Skip to main content
Clarity First

Privacy Policy

Last updated: 10 February 2026

1. Introduction

Clarity First Limited, trading as Clarity First ("we", "us", "our") operates the Clarity First platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting your privacy and handling your data in an open and transparent manner in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

Data Controller:

Clarity First Limited

Trading as Clarity First

21 Morell Lawns

Naas

Co. Kildare

Naas, W91 YE1R

Ireland

Email: info@clarityfirst.io

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (encrypted)
  • Organisation/company name

2.2 Discovery Session Data

When you participate in or conduct discovery sessions, we collect:

  • Interview transcripts (voice and text)
  • Uploaded documents you provide
  • Responses to discovery questions
  • Insights and analysis generated from sessions

2.3 Technical Information

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Usage data (pages visited, features used)
  • Cookies and similar technologies (see our Cookie Policy)

3. How We Use Your Information

PurposeLegal Basis
Provide and maintain the Clarity First servicePerformance of contract
Process and analyse discovery sessionsPerformance of contract
Generate insights and reportsPerformance of contract
Send service-related communicationsPerformance of contract
Improve our servicesLegitimate interest
Generate anonymised benchmarks and researchLegitimate interest
Ensure security and prevent fraudLegitimate interest
Comply with legal obligationsLegal obligation

3.1 Anonymised Data

We may create anonymised, aggregated data from your use of the Service. This data is stripped of all identifying information and cannot be linked back to you, your organisation, or any individuals. We use this data to improve our products, conduct research, and develop industry benchmarks. This processing is based on our legitimate interest in improving our services.

4. AI Processing

Clarity First uses artificial intelligence to:

  • Transcribe voice recordings
  • Analyse interview content
  • Identify patterns and themes
  • Generate synthesis reports and recommendations
  • Convert text responses to speech
  • Research and validate industry context

Important: Your data may be processed by third-party AI services (OpenAI, Anthropic, ElevenLabs, Tavily) to provide these features. These providers act as data processors under our instruction and are contractually bound to protect your data. AI providers do not use your data to train their models when accessed via API.

AI processing is limited to what is necessary to deliver the Service. Data shared with AI providers is minimised to the content required for the specific processing task. All Clarity First staff and contractors with access to customer data are bound by confidentiality obligations, with access restricted to authorised personnel on a need-to-know basis for support, security, and service delivery purposes only.

5. Data Sharing

We share your information only in the following circumstances:

5.1 Service Providers

EU-Based Services:

  • Supabase (database and authentication) - Frankfurt, Germany (EU)

Services with EU/Global Presence:

  • Vercel (hosting) - Configured for EU edge locations

US-Based Services (with GDPR Safeguards):

  • OpenAI (AI processing - transcription, analysis) - USA
  • Anthropic (AI processing - synthesis) - USA
  • ElevenLabs (voice synthesis) - USA
  • Tavily (web research and validation) - USA
  • Resend (email delivery) - USA
  • Stripe (payment processing) - USA

All US-based providers are bound by Data Processing Agreements incorporating Standard Contractual Clauses (SCCs) approved by the European Commission.

Clarity First does not store full payment card details. All payment processing is handled directly by Stripe, which acts as an independent controller for payment transaction data. We may update our list of service providers as the Service evolves. Customers will be notified of material changes to sub-processors and may object within 14 days, in accordance with our Data Processing Addendum.

6. International Data Transfers

Your data is primarily stored in the European Union (Supabase, Frankfurt). However, to provide AI-assisted features, some data is processed by services located in the United States.

Why We Use US-Based AI Providers

The AI capabilities that power Clarity First require advanced language models. Currently, the most capable models are provided by OpenAI and Anthropic, both US-based companies. EU-based alternatives do not yet offer equivalent capabilities for our use case.

Transfer Safeguards

When your data is transferred to the US for AI processing, we ensure protection through:

  • Standard Contractual Clauses (SCCs) - Legally binding contracts approved by the European Commission
  • Data Processing Agreements (DPAs) - Formal agreements defining how providers may process your data
  • Technical measures - Encryption in transit, minimal data exposure, no persistent storage by AI providers
  • API-only access - AI providers process data via API and do not use it to train their models

Your Choice: By using Clarity First, you consent to this data processing arrangement. If you are not comfortable with US-based AI processing, please contact us to discuss alternatives.

7. Data Retention

Data TypeRetention Period
Account informationUntil account deletion + 30 days
Discovery session data12 months after contract expiry, or until deletion requested
Technical logs90 days
Backup data30 days after deletion from live systems

You can request earlier deletion at any time (see Your Rights below).

8. Your Rights

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us at info@clarityfirst.io. We will respond within 30 days.

Automated Decision-Making: Clarity First does not make fully automated decisions that produce legal or similarly significant effects on individuals. AI-generated outputs are tools to assist human decision-making and are always subject to human review.

9. Children's Data

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

10. Marketing Communications

We may send you service-related communications (such as session invitations, credit notifications, and account updates) as part of providing the Service. These transactional communications are necessary for the performance of our contract and do not require separate consent.

If we send marketing communications, we will do so only with your consent and will provide a clear unsubscribe mechanism in every message. You may withdraw consent at any time by using the unsubscribe link or contacting us at info@clarityfirst.io.

11. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: info@clarityfirst.io

Postal Address:

Clarity First Limited

Trading as Clarity First

21 Morell Lawns

Naas

Co. Kildare

Naas, W91 YE1R

Ireland

12. Supervisory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, D02 RD28, Ireland

Website: www.dataprotection.ie