Privacy Policy

Last updated: April 2026 · Compliant with UK GDPR & ICO requirements

01 Data Controller

Creative Lab Co., Ltd., incorporated in the Republic of Korea, is the data controller for personal data processed through the ClearAd service. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For all privacy enquiries, contact us at: support@clearad.ai

01A UK GDPR Article 27 — UK Representative

Legal Requirement Notice

Under UK GDPR Article 27, organisations outside the UK that process personal data of UK residents must designate a UK Representative. Creative Lab Co., Ltd. is in the process of appointing a UK Representative. Once appointed, full contact details will be published here. If you wish to exercise your data rights in the meantime, please contact us directly at support@clearad.ai.

UK Representative (to be appointed): We are currently engaging a UK-based representative service (e.g., EDPO, DataRep, or VeraSafe) to fulfil our Article 27 obligations. Representative details will be updated on this page once finalised.

UK data subjects may exercise all UK GDPR rights directly via support@clearad.ai while this appointment is pending.

01B ICO Registration

All controllers and processors of personal data in the UK must register with the Information Commissioner's Office (ICO) and pay the applicable annual fee. Creative Lab Co., Ltd. is in the process of completing ICO registration.

ICO Registration Number: [Registration in progress — number will be published here upon completion]

To register or verify registration, visit: ico.org.uk/register

Annual fees (2025/26 rates): £52 (micro-organisations), £78 (small/medium), £3,763 (large). Failure to register is a criminal offence under the Data Protection (Charges and Information) Regulations 2018.

02 Data We Collect

  • Account data – name, email address, hashed password, account role, registration date.
  • Content submitted for checks – ad copy, images, video URLs, and website URLs you submit for analysis. This data is processed in real time and deleted immediately after analysis is complete.
  • Usage & technical data – check history, feature usage logs, IP address, browser type, session identifiers, and timestamps.
  • Payment data – subscription tier, billing status. We do not store card numbers or bank details; all payment data is held by Paddle.com Market Limited.
  • Communications – emails or messages you send to our support team.

03 Lawful Basis for Processing

  • Contract performance – providing the Service, managing your account and subscription.
  • Legitimate interests – security monitoring, fraud prevention, service improvement, and analytics.
  • Legal obligation – complying with applicable tax, financial reporting, or law enforcement requirements.
  • Consent – sending marketing communications (you may withdraw consent at any time).

04 Third-Party Sharing

We share personal data only with the following categories of third parties, and only to the extent necessary:

  • Paddle.com Market Limited – payment processing and subscription management (Merchant of Record).
  • AI / cloud infrastructure providers – for running compliance analysis. Data is processed under data processing agreements (DPAs) that meet UK GDPR standards.
  • Cloudflare, Inc. – hosting, CDN, and DDoS protection.
  • Legal & regulatory authorities – where required by law or court order.

We do not sell your personal data to third parties, nor share it for third-party marketing.

05 International Data Transfers

Creative Lab Co., Ltd. is based in the Republic of Korea. As of the date of this policy, the UK Government has not yet issued a formal UK GDPR adequacy regulation in respect of the Republic of Korea. Accordingly, transfers of personal data from UK users to our Korean entity are made on the basis of UK International Data Transfer Agreements (IDTAs) or equivalent appropriate safeguards. Where data is further transferred to other countries (e.g., US-based cloud infrastructure providers), we ensure appropriate safeguards are in place under the same or equivalent mechanisms.

06 Data Retention

  • Account & usage data – retained for the duration of your subscription plus 12 months after account closure.
  • Submitted content – deleted immediately after analysis is returned to you. Not stored or used for any other purpose.
  • Payment records – retained for 7 years in accordance with financial record-keeping obligations.
  • Support communications – retained for 3 years unless you request earlier deletion.
  • Submitted content is never used to train AI models without your explicit written consent.

07 Your Rights (UK GDPR)

As a UK data subject you have the right to:

  • Access – obtain a copy of the personal data we hold about you.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure – request deletion of your data ("right to be forgotten").
  • Restriction – limit how we process your data in certain circumstances.
  • Portability – receive your data in a structured, machine-readable format.
  • Objection – object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent – where processing is based on consent, withdraw it at any time.

To exercise any right, email support@clearad.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113.

08 Cookies & Tracking

Strictly necessary cookies only. We use session cookies solely for authentication and to maintain your logged-in state. These are essential to the operation of the Service and cannot be disabled.

  • We do not use third-party advertising or tracking cookies.
  • We do not use Google Analytics, Meta Pixel, or any other behavioural analytics tool that identifies individual users.
  • Where aggregate, anonymised usage data is collected for platform improvement (e.g., feature usage counts), it does not identify any individual and is processed under our legitimate interests basis.

Because we use only strictly necessary cookies, a cookie consent banner is not required under the UK PECR. If we introduce any non-essential cookies in future, we will update this section and implement appropriate consent mechanisms before doing so.

09 Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), hashed password storage, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10 Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least 14 days before they take effect. The current version is always available at /privacy.