This policy explains how Clarion handles your personal data — including the messages you compose, the assets you upload and the results we generate — and the choices and rights you have.
01Who is responsible for your data
COMMSMASTERS CONSULTING LTD (trading as Clarion) is the data controller for personal data processed through commcons.shop. Our registered office is 82 West Nile Street, Glasgow, G1 2QH, United Kingdom.
You can contact us about privacy at support@commcons.shop or +44 7725593238. Because we are established in the United Kingdom, UK GDPR and the Data Protection Act 2018 apply; where relevant we also honour the EU GDPR and the California Consumer Privacy Act (CCPA/CPRA).
02What we collect
We keep collection to what the service needs:
- —Account data: name, email address and, optionally, organisation name.
- —Subscription and billing metadata: plan, billing interval, currency, subscription status and Stripe customer and invoice identifiers. We never receive or store your full card number.
- —User input: the message brief you type, the goal, audience, tone, channel and constraints you select, and any file uploads such as brand assets (logo, colours, reference text).
- —Generated output: the drafts, subject lines, briefs, slides, cards and short videos Clarion produces for you.
- —Support and contact data: the messages you send us and the details you include.
- —Technical data: IP address, device and browser type, and basic usage events needed to run and secure the service.
03Collection sources — where the data comes from
We collect personal data from a small number of clearly identified collection sources. We do not buy personal data, and we do not build profiles from data brokers or scraped sources.
- —Directly from you: the account details you enter, the user input you type into the studio, the brand assets you upload, and the messages you send our support team.
- —Automatically from your device: IP address, browser and device type, and basic usage events collected when you load the site, needed to run and secure it.
- —From our payment processor (Stripe): subscription and billing status, invoice identifiers and the outcome of payments. Stripe never passes us your full card number.
- —From our infrastructure providers: hosting, storage and email-delivery logs generated when the service runs.
04Why we use it, and our legal bases
We process personal data for these purposes and legal bases (UK/EU GDPR):
- —To provide the studio and generate your drafts — performance of a contract.
- —To take payment and manage subscriptions through Stripe — performance of a contract.
- —To provide support and respond to your messages — performance of a contract and our legitimate interest in helping users.
- —To keep the service secure and prevent abuse — our legitimate interests and legal obligations.
- —To send essential service and billing notices — performance of a contract; any optional marketing is sent only with your consent, which you can withdraw at any time.
05AI data handling: user input, generated output and file uploads
This section explains exactly how Clarion's AI features handle your data.
- —User input: the brief you type, plus the goal, audience, tone, channel and constraints you select, is processed only to produce the drafts you asked for. It is retained for up to 30 days so you can re-open recent work, then cleared. You can delete it at any time by emailing us.
- —Generated output: the drafts, subject lines, one-page brief, announcement slide, social cards and captioned short that Clarion returns belong to you. Generated output is stored only to deliver it to you and to let you re-open recent work, and is cleared on the same 30-day basis.
- —File uploads: brand assets you upload (logo, colours, reference text) are processed solely to render your deliverables and are cleared within 30 days. Visual deliverables and the announcement short are rendered in your own browser, so those files are produced on your device.
- —No model training: we do not use your user input, file uploads or generated output to train, fine-tune or improve any AI model, ours or anyone else's.
- —AI provider: the built-in Clarion composer runs on our own servers. Where the operator has configured an optional external AI provider (an OpenAI-compatible language-model endpoint), the text of your brief is transmitted to that AI provider solely to generate your draft, under a configuration that prohibits training on submitted data. No payment data, uploaded brand assets or account credentials are ever sent to the AI provider.
- —Your responsibility: please do not paste confidential information belonging to others, special-category personal data, or content you do not have the right to use.
06Who we share it with
We do not sell your personal data. We share it only with service providers who help us run Clarion, under contract and only as needed:
- —Hosting and content delivery (application hosting and static assets).
- —Payment processing: Stripe, which processes your payment details directly under its own privacy terms.
- —Email delivery for transactional and support messages.
- —Database and file storage for account data, drafts and uploaded assets.
- —AI provider (only if configured): an OpenAI-compatible language-model provider that receives the text of your brief solely to return a draft, with training on submitted data disabled. When no external AI provider is configured, composition runs entirely on our own servers.
07International transfers
Some providers may process data outside the UK or EEA. Where that happens, we rely on an adequacy decision or on Standard Contractual Clauses (with the UK Addendum where required) so that your data keeps an equivalent level of protection.
08How long we keep it
Account and billing records are kept for the life of your account and for up to seven years afterwards to meet tax and accounting obligations. User input, generated output and uploaded files are cleared within 30 days unless you save a draft or the law requires longer. Support messages are kept for up to 24 months. Backups are rotated on a rolling basis.
09Your rights
Depending on where you live, you have some or all of these rights:
- —Access, correct or delete your personal data.
- —Restrict or object to certain processing, and withdraw consent at any time.
- —Data portability — receive your data in a portable format.
- —UK/EU: lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).
- —California (CCPA/CPRA): know, delete, correct and opt out of any sale or sharing, without discrimination. We do not sell or share personal data as those terms are defined.
10Do Not Sell or Share
We do not sell your personal data and we do not share it for cross-context behavioural advertising. If this ever changes, we will update this policy and provide a clear opt-out first.
11Cookies and analytics
We use strictly necessary cookies to run the site and keep your session secure. Any analytics we use are privacy-respecting and limited to understanding aggregate usage. See our Cookie Policy for details and choices.
12Automated decisions, security and children
Clarion generates text and visuals with automation, but it does not make legal or similarly significant decisions about you; a human (you) always reviews and decides what to send. We protect data with encryption in transit, access controls and least-privilege practices.
Clarion is not for children. It may not be used by anyone under 13. Users aged 13–17 must have permission from a parent or guardian. We do not knowingly collect data from children under 13; contact us if you believe a child has provided data and we will delete it.
13Changes and contact
We may update this policy; the "last updated" date shows the current version and we will flag material changes. For any privacy request or question, contact support@commcons.shop. Governing law: England and Wales.
Questions about this policy? Email support@commcons.shop. Governing law: England and Wales.