Privacy Policy

1What Information Do We Collect?

We collect the minimum information necessary to operate the Service, described below.

Display name

When you first register, Apple may pre-fill your name. Whatever you submit at that point is what we store as your display name. You can change it at any time within the app. Your display name is visible to your Clan Contacts and Clan Members, and is used in clan activity entries to record who performed an action within a clan.

Device information

For each device you register, we store a device identifier, your device name, and your device model so you can identify and manage your registered devices within the app. We do not collect browser type, operating system version, carrier information, or any other device data. We do not store IP addresses as part of your account. Like any internet service, our hosting infrastructure may process a network address while a request is in transit to deliver it, protect the Service, and apply rate limiting, but it is never recorded against your account or used to build a profile of you.

User activity

We keep a private log of actions taken on your own account, such as profile changes, subscription changes, and deletion requests. Each entry records an event name, a timestamp, and related identifiers. This log is visible only to you within the app and contains none of the content you store.

Support messages

If you contact us through the in-app support feature, the messages you send and our replies are stored in plain text so we can respond. We do not ask for or require any personal information in support messages. See Section 13 for full details.

We do not collect email addresses, financial information, or location data, and we hold no sensitive personal information in readable form. Any sensitive details you choose to store are kept as encrypted content that we cannot read. We collect no data from third parties.

2How Do We Process Your Information?

We process your information solely to operate the Service:

• Your display name allows other users you have connected with to identify you within the app.
• Your device information allows us to manage which devices can access your encrypted data and allows you to manage your own device list.
• Your support messages allow us to respond to your query.

We do not use your information for marketing, advertising, profiling, or any purpose beyond operating the Service.

3What Legal Bases Do We Rely On?

If you are located in the EU or UK, the GDPR and UK GDPR require us to explain the legal bases we rely on to process your personal information. We rely on the following:

• Performance of a contract: we process your display name and device information because it is necessary to provide the Service you have contracted with us to receive.
• Legal obligations: we may process your information where necessary to comply with our legal obligations, such as to cooperate with a law enforcement body or to exercise or defend our legal rights.

If you are located in Canada, we may process your information based on express or implied consent, or as otherwise permitted by applicable law.

4When and With Whom Do We Share Your Personal Information?

We do not sell your personal data. We do not share your personal data with any third party for marketing or advertising purposes.

To be clear about what "personal information" means in this section: it refers only to the limited account-level information described in Section 1, specifically your display name and device information. It does not refer to the content you store in the app. Your tile items, notes, and attachments are encrypted on your device before they leave your device. We have no ability to share your content in readable form with anyone under any circumstances.

The only situation in which we may share your account-level information is a business transfer. We may share or transfer your account-level information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business. Your encrypted content would transfer as opaque encrypted data that the acquiring party would have no ability to read.

5How Long Do We Keep Your Information?

We keep your information for as short a time as required to operate the Service. We retain your account information only for as long as your account is active. When you delete your account, all information we hold about you is permanently deleted.

The following automated processes also apply:

• If you register but never complete onboarding, your account is permanently deleted after 30 days.
• Free tier accounts inactive for more than 90 days are permanently deleted.
• If you request account deletion, a 14-day window applies during which you may reinstate your account. After 14 days, your account and all associated data are permanently and irreversibly deleted.
• Support tickets are permanently deleted after 6 months and are also permanently deleted when your account is deleted.
• User activity log entries are kept for a limited period and are automatically removed once they age out.

All deletions are permanent and irreversible.

6How Do We Keep Your Information Safe?

All content you store in ClanIt is encrypted on your device before it leaves your device using end-to-end encryption. We store only encrypted blobs that we have no technical ability to read or access. Your content is never transmitted to us in readable form.

For the limited account-level information we do hold, your display name and device information are stored on secure infrastructure in the United Kingdom with strict access controls. Administrative access to our systems is restricted to a dedicated IP address and requires identity authentication.

The in-app support feature is a separate plain text channel: messages you send to us are stored in plain text so we can read and respond to them. We do not request personal information in support messages. See Section 13.

7Do We Collect Information from Minors?

