Access Controls: We employ role-based access controls, multi-factor authentication, and least privilege principles to restrict internal access to personal data
• Security Monitoring: We maintain 24/7 monitoring of our systems for potential security events and unauthorized access attempts
• Vulnerability Management: We conduct regular vulnerability scanning and penetration testing to identify and remediate security weaknesses
• Security Awareness: All staff receive regular security training and must comply with our comprehensive information security policies
• Incident Response: We maintain formal incident response procedures to quickly address any security incidents that may occur
• Business Continuity: We implement backup, redundancy, and disaster recovery measures to ensure the availability of our systems and your data

We regularly review and update our security practices to address new and evolving threats and strengthen our protection mechanisms. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us by contacting our security team at security@clarlabs.com.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Right to Access: You can request a copy of the personal information we hold about you and details of how we use it
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal information
• Right to Erasure: You can request that we delete your personal information in certain circumstances
• Right to Restrict Processing: You can ask us to temporarily or permanently stop processing your personal information
• Right to Data Portability: You can request a copy of your personal information in a structured, machine-readable format for your own purposes
• Right to Object: You can object to our processing of your personal information for specific purposes, such as direct marketing or profiling
• Right to Withdraw Consent: Where we rely on your consent to process your personal information, you can withdraw that consent at any time

To exercise these rights, please contact us using the information in the "Contact Us" section. We will respond to your request within the timeframe required by applicable law (typically 30 days, but may be extended by an additional 60 days when necessary, depending on the complexity of the request).

Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision.

Managing Your Marketing Preferences

You can manage your marketing preferences in the following ways:

• Following the unsubscribe instructions in marketing emails
• Updating your communication preferences in your account settings
• Contacting us using the information in the "Contact Us" section

Please note that even if you opt out of marketing communications, we may still send you service-related and administrative messages, such as those about your account, subscription, or responses to your requests.

Do Not Track Signals

Some browsers offer a "Do Not Track" feature that signals to websites that you do not want to have your online activities tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our websites currently do not respond to DNT signals. Instead, you can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using our services)
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
• Whether retention is advisable in light of our legal position (such as for statutes of limitations, litigation, or regulatory investigations)

When we no longer need to process your personal information for the purposes set out in this Privacy Policy, we will delete or anonymize your information. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.

Account Closure

If you close your account or request that we delete your information, we will remove your personal information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our Terms of Service, and/or comply with legal requirements.

9. International Data Transfers

ClarLabs operates globally, and your information may be processed and stored in countries other than your own. These countries may have data protection laws that are different from those in your country. By using our services, you acknowledge that your personal information may be transferred to countries outside your country of residence.

When we transfer personal information across borders, we take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Policy and applicable laws. These safeguards may include:

• Transferring to countries recognized as providing an adequate level of legal protection
• Implementing standard contractual clauses approved by relevant authorities
• Requiring comprehensive privacy and security safeguards from third parties
• Obtaining your explicit consent for certain types of transfers (where appropriate)

For transfers to third parties, we require all third parties to respect the security of your personal information and to treat it in accordance with applicable laws. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

10. Subprocessors and Service Providers

We use carefully selected third-party service providers to help us provide our services and process personal data on our behalf. These providers act as data processors and are subject to contractual obligations to implement appropriate technical and organizational security measures to protect the data and to process the data only as instructed.

Our key categories of subprocessors include:

• Cloud Infrastructure: Providers of cloud hosting, storage, and infrastructure services
• Business Operations: Providers of business operations tools like CRM, billing, and analytics
• Customer Service: Providers of customer support and communication tools
• Security Services: Providers of security tools, authentication, and monitoring services

Upon request, we can provide a detailed list of our current subprocessors, including their names, locations, and the services they provide to us. If you are a business customer with concerns about our subprocessors, please contact our Data Protection Officer.

11. Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information as soon as possible.

If you believe we might have any information from or about a child under 16, please contact us using the information provided in the "Contact Us" section. If we become aware that a child under 16 has provided us with personal information without verified parental consent, we will delete that information.

12. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about how you interact with our website and services. These technologies help us understand user behavior, remember your preferences, provide personalized content, and gather information about your usage patterns.

Types of Cookies We Use

• Essential Cookies: Required for the website to function properly, such as session cookies for authentication
• Functional Cookies: Help remember your preferences and settings
• Analytics Cookies: Collect information about how you use our site to help us improve it
• Marketing Cookies: Track your online activity to help advertisers deliver more relevant advertising

Your Cookie Choices

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may impact your overall user experience. You can also set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it.

For more detailed information about the cookies we use, the purposes for which we use them, and how you can exercise your choices regarding our use of cookies, please see our Cookie Policy.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will:

• Post the updated policy on our website and update the "Last updated" date at the top of the policy
• Provide notice through our services, such as a banner or notification
• Send email notifications to registered users where appropriate

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after the revised Privacy Policy has become effective indicates that you have read, understood, and agreed to the current version of the Privacy Policy.

14. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this Privacy Policy. If you have any questions or concerns about our privacy practices, your personal information, or your privacy rights, you can reach our DPO at:

Our DPO and privacy team are committed to addressing your concerns and resolving any complaints about our collection or use of your personal information.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

For EU/EEA residents: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law. However, we would appreciate the chance to address your concerns before you approach a supervisory authority, so please contact us in the first instance.