Privacy Policy

Last updated: 1 April 2026

ClearClaim is committed to protecting your privacy in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

ClearClaim Limited ("we", "us", "our") is the data controller for personal data processed through the ClearClaim platform. We are incorporated in England and Wales.

For data protection enquiries, contact us at: privacy@getclearclaim.co.uk

2. What Data We Collect

2.1 Account Data

  • Name, email address, and password (hashed)
  • Company name and business details
  • Role within the platform (contractor, subcontractor, employee)

2.2 Financial Data

  • Invoice amounts, CIS rates, VAT amounts, and payment records
  • Bank details (if provided for payment processing)
  • Retention amounts and payment schedules

2.3 Employment Data

  • Employee names, roles, hourly rates, and weekly hours
  • Timesheet submissions and approvals
  • Holiday requests and entitlements

2.4 Usage Data

  • Audit log entries (actions performed within the platform)
  • Login timestamps and IP addresses (for security purposes)
  • Browser type and device information

3. How We Use Your Data

We process your personal data for the following purposes:

  • Providing the service — to enable invoice management, CIS calculations, and payment workflows.
  • Account management — to create and maintain your account and provide customer support.
  • Legal compliance — to comply with UK tax law, HMRC CIS requirements, and other legal obligations.
  • Security — to detect fraud, protect accounts, and maintain the integrity of the platform.
  • Communications — to send transactional emails such as invoice notifications and payment certificates.
  • Service improvements — to analyse usage patterns and improve the platform (using anonymised data where possible).

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract — processing necessary to perform our contract with you (providing the platform).
  • Legal obligation — processing required to comply with UK law.
  • Legitimate interests — for security, fraud prevention, and service improvements.
  • Consent — where you have given explicit consent (e.g., marketing communications).

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers — email delivery services, hosting providers, and analytics tools, under data processing agreements.
  • Legal authorities — where required by law or a court order.
  • Within the platform — contractor companies can see data submitted by their subcontractors and employees as part of the service.

6. Data Retention

We retain your personal data for as long as:

  • Your account is active and you continue to use the service.
  • Required to comply with legal obligations (e.g., financial records are typically retained for 6 years under HMRC requirements).
  • Necessary to resolve disputes or enforce our agreements.

After account closure, we will retain certain data for up to 6 years to comply with UK tax and accounting obligations, after which it will be securely deleted.

7. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data (subject to legal retention requirements).
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Rights related to automated decision-making — we do not make automated decisions with significant legal effects.

To exercise any of these rights, contact us at privacy@getclearclaim.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We implement appropriate technical and organisational measures to protect your data, including password hashing, HTTPS encryption, and access controls. However, no online service can guarantee absolute security.

9. Cookies

ClearClaim uses session cookies for authentication purposes. These are strictly necessary for the platform to function and do not require consent under PECR. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact Us

For any privacy-related questions or to exercise your rights, please contact:

Data Protection Officer

ClearClaim Limited

Email: privacy@getclearclaim.co.uk