1. Who We Are

CLRD provides compliance documentation tools for UK renewable energy installers. This policy explains how we collect, use, and protect your personal data when you use our service at clrd.app.

2. Data We Collect

We collect the following information:

• Account information — name, email address, phone number, company details
• Installation data — site addresses, client details, equipment specifications, and other information you enter to generate documentation
• Payment information — processed securely by Stripe; we do not store card details
• Usage data — server logs including IP addresses, browser type, and pages visited
• Signatures — electronic signatures captured for inclusion in generated documents

3. How We Use Your Data

We use your data to:

• Provide and operate the Service, including generating compliance documentation
• Manage your account and process payments
• Send transactional emails (verification, password resets, document notifications)
• Respond to support requests
• Maintain security and prevent fraud

We do not sell your data or use it for advertising.

4. Legal Basis for Processing

We process your data under the following legal bases (UK GDPR):

• Contract — to provide the Service you have signed up for
• Legitimate interest — to maintain security, prevent abuse, and improve the Service
• Legal obligation — to comply with applicable laws and regulations

5. Data Sharing

We share data only with:

• Stripe — for payment processing
• Google — if you choose to sign in with Google (authentication only)

We do not share your data with any other third parties unless required by law.

6. Data Retention

We retain your account and job data for as long as your account is active. Generated documents are retained as part of the audit trail. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

7. Data Security

We protect your data with encryption in transit (TLS), encrypted backups, server-side session management, and access controls. Passwords are hashed using PBKDF2-HMAC-SHA256.

8. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict processing

To exercise these rights, contact us at info@clrd.app.

9. Cookies

We use minimal cookies — only what is strictly necessary to keep you logged in and manage your session while using the Service. We do not use tracking, analytics, or third-party advertising cookies.

When you interact with billing (provided by Stripe) or choose to sign in with Google, those providers may set their own cookies on their own domains to complete those flows. Stripe and Google act as independent data controllers for any such cookies — please refer to their respective privacy policies for details.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or through the Service.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at info@clrd.app.