GDPR Compliance

How Claryn processes personal data in compliance with the General Data Protection Regulation.

Our Commitment to GDPR

Claryn is committed to full compliance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. We process personal data lawfully, fairly, and transparently, and we have designed our platform with data minimisation and privacy by default as core principles.

Roles: Controller & Processor

When you use Claryn to handle calls with your customers, Claryn acts as a data processor on your behalf, and you are the data controller. You determine the purposes and means of processing your callers' personal data. We process it only according to your instructions and our Data Processing Agreement (DPA).

For data you provide when registering and using the platform (your account data), Claryn is the data controller.

Data Processing Agreement

Enterprise and Business customers can request a signed DPA by emailing support@tryclaryn.live. Our standard DPA incorporates the EU Standard Contractual Clauses (SCCs) for international data transfers.

Lawful Basis for Processing

We process personal data under the following legal bases:

  • Contract performance — to provide the Claryn platform services you have subscribed to
  • Legitimate interest — to improve platform security, prevent fraud, and enhance product features
  • Legal obligation — to comply with financial regulations, tax law, and court orders
  • Consent — for optional communications such as marketing emails (easily withdrawn)

Your Rights as a Data Subject

If you are an EU or UK resident, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data (“right to be forgotten”)
  • Right to restrict processing — temporarily limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw any previously given consent at any time

To exercise any right, email support@tryclaryn.live. We will respond within 30 days. There is no charge for exercising your rights.

Data Minimisation

We collect only the personal data that is strictly necessary to provide our services. Caller memory profiles store only the information relevant to delivering a personalised experience. You can configure data retention windows and purge caller profiles directly from your dashboard.

International Data Transfers

When personal data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) with all sub-processors
  • UK International Data Transfer Agreements (IDTAs) for UK GDPR transfers
  • Transfer Impact Assessments for high-risk destinations

Sub-Processors

We use a limited number of trusted sub-processors to deliver our service, including cloud infrastructure, payment processing, and communication providers. All sub-processors are bound by GDPR-compliant data processing agreements. You may request our current sub-processor list by emailing support@tryclaryn.live.

Data Retention

  • Account data: retained for the duration of your account plus 90 days after closure
  • Call recordings and transcripts: 12 months by default, configurable in your dashboard
  • Billing records: 7 years as required by financial regulations
  • Backup retention: 30 days

Security Measures

We implement technical and organisational measures (TOMs) appropriate to the risk, including encryption at rest and in transit, access controls, audit logging, and regular security testing. See our Security page for full details.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data lawfully. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, contact your national data protection authority.

Data Protection Officer

For GDPR-related enquiries, rights requests, or to obtain a copy of our DPA:
support@tryclaryn.live