Privacy Policy

1. General

Clearvo is committed to protecting your privacy. This Privacy Policy (the "Policy") describes how we collect, use, secure and share your information when you use our platform and API services (the "Service").

This Privacy Policy is part of, and is governed by, the terms and conditions set forth in our Terms of Service. Terms not defined here have the meaning given to them in our Terms of Service.

This Policy may change from time to time. If we make a change that we believe materially affects how we process your information or reduces your rights, we will provide you with notice (for example, by email).

Clearvo is operated by Taxually International Limited (privacy@clearvo.io), which acts as data controller with regard to any personal information collected from users of the Service. A "data controller" is an entity that determines the purposes for which and the manner in which any personal information is processed. Third parties that handle your personal information on our behalf are "data processors."

If you have any questions about this Policy, wish to learn more about our data protection practices, or wish to exercise your rights, please contact us at privacy@clearvo.io.

2. The information we collect and store

2.1 Personal information is any information that identifies you or makes you identifiable as a natural person. Anonymised or aggregated information is not personal information. We may collect and store the following when providing the Service:

Information you provide

We collect personal information from you and any devices you use when you register for an account, use our Services, submit data through a form, update your account, contact us, or otherwise correspond with us.

Transaction data

While using the Service, we collect information about the plans you purchase and your payment method. We may also collect usage data (such as API call volumes and feature usage) to help you get the most out of the platform.

Invoice and compliance data

We collect and store the invoice data, tax number lookups, and related fiscal documents you submit or access through the Service. This data is used solely to provide e-invoicing clearance, real-time reporting, and tax number validation on your behalf.

Log data

When you use the Service, we automatically record information from your device and your activity, including your device's Internet Protocol (IP) address, browser type, and API request metadata.

Cookies

We use cookies to collect information and improve our Services. A cookie is a small data file transferred to your device. We may use persistent cookies to save your login preferences and session ID cookies to enable features and monitor aggregate usage patterns on our Website.

Third-party services

To verify information you provide and to deliver the Service, we may interact with third-party data sources — for example, checking company details against national or EU company registers, or verifying tax numbers against authority databases such as EU VIES, HMRC, or other national registries. Where required by applicable law, we may also conduct identity verification checks.

2.2 Some personal information (name, email address, password) is required to enter into an agreement with you and to provide the Service. All other personal information is voluntary but may be necessary to access specific features.

3. How we use personal information

3.1 Your personal information may be used for the following purposes:

To provide our Services

We process your personal information to provide you with the e-invoicing, real-time reporting, and tax number validation services you request. We share information with tax authorities, Peppol network access points, and our service providers to the extent necessary to deliver the Service. [Processing is necessary for the performance of a contract to which you are party.]

To improve customer experience

We monitor usage data to proactively help you with the steps required to use the Service effectively. If we identify that you are experiencing difficulty, we may reach out by email to assist. [Processing is necessary for our legitimate interests in maintaining a good service level.]

To contact you about the Service

When you sign up, we will send you administrative or account-related information to keep you informed about the Service, security updates, or transaction-related notifications. These communications are not promotional; you cannot unsubscribe from them as they are essential to your account. [Processing is necessary for the performance of a contract to which you are party.]

To respond to your enquiries

We process your personal information when you contact us with questions, concerns, feedback, or support requests. [Processing is necessary for the performance of a contract or steps at your request prior to entering a contract.]

To enforce our terms and policies

We process your personal information to investigate, prevent, or mitigate violations of our terms, agreements, or policies; to enforce agreements with third parties; and to collect fees based on your use of the Service. [Processing is necessary for the performance of a contract or our legitimate interests.]

To ensure the security of the Service

We process your personal information to combat spam, malware, and security risks; to improve our security measures; and to verify your identity so that unauthorised users cannot access your account. [Processing is necessary for the performance of a contract.]

To maintain legal and regulatory compliance

Certain laws and regulations applicable to our Services may require us to process your personal information — for example, to pay taxes, fulfil business obligations, or manage regulatory risk. [Processing is necessary for our legitimate interests or to comply with a legal obligation.]

