GDPR & Data Processing
Last updated: June 12, 2026
1. Data controller
RAVIA OPS LIMITED
Company Registration Number: 812946
Deer Park Hotel, Howth, D13 T8K1
Dublin, Ireland
privacy@clarifeed.com
2. Legal basis for processing
| Data | Legal basis | Why |
|---|---|---|
| Account email and name | Contract | Required to provide the service |
| Project and scope data | Contract | Core product functionality |
| Payment data (via Stripe) | Contract | Required to process subscription |
| AI generation content | Contract | Required to generate scope documents |
| Analytics (Plausible) | Legitimate interests | Understanding aggregate usage to improve the product |
| Benchmark data (anonymised) | Legitimate interests | Building engagement intelligence features; opt-out available |
| How you heard about us | Legitimate interests | Understanding marketing effectiveness |
3. International data transfers
Some of our third-party processors are based outside the EU:
- Anthropic (US) — processes content you enter for AI generation. Transfer covered by Standard Contractual Clauses.
- Stripe (US)— processes payment data. Transfer covered by Stripe's SCCs.
- Vercel (US)— hosting infrastructure. Transfer covered by Vercel's DPA.
- Resend (US)— email delivery. Transfer covered by Resend's DPA.
All EU-based processing (primary database) uses Supabase's Frankfurt (EU) region.
4. Your rights under GDPR
Right of access
You can request a copy of all data we hold about you. Email privacy@clarifeed.com with "Data access request" in the subject line.
Right to rectification
Update your name and preferences in Settings → Profile. For other corrections, email privacy@clarifeed.com.
Right to erasure
Delete your account and all data in Settings → Danger Zone, or email privacy@clarifeed.com for manual deletion. Data is deleted within 30 days (except payment records retained for 7 years per Irish tax law).
Right to data portability
Export all your data as JSON from Settings → Data & Privacy → Export data.
Right to object
Opt out of benchmark data contribution in Settings → Data & Privacy. For other objections, email privacy@clarifeed.com.
Right to restrict processing
Email privacy@clarifeed.com.
5. Data retention schedule
| Data type | Retention |
|---|---|
| Account and profile data | While active + 30 days after deletion |
| Scope documents and project data | While active + 30 days after deletion |
| Anonymous generation data | 24 hours (automatic TTL) |
| Payment records | 7 years (Irish tax law) |
| Email logs | 90 days |
6. Security measures
- All data transmitted over HTTPS (TLS 1.3)
- Database at-rest encryption (Supabase)
- Row Level Security on all database tables
- Passwords hashed (never stored in plain text)
- Stripe handles all card data (PCI compliant)
- Access to production data limited to the operator
7. Data breach notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Irish Data Protection Commission within 72 hours and notify affected users without undue delay.
8. Supervisory authority
You have the right to lodge a complaint with:
Irish Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
info@dataprotection.ie
dataprotection.ie
9. Contact
For any data protection queries: privacy@clarifeed.com. Response within 30 days.