Privacy Policy

1. Introduction

This Privacy Policy explains how ClarityIntel Pty Ltd, an Australian company (ABN 54 697 254 596), trading as SMEInspect (we, us, our), collects, uses, discloses and protects personal information when you use the SMEInspect website and services (the Service).

We are the business responsible for your personal information under the CCPA/CPRA. We operate from Australia and do not currently have a US entity. At launch the Service is offered across all United States states; this notice is written for users throughout the United States. It applies alongside our Terms of Use.

2. The law that applies

There is no single federal US privacy law. This notice is drafted to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), as the baseline, and also reflects the comprehensive state privacy laws of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA) and Texas (TDPSA), among others.

Where a law in your state gives you greater rights than those described here, we will honour those greater rights. We are not a “covered entity” under HIPAA and the Service is not intended to process health information.

3. What we collect and why

We collect the following categories of personal information (using CCPA categories), for the purposes shown:

• Identifiers (name, email, account/sign-in identifiers, IP address) — to create and secure your account, deliver Reports and communicate about your orders.
• Commercial information (orders, subscription and payment status, acceptance records) — to fulfil paid Reports and the Compare & Monitor subscription and to keep required records. Card details are handled by our payment provider; we do not store full card numbers.
• Internet/network activity (browser type, device information, interaction and security logs) — to operate and secure the Service, diagnose faults and understand aggregate usage.
• Geolocation data (approximate, derived from IP) — for security, fraud prevention and to determine which regional terms apply.
• Inputs you provide about a target business (financial statements, contracts and other materials) — to generate your Report and Estimate. These may incidentally contain information about individuals such as the target’s officers.
• Inferences drawn from the above to produce the Report and Estimate.
• Communications (support enquiries, feedback) — to respond to you and improve the Service.

Sensitive personal information

We do not seek to collect sensitive personal information (such as government identifiers, precise geolocation, or financial-account log-in credentials). We use any sensitive personal information that may incidentally appear in your Inputs only for the purposes of providing the Service you requested — purposes for which the CCPA does not require us to offer a separate right to limit use. We do not use or disclose sensitive personal information to infer characteristics about you.

We do not knowingly collect personal information from anyone under 18 (see Section 14).

4. Lawful bases

US state privacy laws do not use the “lawful basis” framework. We collect and use personal information to perform our contract with you and provide the Service you request, to operate, secure and improve the Service, to meet legal and record-keeping obligations, and — for optional marketing — with your consent. We process each category only for the purposes disclosed in Section 3 and compatible purposes.

5. Automated processing, AI and sub-processors

Your Inputs are processed by our automated inspection engine, which uses AI/LLM inference via a sub-processor to generate the Report and Estimate. We do not make solely-automated decisions that produce legal or similarly significant effects about you; outputs are decision-support for your own use.

We engage the following categories of sub-processor (service providers / contractors under the CCPA), under contracts that restrict them to processing on our instructions and prohibit selling or sharing your information:

• Cloud hosting and storage — to host the Service and store data.
• Inspection / AI engine provider — to run the automated and AI inference that produces Reports and Estimates.
• Payments (Stripe) — to process subscriptions and payments.
• Email/notifications — to send transactional messages such as magic-link sign-in and report-ready alerts.
• Analytics — to understand aggregate usage and improve the Service.

No training on your data: we and our sub-processors do not use your Inputs or other personal information to train AI/LLM models. This is a contractual requirement on our sub-processors.

6. How we use and disclose

We use personal information to:

• provide, operate, secure and improve the Service;
• generate and deliver the Reports and Estimates you request;
• process payments, manage subscriptions and prevent fraud;
• send service-related messages (and marketing only where you have opted in);
• comply with legal obligations and enforce our Terms of Use.

In the preceding 12 months we disclosed personal information only to our service providers and contractors for the business purposes above, and to regulators, courts or law enforcement where required by law or to protect rights and safety. We do not disclose your uploaded documents to the seller, broker or other parties involved in a transaction you are evaluating.

7. Third-party and registry data

To produce your Report, we retrieve and process information about the target business and its officers from public registers and records. This may include personal information about individuals connected to the target business. We process such public-record data for the legitimate business purpose of producing the Report you request, and we do not use it for any incompatible purpose.