To personalise your experience

We use cookies and similar technologies to personalise your experience on the Service, such as remembering your preferences and recent searches. [Processing is necessary for the performance of a contract or based on your consent.]

To engage in marketing activities

We may send you marketing or informational announcements. We will only contact individuals in the EU by electronic means based on our legitimate interests (where the content relates to similar services we have previously provided to you) or on your consent. You can object to direct marketing at any time and free of charge. [Processing is based on our legitimate interests or your consent.]

If you choose to limit the ways we can use your personal information, some or all of the Services may not be available to you.

4. Information sharing and disclosure

Service providers and business partners

We use trusted third-party companies to help us provide, analyse, and improve the Service, including data storage, database management, web analytics, security, and payment processing. For example, we store data using Microsoft Azure (see Microsoft Azure Security) and use Stripe for payment processing. These third parties may access your information only to perform tasks on our behalf and under obligations consistent with this Policy.

Tax authorities and Peppol network

To deliver our core e-invoicing and reporting services, we transmit invoice data and related documents to the relevant tax authorities (e.g. Italian SDI, Polish KSeF, Spanish AEAT, Romanian ANAF) and to Peppol Access Point networks on your behalf. This is a necessary part of the Service.

Third-party integrations

Our platform supports optional integrations with third-party services such as ERP systems (e.g. Odoo). We are not responsible for what these third parties do with your personal information. Your use of them is subject to their respective terms and privacy policies. Always review the relevant privacy policy before sharing personal information with third parties.

Legal compliance and law enforcement

We may disclose information about you or your account to third parties (including authorities and courts) when we have a good-faith belief that disclosure is reasonably necessary to comply with a law, regulation, or legal request, or to meet national or international security or law enforcement requirements.

Business transfers

If Clearvo or its operating entity is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction.

Aggregated and non-personal information

We may disclose aggregated or otherwise non-personal information — such as usage statistics — for commercial and non-commercial purposes.

5. Marketing opt-out and choice

If you sign up to receive marketing or informational announcements, those emails will include a way to opt out of future marketing communications. Marketing communications are any emails that are solely advertising or promoting services.

Transactional communications about your account or the Services are not considered marketing and cannot be opted out of while you remain a customer.

We will only contact you by electronic means based on our legitimate interests (where permitted by applicable law and limited to services similar to those previously provided) or your consent. You may object to direct marketing at any time and free of charge.

6. Storage period

We do not store personal data for longer than is legally permitted and necessary for the purposes described in this Policy. The retention period depends on the type of data, its purpose, and applicable law.

If you register for an account or correspond with us without subsequently purchasing our Services, we will erase your personal data after one year from registration or communication, unless you ask us not to.

Typically, we store your data for as long as you use our Services, or for as long as we have another legitimate purpose to do so, and thereafter for no longer than required or permitted by applicable law or necessary for internal reporting and reconciliation purposes.

We will erase personal data after the applicable retention period, or promptly upon a valid erasure request from you.

7. Security

The security of your information is important to us. No method of electronic transmission or storage is 100% secure; we cannot guarantee absolute security. We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in line with Article 32 of the GDPR.

If you have questions about our technical and organisational measures, see our security page for full details, or contact us at privacy@clearvo.io.

8. Individual rights

Right of access

You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to access that data.

Right to rectification

You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.

Right to erasure ("right to be forgotten")

You have the right to obtain the erasure of personal data concerning you without undue delay where certain grounds apply.

Right to restriction of processing

You have the right to obtain restriction of processing where certain grounds apply.

Right to data portability

You have the right to receive personal data concerning you — which you have provided to us — in a structured, commonly used, and machine-readable format.

Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes applicable data protection rules (GDPR).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on our legitimate interests. We will no longer process your data unless we can demonstrate compelling legitimate grounds. Where personal data is processed for direct marketing, you have the right to object at any time.

To exercise any of the above rights, please contact us at privacy@clearvo.io. We may seek to verify your identity before actioning your request.

References: Articles 15–18, 20, 21, and 77 of the GDPR.