Privacy Policy

ClearTeam is built on a single privacy principle: we analyze work, not workers. Our platform is designed to surface organisational process insights — never to score, rank, surveil, or evaluate individual employees.

This Privacy Policy explains how AskNora ApS ("ClearTeam", "we", "us", "our"), registered in Denmark, collects, uses, stores, and protects information when you use the ClearTeam platform ("Service"). It applies to workspace administrators, team members, and diagnostic participants.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data-protection laws. ClearTeam is designed to support GDPR, CCPA, and EU AI Act-aligned responsible AI practices — including no individual scoring, no workplace emotion recognition, no biometric categorisation, no automated employment decisions, aggregated reporting by default, and transparent AI-enabled diagnostics.

ClearTeam uses AI-enabled interview, summarisation, clustering, and reporting functionality to identify aggregated organisational patterns, process friction, workflow inefficiencies, communication gaps, and automation opportunities. Participants are informed before starting a diagnostic session that they are interacting with an AI-enabled system, in line with EU AI Act Article 50 transparency requirements.

What ClearTeam does

• Conducts structured diagnostic interviews with employees about work processes and workflows
• Uses AI to summarise, cluster, and analyse responses at group or department level
• Produces aggregated organisational insights, recommendations, and process-level findings
• Surfaces automation opportunities, knowledge risks, and operational bottlenecks for leadership review

What ClearTeam does not do

• Make automated decisions about individual employees
• Produce employment decisions, performance assessments, individual risk scores, or psychological profiles
• Generate disciplinary, promotion, termination, compensation, or task-allocation recommendations about individuals
• Perform emotion recognition, biometric categorisation, sentiment analysis, loyalty prediction, or mental-health inference
• Rank, score, monitor, or evaluate individual worker performance or behaviour

Prohibited customer uses

Customers may not use ClearTeam to evaluate, rank, score, monitor, discipline, promote, terminate, compensate, or otherwise make decisions about individual employees. ClearTeam must not be used for recruitment, candidate evaluation, worker surveillance, emotion recognition, biometric categorisation, mental-health inference, loyalty prediction, or union, political, or religious inference. These restrictions are enforced contractually through our Terms of Service and Data Processing Agreement.

ClearTeam is classified and operated as an aggregated organisational diagnostic tool, not an individual worker-evaluation or high-risk employment decision system under the EU AI Act. Where Annex III employment-related provisions apply, our design limits — aggregation thresholds, prohibited uses, and human oversight — are intended to ensure the system does not materially influence decisions about individual employees.

We maintain internal AI governance controls aligned with EU AI Act expectations for risk management, transparency, human oversight, accuracy, robustness, and cybersecurity. These include:

• Intended-use documentation — documented system purpose, capabilities, limitations, and prohibited uses
• Risk assessment — periodic review of AI-related risks, including misuse by customers and model output quality
• Human oversight — organisational decisions based on ClearTeam outputs require human review; the system does not operate autonomously in employment contexts
• Access control — role-based restrictions on raw participant data and AI-generated outputs
• Logging and record-keeping — AI interaction logs, processing events, and audit trails retained for accountability and incident investigation
• Prompt and output review — processes to monitor AI outputs for accuracy, safety, and alignment with intended use
• Model and provider documentation — technical documentation of AI models, sub-processors, and data flows used in diagnostic processing
• Incident handling — procedures for reporting, investigating, and remediating AI-related incidents or misuse
• Periodic performance review — ongoing evaluation of system accuracy, robustness, and misuse risks
• AI literacy and training — staff who operate, configure, or support the AI system receive appropriate AI literacy training, in line with EU AI Act obligations effective from 2 February 2025

Customers are responsible for ensuring that workspace administrators and report recipients understand ClearTeam outputs are advisory organisational insights requiring human judgment, and for configuring access controls and retention settings appropriate to their organisation.

The data controller for personal data processed through the Service is:

For GDPR purposes, your organisation (the workspace owner) acts as the data controller for employee participant data, and ClearTeam acts as the data processor on your behalf pursuant to a Data Processing Agreement (DPA) available upon request at privacy@clearteam.ai.

5.1 Account and Workspace Data

• Full name and work email address of workspace administrators and team members
• Organisation name, company size, industry, and country
• Billing information (processed and stored by Stripe — we do not store full card details)
• Product usage logs (features accessed, timestamps, session durations)
• IP address and device/browser metadata for security and fraud prevention

5.2 Employee Participant Data

• Name, work email, department, role title, and location — imported from your HR system or CSV upload
• Questionnaire responses submitted during a diagnostic session
• Session metadata: start time, completion time, duration

5.3 What We Do Not Collect

• Voice recordings or audio (microphone access is not requested in Phase 1)
• Biometric or physiological data
• Special-category data (health, religion, political opinions, sexual orientation) unless explicitly provided by the participant in a free-text field and protected accordingly
• Personal data from minors (the Service is not directed at persons under 18)

We never use your data to train public AI models, sell to data brokers, or for advertising purposes.

All diagnostic results displayed in dashboards and reports are aggregated by default. Individual participant responses are never shown to other participants, to administrators, or in any report unless the minimum aggregation threshold (default: 5 participants per group) is met.

Workspace administrators may configure stricter thresholds. Raw participant responses are restricted by role-based access control and are only accessible to designated users who have been explicitly granted access by the workspace owner. A Data Processing Agreement (DPA) is available upon request at privacy@clearteam.ai and is incorporated into customer contracts.

We do not sell your personal data. We share data only with the following categories of sub-processors, all of whom are bound by data processing agreements:

SCC = Standard Contractual Clauses (GDPR-compliant transfer mechanism). An up-to-date sub-processor list is available upon request at privacy@clearteam.ai.

• Active workspace data — retained for the duration of your subscription plus 30 days after termination.
• Participant responses — retained for the duration of the diagnostic project plus a configurable retention window (default: 12 months).
• Anonymised aggregated report data — may be retained indefinitely as it cannot be linked to individuals.
• Billing records — retained for 7 years to comply with Danish accounting law.
• AI interaction and processing logs — retained for 12 months for governance, audit, and incident investigation purposes.
• Security and access logs — retained for 90 days.
• You may request earlier deletion at any time (see Section 11).

We implement technical and organisational measures appropriate to the risk, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access control (RBAC) with principle of least privilege
• Multi-factor authentication for admin accounts
• AI interaction logging and audit trails for accountability
• Regular automated security scanning and dependency audits
• Separate data environments for development, staging, and production
• Annual penetration testing by an independent third party

To report a security vulnerability, email security@clearteam.ai. We operate a responsible-disclosure policy and will respond within 48 hours.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access — obtain a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") — request deletion of your data where no overriding legal basis exists.
• Restriction — request that we limit processing of your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, submit a request to privacy@clearteam.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (for EU residents: the Danish Data Protection Agency, datatilsynet.dk).

CCPA Rights (California Residents)

California residents have the right to know what personal information we collect, to delete it, to opt out of its sale (we do not sell personal information), and to non-discrimination for exercising these rights. To submit a CCPA request, email privacy@clearteam.ai.

We use strictly necessary cookies to operate the Service (authentication tokens, CSRF protection, session state). We do not use third-party advertising or cross-site tracking cookies.

We may use first-party analytics cookies to understand product usage in aggregate form. These cookies do not identify you personally and can be disabled in your browser settings without affecting core functionality.

The Service is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us at privacy@clearteam.ai and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-product notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.