Privacy Policy.

Clearplan is an independent planning intelligence tool. This policy explains what personal data we collect, why we collect it, and how we use it. We are committed to handling your data in accordance with the UK GDPR and the Data Protection Act 2018.

What data we collect

When you use Clearplan Brief, we may collect:

• Your email address — to gate free report access and associate your report history with an account
• Payment information — processed by Stripe. We do not store card details. We retain payment confirmation records (amount, date, Stripe session ID) for accounting purposes.
• Uploaded documents — planning application PDFs uploaded for analysis. These are processed in memory and not stored permanently on our servers.
• Generated reports — the text output of your analysis, stored against your account if you are signed in, so you can access your report history.
• Account credentials — email and hashed password, managed by Supabase Auth.
• Server logs — IP addresses and request metadata for rate limiting and security purposes. Logs are not retained beyond 30 days.

Why we collect it

• To provide the Clearplan Brief service
• To enforce fair-use limits (one free report per email address)
• To process payments and confirm Pro report credits
• To store your report history so you can access it later
• To send transactional emails (payment confirmation, password reset)
• To protect against abuse and maintain service security

Legal basis

We process your data on the basis of:

• Contract — to fulfil the service you have requested
• Legitimate interests — to operate a secure and fair service
• Legal obligation — to retain financial records as required by law

Data sharing

We use the following third-party processors to deliver the service:

• Anthropic — your uploaded document text is sent to Anthropic's API for AI analysis. Anthropic does not train on API inputs by default. See anthropic.com/privacy.
• Supabase — account data and report history are stored in a Supabase-hosted PostgreSQL database (EU region). See supabase.com/privacy.
• Stripe — payment processing. See stripe.com/privacy.
• Resend — transactional email delivery. See resend.com/privacy.
• Render — hosting provider. Server logs may be retained by Render. See render.com/privacy.

We do not sell your data. We do not share your data with any third party for marketing purposes.

Data retention

• Report history is retained as long as your account is active
• Payment records are retained for 7 years for accounting compliance
• Server logs are retained for up to 30 days
• Uploaded PDF files are not stored — they are discarded after processing

Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to or restrict processing
• Lodge a complaint with the ICO at ico.org.uk

To exercise any of these rights, email us at hello@clearplan.dev.

Cookies

Clearplan does not use advertising or tracking cookies. We use browser localStorage to store your session token (for account login) and your email address (to prefill the report form). No data is sent to third-party tracking services.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to registered users. Continued use of the service after changes constitutes acceptance.

Contact

For any privacy-related questions, contact us at hello@clearplan.dev.