8. Cookies

We use essential cookies required to operate the Service (for example, to keep you signed in and to secure the Service) and analytics cookies to understand aggregate usage. You can control non-essential cookies through our cookie controls and your browser settings.

Some US state laws treat certain cookie-based advertising as a “sale” or “sharing”. We do not use cookies to sell or share personal information or for cross-context behavioural advertising. Where required, we honour opt-out preference signals such as Global Privacy Control (GPC); a GPC signal is treated as a valid opt-out request.

9. Marketing

We send marketing communications only where you have opted in. You can unsubscribe at any time using the link in any marketing email or by contacting us. Transactional and service messages (for example, sign-in links and report-ready alerts) are not marketing and continue regardless.

10. Storage, security and retention

Personal information and uploaded documents are stored in Australia (AWS Asia Pacific (Sydney)) Australia (AWS Asia Pacific (Sydney)), encrypted in transit and at rest, with access limited to personnel and systems that need it to operate the Service.

We retain personal information only for as long as needed for the purposes in this notice:

• active account and order data — for the life of your account plus a reasonable period after closure;
• uploaded documents — for 12 months after Report delivery, unless you request earlier deletion or a longer period is required by law;
• transaction and tax records — 7 years, as required for record-keeping.

Verified deletion requests are actioned within 30 days. Some information may persist in encrypted backups for a limited period before being overwritten.

11. International transfers

We are an Australian company, and the Service is operated and primarily hosted in Australia. When you use the Service, your personal information is transferred to and processed in Australia and by our sub-processors (which may be located in other countries). By using the Service you understand that your information will be processed outside the United States. We apply contractual and technical safeguards to protect information transferred internationally and remain responsible for it.

12. Your rights and choices

Subject to your state of residence and to verification, you have the right to:

• Know / access — request the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of recipients;
• Delete — request deletion of personal information we collected from you, subject to legal exceptions;
• Correct — request correction of inaccurate personal information;
• Portability — receive a copy of certain information in a portable format;
• Opt out — opt out of any sale or sharing of personal information, and of targeted/cross-context behavioural advertising and certain profiling (see Section 12 “Your Privacy Choices” below);
• Limit sensitive PI — limit the use of sensitive personal information (note: we already use such information only for permitted service purposes);
• Non-discrimination — not be discriminated against for exercising your rights.

Your Privacy Choices — Do Not Sell or Share My Personal Information

We do not sell your personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA/CPRA and similar state laws. We have not done so in the preceding 12 months. Because we do not sell or share, there is no sale/share to opt out of; we nonetheless honour Global Privacy Control signals and provide a “Your Privacy Choices” control so you can confirm and manage your preferences.

How to exercise your rights

Submit a request through your account privacy controls or by contacting privacy@clarityintel.ai. We will verify your identity before responding and will respond within the timeframes required by law (generally 45 days, extendable once where permitted).

Authorised agents

You may use an authorised agent to submit a request on your behalf. We may require written authorisation from you (or proof of a power of attorney) and may still verify your identity directly.

Appeals

If we deny your request and your state (for example, Virginia, Colorado, Connecticut or Texas) provides an appeal right, you may appeal by contacting us; we will respond within the period required by law and tell you how to contact your state Attorney General if you remain dissatisfied.

13. Complaints

If you have a privacy concern, contact us first at privacy@clarityintel.ai and we will work to resolve it. California residents may also contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov or the California Attorney General at oag.ca.gov. Residents of other states may contact their state Attorney General.

14. Children

The Service is intended for business buyers aged 18 and over. We do not knowingly collect personal information from children under 18 (or under 13 within the meaning of COPPA). If you believe a child has provided us personal information, contact us and we will delete it.

15. Changes

We may update this notice from time to time. Material changes will be posted on this page with a revised version label. We encourage you to review this notice periodically.

16. Contact

Privacy enquiries and rights requests: privacy@clarityintel.ai · postal: ClarityIntel Pty Ltd, PO Box 4127, Balgowlah Heights NSW 2093, Australia. As the operator, ClarityIntel Pty Ltd (trading as SMEInspect) is the business responsible for your personal information.