Privacy Policy | Clariti Compliance

Note: This privacy notice has been prepared in good faith using ICO guidance under UK GDPR Articles 13 and 14. It should be reviewed by a solicitor or data protection professional before the platform goes live or reaches 500 subscribers.

Who We Are

Clariti Compliance Ltd is a company registered in Scotland. We operate the Clariti platform at clariticompliance.co.uk, an AI-powered compliance tool for registered childminders across the UK.

Clariti Compliance Ltd

Murieston, West Lothian, Scotland

Email: info@clariticompliance.co.uk

Website: clariticompliance.co.uk

ICO registration number: ZC112125

Who This Notice Applies To

This privacy notice applies to three groups of people whose personal data we process:

Childminders — registered childminders who use the Clariti platform as subscribers.
Children — children in the care of a registered childminder who uses Clariti. Their information is entered onto the platform by their childminder or their parent.
Parents and carers — parents and carers of children in a childminder's care who complete the parent registration form or receive notifications from the platform.

If you are a childminder, the entire notice is relevant to you. If you are a parent or carer, the sections covering children's data and parent data are most relevant.

What Personal Data We Collect and Why

Childminder Data

When you register for Clariti and use the platform, we collect and process the following information about you:

Data	Why we collect it	Lawful basis
Name, email address and password	To create and manage your account	Contract
Registered service address and postcode	To detect your nation and apply the correct regulatory framework	Contract
Phone number	To contact you about your account if needed	Contract
Service details, operating hours, capacity information	To power the compliance register and capacity calculations	Contract
PVG, DBS or Access NI details and expiry dates	To track your regulatory registration and alert you to renewals	Legal obligation
Qualifications and training records	To track mandatory training requirements and renewal dates	Legal obligation
Insurance details and expiry dates	To track insurance compliance and alert you to renewals	Legal obligation
Assistant details	To manage capacity calculations and training records for your assistants	Legal obligation
Billing and payment information	To process your subscription payments	Contract
Platform usage data (anonymised)	To improve the platform and understand how it is being used	Legitimate interests

Children's Data

As a childminder, you enter information about the children in your care onto the Clariti platform. You are the data controller for this information. Clariti processes it as your data processor, on your instructions.

Special category data: Children's health data is special category data under UK GDPR Article 9. We take additional steps to protect this information including database-level encryption and strict controls on who can access it. We process this data under the substantial public interest condition relating to the provision of regulated childcare services.

The types of information about children that may be held on the platform include:

Personal details: name, date of birth, home address, emergency contacts.
Health information: medical conditions, allergies, dietary requirements, medication records.
Family information: names and contact details of parents and carers, who the child lives with.
Developmental records: observations, care plans, two-year progress checks where applicable.
Attendance records: dates and times attended, funded hours used.
Accident and incident records: descriptions of any accidents, first aid given, parent notifications.
Medication records: medications administered, doses, times, parental consent records.

Children's data is used only for compliance purposes. It is not used for analytics, profiling or any purpose beyond supporting the childminder in meeting their legal obligations.

Parent and Carer Data

If your child's childminder uses Clariti, we may process the following information about you:

Your name, email address and phone number, held as part of your child's registration record.
Details you provide on the parent registration form, which go directly into your child's file on the platform.
Email delivery records: we log when compliance emails such as accident notifications and medication records are sent to you and whether they were delivered.

This information is processed because the childminder has a legal obligation to hold emergency contact information and to notify parents of certain events. Clariti processes this information on the childminder's behalf as their data processor.

How We Use AI and Third-Party Services

Clariti uses artificial intelligence to help childminders generate professional compliance documents from their notes. This AI functionality is powered by the Claude Sonnet model from Anthropic.

Before any information is sent to the AI service, we remove all personal identifiers. Child names are replaced with anonymous references, dates of birth and addresses are never transmitted, and no combination of information that could identify a specific child is sent. The AI generates document text based on this anonymised input and we then reinsert the personal details within our own secure platform. Personal data never leaves our secure environment in identifiable form.

Anthropic processes data on our behalf as a sub-processor. Data transmitted to Anthropic may be processed outside the UK. We ensure appropriate safeguards are in place for this international transfer in accordance with UK GDPR requirements, specifically the UK Addendum to the EU Standard Contractual Clauses.

Ask Clariti, our compliance Q&A tool, answers questions by reading approved legislative source documents in real time. It does not use any personal data about you, your setting or the children in your care when generating answers.

