Privacy Policy

Get Clarity is an accounting and financial management platform for UK sole traders and freelancers, operated by Notabyte Limited. We are registered with the Information Commissioner's Office (ICO Registration: ZC108811) and committed to complying with UK GDPR and the Data Protection Act 2018.

Account & Identity: Full name, email, password (hashed), business name, UK address.

Financial Data: Invoices, expenses, bank transactions (via TrueLayer open banking), VAT and HMRC MTD data.

Open Banking (TrueLayer): If you connect your bank, TrueLayer (FCA authorised) retrieves your transactions. This is read-only — we never see your bank login credentials. You can disconnect at any time from Settings.

Usage & Technical: IP address, browser type, pages visited, error logs.

Communications: Support requests, feedback, email notifications.

• Contract: Account management, invoice/expense features, bank connections, sending invoices.
• Legal obligation: HMRC MTD compliance, ICO requirements, UK law.
• Legitimate interests: Platform improvement, fraud prevention, customer support.
• Consent: Marketing emails (opt-in only), analytics cookies.

We do not sell your data. Trusted third parties:

• Supabase (database, EU Ireland)
• Vercel (hosting, EU)
• TrueLayer (open banking, FCA authorised, UK)
• Resend (email, EU Ireland)
• Anthropic (AI features, US — Standard Contractual Clauses apply)

We may disclose data to HMRC for MTD compliance or to law enforcement if legally required.

Get Clarity uses Anthropic's Claude AI (Anthropic PBC, United States) to power two features:

Ask Clarity (AI Assistant): When you ask a question, we send Anthropic:

• Your question text
• Recent transactions (last 30 records — date, description, amount, type, category)
• Recent invoices (last 20 — invoice number, client name, amount, status, due date)
• Client list (names, emails, phone numbers, company)
• Account summary (totals)

Scan Receipt: When you scan a receipt, we send Anthropic the receipt image.

Per our agreement with Anthropic, they do not use your data to train their AI models. Anthropic's privacy practices are governed by their own privacy policy at anthropic.com/legal/privacy.

You can revoke AI consent at any time by contacting hello@clarityuk.app. After revocation, AI features will be disabled for your account.

• Account data: duration of account + 7 years after closure
• Financial records: 7 years (HMRC requirement)
• Bank tokens: deleted immediately on disconnection
• Support communications: 3 years
• Analytics logs: 12 months

You have the right to: Access, Rectification, Erasure, Restrict Processing, Data Portability, Object, and Withdraw Consent.

Contact: privacy@clarityuk.app. We respond within 30 days. You may also complain to the ICO at ico.org.uk.

• HTTPS/TLS encryption on all data in transit
• Passwords stored with bcrypt hashing
• Row Level Security (RLS) at database level
• API keys stored as environment variables only
• Fraud prevention headers on all HMRC API calls
• Regular penetration testing (OWASP ZAP)

In the event of a data breach posing risk to users, we will notify the ICO within 72 hours and affected users without undue delay (UK GDPR Articles 33–34).

• Strictly necessary: login sessions, security
• Functional: user preferences
• Analytics: usage insights (consent required)

Get Clarity is for users aged 18+. We do not knowingly collect data from minors.

We will notify users of material changes by email or in-app notification at least 14 days before changes take effect.

• Email: privacy@clarityuk.app
• ICO Registration: ZC108811
• Companies House: 12567215
• Notabyte Limited, London, United Kingdom