🔒 Privacy Policy

Your data, your rights

We believe privacy is a right, not a feature. This page explains clearly and honestly what data we collect, how we use it, and the full control you have over it.

✓ UK GDPR Compliant 📅 Last updated: 10 April 2026 🏢 ClearedPath Ltd, England & Wales
01

Who we are

ClearedPath Ltd ("ClearedPath", "we", "us") is a company registered in England and Wales. We operate the ClearedPath platform at clearedpath.co.uk, a CV tailoring and job application tool built for the UK job market.

For the purposes of UK GDPR and the Data Protection Act 2018, ClearedPath Ltd is the data controller of your personal data.

Registered details: ClearedPath Ltd · England & Wales · ICO Registration: [Number] · Data queries: privacy@clearedpath.co.uk
02

What we collect

Data you give us directly

  • Account details: your name, email address, and password when you register.
  • Career & professional data: your work history, education, skills, and achievements that you add to your profile.
  • CV files: PDFs or documents you upload for profile extraction or match analysis.
  • Job descriptions: postings you submit for match scoring and CV generation.
  • Support messages: any communications you send to our team.
  • Billing name & address: payment card details are handled directly by Stripe and never stored on our servers.

Data collected automatically

  • Usage data: pages visited, features used, and session duration.
  • Technical data: IP address, browser type, operating system, and device identifiers.
  • Cookies: see Section 8 for full details.
Note on Google Sign-In: ClearedPath does not currently offer Google Sign-In. If we introduce it in future, this policy will be updated and you will be notified before it takes effect.
03

How we use your data

  • To provide the service: generate tailored CVs, run match analyses, and power all ClearedPath features.
  • To manage your account: create and maintain your profile, authenticate your identity, and process payments.
  • To improve the product: analyse anonymised, aggregated usage patterns. We do not use your personal career data to train models without your explicit consent.
  • To communicate with you: send service updates, security alerts, and respond to support requests. Marketing emails only if you opt in. Unsubscribe any time.
  • To meet legal obligations: maintain records as required by law and respond to lawful authority requests.
We will never sell your personal data, use your career history to serve you third-party ads, or share your data with recruiters or employers without your explicit instruction.
04

Legal basis for processing

Under UK GDPR we rely on the following legal bases:

  • Contract (Art. 6(1)(b)): processing needed to deliver the ClearedPath service you have signed up for.
  • Legitimate interests (Art. 6(1)(f)): improving our product, preventing fraud, and maintaining platform security where these do not override your rights.
  • Legal obligation (Art. 6(1)(c)): where law requires us to process or retain data.
  • Consent (Art. 6(1)(a)): for optional communications such as marketing emails or non-essential cookies. You may withdraw consent at any time.
05

Sharing your data

We do not sell or rent your data. We only share it with the trusted providers below, each bound by strict data processing agreements:

ProviderPurposeData location
StripePayment processingUK / EU
SupabaseDatabase & authenticationEU (eu-central-1)
AnthropicModel inference for CV generationUS (IDTA)
Postmark / SendGridTransactional email deliveryEU
Analytics providerAnonymised usage analytics onlyEU

We may also disclose data if required by law, court order, or a competent regulatory authority.

06

Data retention

  • Account data: kept while your account is active, plus 30 days after deletion to allow recovery.
  • Career & CV data: deleted immediately on your request or within 30 days of account closure.
  • Payment records: retained 7 years as required by HMRC regulations.
  • Support communications: kept for 2 years from the date of last contact.
  • Anonymised analytics: may be retained indefinitely as they cannot identify you.
You can request deletion of all your data at any time in Account → Settings → Delete my data, or by emailing privacy@clearedpath.co.uk.
07

Your rights under UK GDPR

As a UK resident you have the following rights. To exercise any of them, email privacy@clearedpath.co.uk. We respond within 30 days.

📋

Right of access

Request a copy of all personal data we hold about you.

✏️

Right to rectification

Ask us to correct inaccurate or incomplete data.

🗑️

Right to erasure

Request deletion of your data where there is no compelling reason to keep it.

⏸️

Right to restrict

Ask us to pause processing of your data in certain circumstances.

📦

Right to portability

Receive your data in a structured, machine-readable format.

🚫

Right to object

Object to processing based on legitimate interests or for direct marketing.

⚠️ If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.
08

Cookies

Essential cookies

Required for the platform to function: session authentication, security tokens, and your cookie preferences. These cannot be disabled.

Analytics cookies

With your consent, we use anonymised analytics to understand how users interact with ClearedPath. We do not use these to identify individuals.

Managing cookies

Control non-essential cookies via the banner when you first visit, or update preferences any time in Account → Settings → Cookie preferences or your browser settings. Our full Cookie Policy is available separately.

09

Security

We take the security of your data seriously and implement appropriate technical and organisational measures:

  • TLS encryption: for all data in transit.
  • AES-256 encryption: for sensitive data at rest.
  • Row-level security: database policies ensure users can only access their own data.
  • Role-based access controls: only authorised staff can access personal data.
  • Regular security audits and automated vulnerability scanning.
  • Automated backups: on secure, monitored cloud infrastructure.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.
10

International data transfers

Some of our third-party providers may process your data outside the UK or EEA. For example, Anthropic (model inference) is based in the US. Where this occurs, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), to protect your data to UK GDPR standards.

11

Children's data

ClearedPath is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@clearedpath.co.uk and we will delete it promptly.

12

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. We will notify you of any material changes by email or a prominent in-app notice at least 14 days before the change takes effect.

The "Last updated" date at the top of this page shows when it was last revised. Continued use of ClearedPath after the effective date constitutes acceptance of the updated policy.

13

Contact us

Questions, concerns, or requests about this policy or your personal data? We aim to respond within 5 working days.

Get in touch with our privacy team

We take every data request seriously and will always give you a clear, helpful response.

✉ privacy@clearedpath.co.uk
PostClearedPath Ltd · England, United Kingdom
Response time5 working days
ICO complaintsico.org.uk
0303 123 1113