Privacy Policy

Who we are. Clear.ai Systems Pty Ltd ("Clear.ai", "we", "us", "our") provides AI‑native software for customs brokerages, including agent‑assisted classification (TariffChat) and workflow automation for customs lodgements.

Scope. This Privacy Policy explains how we collect, use, disclose and protect personal information when you visit our websites, create an account, or use our products and services (the "Service"). It applies to business users and their personnel. It also applies to individuals whose personal information may appear in Customer Content processed through the Service (for example, names in invoices, declarations, or shipment records).

Privacy standards we follow. We manage personal information under Australia's Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we handle data from the EEA/UK, we also align with GDPR/UK‑GDPR transfer safeguards.

Information we collect

  • Account & billing: name, work email, company, role, authentication identifiers, subscription details, invoices, and payment metadata.
  • Service usage & telemetry: device/agent identifiers, feature flags, performance metrics, coarse location/timezone, and diagnostics minimised by design.
  • Customer Content (processor role): data you or your systems submit to the Service, such as product descriptions, documents, tariff/classification context, broker notes, lodgement statuses and references to government systems (e.g., ICS).
  • Support & communications: messages you send us, feedback, and survey responses.
  • Cookies & similar technologies: to operate the site, remember preferences and measure usage; your browser provides controls.

How we use information

  • To provide, secure, troubleshoot and improve the Service.
  • To communicate with you (e.g., transactional emails, updates) and to send optional marketing (you can opt out).
  • To comply with laws and enforce agreements; to detect, prevent and respond to fraud, abuse, or security incidents.
  • To perform AI services on your instructions and return outputs to you (see "AI requests & Privacy Mode").
  • To support integrations you enable (e.g., logistics, accounting or customs systems).

AI requests & Privacy Mode (default)

  • No training on your Customer Content. We do not use Customer Content (or model inputs/outputs) to train our models or our providers' models.
  • Zero‑retention model calls. We configure third‑party model providers for zero data retention and contractual no‑training wherever such controls are offered.
  • Privacy Mode is ON by default. With Privacy Mode, we send only the minimum necessary context to the model for each request; we don't retain prompts/outputs beyond what's needed to deliver the feature, operate the Service securely, and comply with law.

International transfers, residency & subprocessors

  • Multi‑region hosting with regional pinning. You may choose AU, EU, US, or SG as your primary region. We won't move Customer Content out of your selected region except (a) at your direction, (b) for transient routing, or (c) to comply with law.
  • Transfers. When personal information leaves its region (e.g., for support by regional staff), we rely on appropriate safeguards such as the EU Standard Contractual Clauses and UK IDTA (as applicable).
  • Subprocessors. We use vetted providers (e.g., cloud infrastructure, AI inference, observability) that meet ISO27001 / SOC 2 data protection certification.

Security

We use administrative, technical and physical safeguards to protect personal information, including encryption in transit and at rest, least‑privilege access controls, and secure development practices. If a data breach is likely to cause serious harm, we will notify affected individuals and the OAIC in line with Australia's Notifiable Data Breaches (NDB) scheme.

How long we keep information

  • Customer Content: retained for the duration of your subscription and as required to meet local customs requirements (which can include records related to export/import documentation), then deleted or de‑identified according to your instructions and our deletion schedules.
  • Telemetry & model request logs: up 30 days.
  • Backups: we store your backups for 7 years to comply with ABF requirements. However, you may choose to instruct us to delete your data at any time.

Your choices & rights

  • Access, correction, deletion. You may request access to or deletion of personal information we hold as a controller, and you can exercise rights through your Clear.ai admin where we act as a processor.
  • Marketing opt‑out. You can unsubscribe at any time.
  • Complaints. You can contact us, and you may also lodge a complaint with the OAIC.

Changes & contact

We may update this Policy to reflect operational or legal changes. We'll post the updated date and, for material changes, provide reasonable notice.

Contact: privacy@clear.ai (or your account manager).

Governing law: New South Wales, Australia