Your data. Our responsibility.
How ClearGRC handles personal data collected through cleargrc.com — what we collect, why, how long, and the choices you have. We treat your data the way we expect to be treated.
This is an interim Privacy Policy.
ClearGRC is a SaaS product of AnaData. A finalised, counsel-reviewed Privacy Policy specific to ClearGRC — covering platform tenant data, data processing roles (controller vs processor), and our Data Processing Agreement template — is in preparation. The interim policy below covers data collected through this website. For platform tenant data practices, please contact info@anadata.com.
1. Who we are
This website (cleargrc.com) is operated by ClearGRC, a SaaS product developed by AnaData. References to "we", "us", or "ClearGRC" mean the operator of this website.
For data-protection questions, contact info@anadata.com.
2. What we collect through this website
When you visit cleargrc.com or submit a form, we collect:
- Information you provide: name, business email, company name, role, and any message you include when you request a demo, contact us, or subscribe to updates.
- Usage data: pages viewed, links clicked, time on page, referring URL, IP address, browser, device — collected via standard web analytics.
- Cookies and similar technologies: session cookies for site functionality and analytics cookies (where permitted) to understand traffic patterns. You can control cookies through your browser settings.
What we don't do: we don't sell personal data, we don't use it for advertising profiling, and we don't share it with third parties for marketing.
3. Why we collect it
- To respond to your demo request, support enquiry, or message
- To operate and improve cleargrc.com (analytics, performance, security)
- To send transactional emails (e.g. confirming a request you submitted) and, where you opt in, product updates
- To comply with legal obligations and prevent fraud or abuse
4. How long we retain it
We retain personal data only as long as needed for the purpose it was collected, plus any required retention period under applicable law. Sales-cycle data is retained until the engagement ends or you request deletion. Analytics data is retained in aggregated form.
5. Sub-processors and hosting
cleargrc.com and the ClearGRC platform are hosted on Microsoft Azure. We use a limited set of sub-processors to operate the website and the platform. The full list, with purposes and regions, is on our Security page.
6. Your rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, and to object to processing or receive a portable copy. To exercise any of these rights, email info@anadata.com. We aim to respond within 30 days.
If you're in the EU/UK, you also have the right to lodge a complaint with your local data-protection authority.
7. International transfers
Where personal data is transferred across borders, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) and Microsoft Azure's regional residency commitments. Specific transfer details for enterprise tenants are addressed in our Data Processing Agreement.
8. Security
We use technical and organisational measures to protect personal data, including encryption in transit and at rest, multi-factor authentication, and role-based access control. See our Security page for full detail.
9. Children
ClearGRC is a B2B enterprise platform. cleargrc.com is not intended for, and we don't knowingly collect personal data from, individuals under 18.
10. Changes to this policy
We'll update this page when our practices change. Material changes will be communicated to active users where we have a contact for them. The "Last updated" date below reflects the most recent revision.
11. Contact
Questions about this Privacy Policy or your personal data? Email info@anadata.com.