← Clealex

Privacy Policy

Last updated: 23.02.2026

Important Notice: This Privacy Policy is an informational document that describes our data practices. It does not constitute legal advice. If you have questions about your privacy rights or our data practices, you may wish to consult with a qualified attorney or data protection professional.

This Privacy Policy explains how Clealex ("Provider", "we", "us") collects, uses, and protects personal data when you use the Service. It applies to the same "Service" and "User" as defined in the Terms of Use.

1. Data Controller

Clealex
Cyprus, Limassol 3031, Efkleidou 9 support@clealex.com

2. Types of Data Collected

We may collect and process the following categories of data:

  • Account information (email, name, organization)
  • Uploaded documents and content
  • Usage data (logs, analytics, interactions)
  • Technical data (IP address, browser, device information)

3. Purpose of Processing

We process personal data for the following purposes:

  • Providing and maintaining the Service
  • Processing uploaded documents for analysis
  • Improving system performance and reliability
  • Security monitoring and fraud prevention
  • Legal compliance

4. Legal Basis (GDPR)

For users in the EEA/UK, processing is based on:

  • Contract performance (Art. 6(1)(b) GDPR)
  • Legitimate interests (service improvement, security)
  • Legal obligations
  • Consent (where explicitly requested, e.g., optional AI training features)

5. AI and Data Processing

Automated Processing: Uploaded documents are processed automatically by artificial intelligence systems to generate analytical results. By using the Service, you acknowledge and agree that:

  • Your data is processed algorithmically without human review of individual documents
  • Outputs are generated automatically and may contain errors or inaccuracies
  • AI systems analyze document structure, metadata, content, and context
  • Processing occurs using third-party AI infrastructure (e.g., OpenAI)
  • No attorney-client privilege or confidentiality protections apply to data processed through the Service

Model Training: We do NOT use your uploaded documents or User Data for training AI models unless you have provided explicit, separate opt-in consent for such use. Even with consent, we will only use anonymized or aggregated data where technically feasible.

Third-Party AI Providers: When we use third-party AI services (such as OpenAI), your data may be processed by those providers in accordance with their privacy policies and terms. We require such providers to implement appropriate data protection safeguards, but we are not responsible for their independent data processing practices. For more information about AI processing limitations, see section 7 of our Terms of Use.

6. Data Retention

We retain data only as long as necessary to:

  • Provide the Service
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Backup logs and system records may be retained for a limited period (e.g., up to 90 days) for security and operational purposes.

7. Data Sharing and Subprocessors

We may share data with trusted subprocessors (e.g., cloud hosting, analytics, infrastructure providers) strictly for service delivery. All subprocessors are contractually bound to implement appropriate data protection safeguards. For information about third-party services used by the Service, see section 12 of our Terms of Use.

8. International Data Transfers

Data may be processed in multiple jurisdictions. Where required, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

9. Data Security

We implement technical and organizational measures including:

  • Encryption in transit and at rest (where applicable)
  • Access controls
  • Monitoring and logging
  • Secure infrastructure providers

However, no system can guarantee absolute security.

10. User Rights (GDPR/EEA)

If you are in the European Economic Area or the UK, you may have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing before withdrawal)
  • Lodge a complaint with a supervisory authority in your country of residence (e.g., in the UK, the ICO; in the EEA, your local data protection authority)

Requests can be submitted via the contact details in section 16 below. We will respond within the time limits required by applicable law (e.g., one month under GDPR, subject to extensions where permitted).

11. Data Deletion

Users may request deletion of their data at any time. Upon verified request, we will delete or anonymize personal data unless retention is required by law or legitimate obligations.

12. Cookies and Analytics

We may use essential cookies and privacy-friendly analytics to improve the Service. For detailed information about our use of cookies, please see our Cookie Policy.

13. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us and we will delete such data.

14. California / US State Privacy (CCPA/CPRA and similar)

If you are a California or other US resident, you may have additional rights under state law (e.g., right to know, delete, correct, limit use of sensitive data, and to non-discrimination). We do not "sell" or "share" personal information for cross-context behavioral advertising as defined under such laws. To exercise these rights, use the contact details in section 16 below.

15. Changes to Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via the Service or email notification.

16. Contact and Data Protection

For privacy inquiries, data subject requests (access, deletion, portability, etc.), or complaints:

Email: privacy@clealex.com
Company: Clealex
Address: Cyprus, Limassol 3031, Efkleidou 9

If you are in the EEA/UK and we have appointed an EU/UK representative or data protection officer, their contact details will be listed on our website or provided on request.

17. Definitions

"Personal data" and "processing" have the meaning given in applicable data protection law (e.g., GDPR). "Service" and "User" are as defined in the Terms of Use.