ClanIt does not target users under the age of 18. The app requires a valid Apple ID to register. Apple's own terms and age requirements govern who may hold an Apple ID. We collect the same information from all users as described in Section 1, regardless of age.

8What Are Your Privacy Rights?

In the EEA, UK, Switzerland, and Canada, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal information, and the right to data portability.

Because ClanIt holds so little personal information about you, exercising these rights is straightforward:

• Update your display name: do this directly within the app at any time.
• Export your account data: the in-app data export provides the personal information we hold about you, namely your display name, your registered devices, and your user activity log.
• Export your stored content: the export is produced on your device from locally decrypted content and never passes through our servers in readable form.
• Delete your account: use the account deletion feature within the app. This permanently deletes all information we hold about you.
• Any other request: write to us at the postal address in Section 15. We will respond within one calendar month.

We do not use automated decision-making. We do not profile you. There is no meaningful processing of your personal information beyond what is described in Section 2.

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or the UK Information Commissioner's Office. You can contact the ICO at ico.org.uk, by telephone on 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

9Do We Use Tracking Technologies?

No. ClanIt does not use cookies, tracking pixels, analytics SDKs, advertising networks, or any tracking technology of any kind. We do not track your behaviour, browsing activity, or usage patterns. There is nothing to opt out of.

10Do United States Residents Have Specific Privacy Rights?

If you are a resident of California, you may have rights to access, correct, or delete personal information we hold about you.

Beyond what is described in Section 1, we do not collect additional personal information as part of your ClanIt account. We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve months. We will not sell or share personal information in the future.

To exercise your rights, use the in-app controls described in Section 8, or write to us at the postal address in Section 15.

11Zero-Knowledge Architecture

ClanIt is built on a zero-knowledge architecture. Everything you store in the app, including tile items, notes, and attachments, is encrypted on your device before it leaves your device. We store only encrypted data that we have no technical ability to read, interpret, or reconstruct under any circumstances. This is an architectural property of the Service, not a policy position.

When you choose to generate an Apple Wallet pass from your ICE Card, the fields you entered are decrypted on your device and written into the pass as plain text so they can be read in an emergency. We never hold, receive, or see this plain text, and your stored ICE Card remains encrypted to us at all times. Once the pass exists, it relies on Apple platform services and your device security settings.

12Apple Platform Services

ClanIt runs on Apple platform services, and some features rely on them:

• Sign in with Apple: you sign in with Apple, which gives us an opaque identifier for your account. We never receive your Apple email address or your Apple password.
• App Store billing: paid subscriptions are sold through Apple in-app purchase. Apple processes your payment and manages billing, renewals, and cancellations. We receive only your subscription status, never your card or payment details.
• Apple Push Notification service: notifications are delivered through Apple. A notification may carry a display name or a tile name so you know what it concerns. It never carries a clan name, your encrypted content, or any key.
• Apple Wallet: if you generate an ICE Card pass, it is created on your device and held in Apple Wallet, as described in Section 11.

13Support Tickets

The in-app support feature is a separate plain text channel for raising a question or problem. Zero-knowledge applies to the content you store in the app and is not affected by a support message. When you contact us through the support feature, the messages you send and our replies are stored in plain text so that we can read and respond to your query. We do not ask for or require any personal information in support messages, and you should not include sensitive personal information in them. Support tickets are permanently deleted after 6 months and are also permanently deleted when your account is deleted.

14Do We Make Updates to This Notice?

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated date at the top of this notice. If we make material changes, we will notify you via the app. The current version is always available at clanit.app/privacy.

15How Can You Contact Us?

If you have questions or comments about this notice, you may contact us within the app or by post at:

ClanIt Ltd

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

ClanIt Ltd is registered with the UK Information Commissioner's Office under registration reference ZC171157.

16How Can You Review, Update, or Delete Your Data?

All account management is self-service within the app. You can update your display name, manage your devices, export your data, and delete your account entirely from within the app at any time. To make a formal request or for anything not covered by the app, write to us at the postal address in Section 15.

ClanIt Ltd | Company No. 17209874 | clanit.app