Privacy Policy
Last updated: 22 April 2026
1. Information we collect
1.1 Information you provide
- Account information. Name, email address, organization name, and authentication details when you sign up.
- Billing information. Payment card details and billing address, collected and processed by our payment processor. We do not store full card numbers.
- Support and communications. Information you send us by email or in support tickets.
1.2 Connected App credentials and data
- OAuth tokens and credentials you provide to authorize us to make API calls to a Connected App on your behalf. Tokens are encrypted at rest.
- Customer Data that flows through the Service as a result of agent tool calls — for example, message contents, issue bodies, or customer records read from or written to a Connected App at your instruction.
1.3 Information collected automatically
- Usage and log data such as request metadata, tool calls, timestamps, IP address, browser, device, and referring page.
- Cookies and similar technologies used to keep you signed in, remember preferences, and measure site usage.
2. How we use information
We use personal data to:
- Provide, operate, and secure the Service;
- Authenticate you, your organization, and your Connected Apps;
- Execute agent-initiated tool calls against Connected Apps on your behalf;
- Process billing, credits, and top-ups;
- Monitor and improve reliability, performance, and security;
- Communicate about the Service, including updates and support replies;
- Comply with legal obligations and enforce our Terms.
3. Legal bases (UK/EU users)
We rely on the following legal bases under the UK GDPR and EU GDPR:
- Contract — to provide the Service and process transactions you request.
- Legitimate interests — to secure, monitor, and improve the Service, and to run our business.
- Consent — for optional cookies and marketing communications, where required.
- Legal obligation — to comply with accounting, tax, and other legal requirements.
4. How we share information
We share personal data with:
- Service providers acting on our behalf — such as cloud hosting, database, logging, analytics, and email providers — under written agreements that require confidentiality and appropriate safeguards.
- AI providers and Connected Apps when you instruct the Service to send prompts or perform operations through them. The content of those calls is governed by the terms of each provider.
- Payment processors to process subscriptions, credits, and top-ups.
- Legal and safety — when we believe in good faith that disclosure is required by law, to enforce our Terms, or to protect rights, property, or safety.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets.
We do not sell personal data.
5. Customer Data (processor role)
When Customer Data is processed through the Service on behalf of a customer, that customer is the controller and ClearSky AI acts as a processor. We process Customer Data only on the customer's documented instructions (including these Terms and the Service's configuration) and will promptly notify customers of any confirmed security incident affecting their Customer Data, to the extent permitted by law.
6. Retention
We retain personal data for as long as needed to provide the Service and to meet our legal obligations. Specifically:
- Account data — for the life of your account, plus a reasonable period after closure.
- Audit logs and agent run logs — typically for up to 12 months, or longer on Enterprise contracts.
- Billing records — for the period required by applicable tax and accounting law.
OAuth tokens and credentials are deleted when you disconnect a Connected App or close your account.
7. International transfers
We are based in the United Kingdom and may transfer personal data to service providers in other countries, including the United States. Where we transfer personal data out of the UK or EEA to a country that is not subject to an adequacy decision, we rely on appropriate safeguards such as the UK International Data Transfer Addendum or the EU Standard Contractual Clauses.
8. Security
We implement technical and organizational measures designed to protect personal data, including encryption in transit (TLS), encryption of OAuth tokens and secrets at rest, access controls, logging, and regular review of our infrastructure. No system is perfectly secure; you are responsible for keeping your own credentials safe and for scoping Connected App permissions appropriately.
9. Your rights
Depending on where you live, you may have the right to:
- Access personal data we hold about you;
- Correct inaccurate personal data;
- Request deletion of personal data;
- Object to or restrict certain processing;
- Port personal data to another provider;
- Withdraw consent at any time where processing is based on consent;
- Lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office.
To exercise any of these rights, contact us at liam@clearskyai.co.uk. If your request relates to Customer Data processed on behalf of an organization, please contact that organization directly.
10. Cookies
We use a small number of cookies and similar technologies. The main categories are:
| Category | Purpose |
|---|---|
| Strictly necessary | Sign-in, session, and security. |
| Preferences | Remember settings such as theme. |
| Analytics | Aggregate usage statistics to improve the Service. |
You can control cookies through your browser settings.
11. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. If changes are material, we will notify you by email or in-product notice. The "Last updated" date at the top indicates when the policy was last revised.
13. Contact
Questions about this Privacy Policy or our handling of personal data can be sent to liam@clearskyai.co.uk.