© 2026 Clear Consent. All rights reserved.

Privacy Policy

1. Introduction

Clear Consent Limited (“Clear Consent”, “we”, “us”, or “our”) is committed to protecting your privacy and handling personal data in a transparent and lawful manner.

This Privacy Policy explains how we collect, use, store, and safeguard personal data when you access our website (www.clearconsent.co.uk), software platform, and associated services (“Services”).

For the purposes of UK data protection law, Clear Consent acts as:

  • data controller in relation to website visitor data, account data, billing data, support enquiries, and other personal data processed for our own business purposes; and
  • data processor in relation to patient data and other personal data processed by us on behalf of healthcare professionals and organisations using our Services.

By using our Services, you acknowledge the practices described in this Privacy Policy.

2. Personal Data We Collect

We may collect and process the following categories of data:

a. Identification Data

Name, email address, professional registration number, company or practice details.

b. Account and Subscription Data

Login credentials, account preferences, subscription information, billing details, and customer communications.

c. Technical and Usage Data

IP address, browser type, device information, access times, logs, and information about how users interact with our website and platform.

d. Patient Data

Information uploaded or input by healthcare professionals using the Services, including treatment-related information, medical and dental history, consent workflows, images, videos, audio recordings, and other related records.

This may include special category personal data, including health data, processed on behalf of the relevant healthcare provider.

e. AI Interaction Data

Prompts, inputs, instructions, outputs, and generated content used within AI-supported features, including script generation, workflow support, translations, or avatar-related content, where such processing is necessary to provide the requested functionality.

3. How We Use Personal Data

We use personal data to:

  • provide, operate, maintain, and support our Services;
  • facilitate patient communication and informed consent workflows;
  • manage subscriptions, accounts, payments, and customer relationships;
  • provide AI-supported functionality where requested through the platform;
  • improve platform functionality, performance, usability, and security;
  • respond to enquiries, provide technical support, and manage service issues;
  • comply with legal, regulatory, and contractual obligations.

We do not sell personal data.

We do not use patient data for our own direct marketing purposes.

4. Legal Basis for Processing

Where Clear Consent acts as a controller, we rely on the following lawful bases under UK GDPR:

  • Contractual necessity – to provide our Services and manage subscriptions and accounts;
  • Legitimate interests – to operate, secure, improve, and administer our Services;
  • Legal obligation – where processing is necessary to comply with applicable law, regulation, or legal process;
  • Consent – where required, including in relation to certain marketing communications.

Where Clear Consent acts as a processor, we process personal data on behalf of the relevant healthcare provider or organisation, acting on their documented instructions and in accordance with our Data Processing Agreement.

Where patient data includes special category personal data, the relevant healthcare provider or organisation is responsible for establishing the appropriate Article 9 condition for processing.

5. AI and Third-Party Service Providers

Our Services may incorporate or interact with third-party service providers, including hosting providers, payment providers, communications providers, analytics providers, and AI service providers such as OpenAI and Synthesia.

Where such providers process personal data in connection with the Services:

  • they do so only where reasonably necessary to deliver the relevant functionality;
  • we seek to ensure that appropriate contractual and data protection safeguards are in place;
  • any AI-generated output is assistive only and must be reviewed and approved by the relevant clinician or customer before use in any patient-facing or clinical context.

We do not state that all third-party providers operate on a zero-retention basis in all circumstances. Processing by third-party providers is subject to their contractual arrangements with us and, where relevant, their own privacy information.

6. Data Sharing and Disclosure

We may share personal data with:

  • trusted service providers and sub-processors who support delivery of the Services;
  • payment processors and infrastructure providers;
  • professional advisers, auditors, insurers, or legal representatives where reasonably necessary;
  • regulators, courts, law enforcement agencies, or public authorities where required by law or where necessary to protect our rights or the rights of others;
  • other third parties where the Customer instructs us to do so or where the data subject has otherwise authorised the disclosure.

We do not sell or rent personal data to third parties.

7. International Data Transfers

Some of our service providers or sub-processors may process personal data outside the UK. Where personal data is transferred outside the UK, we will take appropriate steps to ensure that it is protected through lawful transfer mechanisms, which may include the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful safeguard recognised under UK data protection law.

8. Data Retention

We retain personal data for as long as reasonably necessary for the purposes set out in this Privacy Policy, including for contractual, legal, regulatory, audit, dispute resolution, and enforcement purposes.

Where we process patient data on behalf of healthcare providers, we retain that data in accordance with our contractual arrangements and the documented instructions of the relevant Customer, subject to applicable law.

Healthcare providers remain responsible for determining the appropriate retention periods for their patient records and consent records.

9. Security

We implement appropriate technical and organisational measures designed to protect personal data, including measures such as encryption in transit and at rest where appropriate, role-based access controls, authentication controls, service monitoring, and security maintenance processes.

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Where we act as a data controller, individuals may have the following rights under UK GDPR, subject to applicable conditions and exemptions:

  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object to processing;
  • rights relating to certain automated decision-making, where applicable.

Where we act as a data processor on behalf of a healthcare provider or organisation, requests relating to patient data should usually be directed to the relevant healthcare provider or organisation first.

To exercise your rights, contact: admin@clearconsent.co.uk

You also have the right to complain to the Information Commissioner’s Office if you believe your data protection rights have been infringed.

11. Cookies and Tracking

Our website may use cookies and similar technologies to enable website functionality, improve user experience, and analyse usage.

You can control cookies through your browser settings. Some parts of the website may not function properly if cookies are disabled.

12. Children’s Privacy

Our Services are intended for professional users and organisations.

We do not knowingly collect personal data directly from children through our website or platform as consumer users. Any data relating to children processed through the Services is processed on behalf of the relevant healthcare provider or organisation.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Where changes are material, we may notify users by email, platform alert, or by updating the relevant page on our website. Continued use of the Services after any update takes effect constitutes acknowledgement of the updated Privacy Policy.

14. Contact

Clear Consent Limited
167-169 Great Portland Street
5th Floor
London
England
W1W 5PF

Email: admin@clearconsent.co.uk