Who We Share Your Data With

We do not sell your personal data to anyone. We do not share your data with third parties for marketing purposes. We share data only with the following sub-processors who help us operate the platform:

Sub-processor	What they do	Location
Hosting provider	Stores all platform data securely	European Union
Email delivery provider	Sends automated compliance emails	To be confirmed before launch
Stripe	Processes subscription payments	USA, appropriate safeguards in place
Anthropic (Claude API)	Powers AI document generation	USA, pseudonymised data only, appropriate safeguards in place

We may also disclose your information if required to do so by law or by a regulatory authority such as the ICO.

How Long We Keep Your Data

We keep your data for as long as necessary for the purpose it was collected, and in line with our legal obligations.

Data type	Retention period	Reason
Children's personal and health records	Until the child's 25th birthday	Social care and health records retention requirements
Accident records	Until the child's 21st birthday	Potential personal injury claims
Childminder account data	Duration of subscription plus 6 years	Standard business records retention
Billing and payment records	7 years from the transaction date	HMRC requirements
Training and qualification records	6 years after expiry or leaving	Professional records retention
Policies and procedures	6 years after superseded or setting closes	Regulated business document retention
Email delivery logs	12 months	Operational audit purposes

Children's records are retained for longer than typical business data because of the nature of the information and the potential for late legal action or complaints. We will notify you 90 days before any scheduled deletion and offer you the opportunity to export your records first.

Your Rights

Under UK GDPR you have the following rights in relation to your personal data. Some of these rights apply in certain circumstances only.

Right	What it means
Right to be informed	You have the right to know how we use your personal data. This privacy notice fulfils that obligation.
Right of access	You can request a copy of all personal data we hold about you. We will respond within one calendar month.
Right to rectification	You can ask us to correct inaccurate or incomplete personal data.
Right to erasure	You can ask us to delete your personal data in certain circumstances. For children's records, some data must be retained to meet our legal obligations even after a deletion request.
Right to restrict processing	You can ask us to restrict how we use your data in certain circumstances.
Right to data portability	You can request a copy of your data in a structured, machine-readable format. Our platform includes a self-service data export feature for this purpose.
Right to object	You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
Automated decision making	Clariti does not make automated decisions that significantly affect you. AI-generated documents always require your review and declaration before they are saved.

To exercise any of these rights, email us at info@clariticompliance.co.uk. We will respond within one calendar month. We may request proof of identity before fulfilling any request. For parents requesting information about a child, we will verify parental responsibility before releasing any data.

How We Keep Your Data Secure

All data is encrypted when stored and when transmitted between your device and our platform.
Each childminder account can only access its own data.
Children's health data is stored with an additional layer of encryption.
Our platform is hosted on servers located in the European Union.
Access to our admin systems requires two-factor authentication.
We maintain an audit log of all access to personal data.
We never store passwords in readable form. They are stored as encrypted hashes.
We monitor for anomalous or unauthorised access and alert our team immediately if detected.
We apply least-privilege access principles, meaning staff and systems only access the data they need.
We regularly review our security controls and update them as threats evolve.

If we become aware of a data breach that is likely to affect your rights and freedoms, we will notify the ICO within 72 hours and notify you without undue delay.

Cookies

Our platform uses essential cookies to keep you logged in and to keep your session secure. We do not use advertising cookies or tracking cookies. We do not share cookie data with third parties for marketing purposes.

Information About Children

Clariti processes personal data about children on behalf of their registered childminder. The childminder is the data controller for children's data and is responsible for ensuring that parents are informed about how their child's data is held.

If you are a parent and wish to access, correct or request deletion of your child's personal data held on Clariti, please contact the childminder in the first instance. You may also contact us directly at info@clariticompliance.co.uk and we will direct your request appropriately. We will verify that you have parental responsibility before releasing any information about a child.

Children's health information is special category data and is treated with the highest level of protection. It is used only for the purpose of supporting the childminder in meeting their legal obligations and providing safe care for your child.

How to Complain

If you have a concern about how we handle your personal data, please contact us first at info@clariticompliance.co.uk and we will do our best to resolve it.

If you remain unhappy after contacting us, you have the right to complain to the Information Commissioner's Office.

Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Changes to This Notice

We will update this privacy notice when our processing activities change or when required by law. The version number and date at the top of this document will be updated each time it changes. We will notify you of any material changes via email or via a notification within the platform.

This notice was last updated in March 2026.