Privacy Policy
Last updated: April 29, 2026
1. Data controller and data processor
Uneven Bits ApS, CVR no. DK30487842, domiciled in Denmark, has two roles depending on the data being processed. For data about account holders — meaning the individuals who create an account and use the Clarifier dashboard — we are the data controller. For chat data from visitors on a website using the Clarifier widget, our customer is the data controller and we act as a data processor on the customer's behalf under GDPR Article 28. All processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and Danish data protection legislation.
2. What information do we process?
We process two categories of personal data. Account data (we are the controller): name, email address, company name, payment information (handled via Stripe; we do not store card data), technical data (IP address, browser type, cookies), and usage data (log files, dashboard interaction, support communications). Visitor data (we are the processor on our customer's behalf): chat messages written by visitors on a website using the Clarifier widget, plus technical metadata such as IP address and browser type. What visitors write in the chat may contain personal data — it is our customer's responsibility to inform visitors of this in their own privacy notice.
3. Purpose of processing
We process account data to: deliver and administer the Clarifier service, create and maintain your account, process payments and invoicing, provide customer support, send service messages, comply with legal requirements, and improve and develop the platform. We process visitor data solely to deliver the chat assistant on the customer's behalf — including retrieving relevant content via vector search and generating answers via language models — and to give the customer insight into conversations and usage patterns.
4. Legal basis
For account data we process personal data on the following bases under GDPR Article 6(1): (a) Performance of contract — necessary to fulfill the agreement for delivery of the service. (b) Legal obligation — necessary to comply with legislation, including bookkeeping and tax laws. (c) Legitimate interests — necessary to operate, secure, and develop the service, provided your interests do not take precedence. For visitor data we process information solely on the documented instructions of our customer (the data controller) under the data processing agreement.
5. Data retention
We retain personal data for as long as necessary for the purposes for which it was collected. Account information is retained while you have an active account. Upon cancellation, account data is deleted within 30 days, unless we are required to retain it under applicable legislation (e.g., the 5-year bookkeeping requirement). Payment information is retained in accordance with bookkeeping requirements. Log files and technical data are retained for up to 12 months. Chat conversations from the widget are retained for up to 30 days and then deleted automatically, unless the customer configures a shorter period.
6. Sub-processors and international transfers
To deliver the service we use the following sub-processors: OpenAI (USA — embeddings for search across customer content), Anthropic (USA — the Claude language model for generated answers), xAI (USA — the Grok language model for generated answers), Cloudflare (EU/USA — website crawling and file storage), Stripe (EU/USA — payment processing), and Brevo (EU — sending service emails). Transfers to the USA are made on the basis of the European Commission's adequacy decision (EU-US Data Privacy Framework) or, where applicable, the European Commission's Standard Contractual Clauses. We notify customers before adding or replacing sub-processors that process visitor data.
7. Your rights
Under the GDPR and Danish data protection legislation, you have the following rights against the data controller: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object. Where we are the controller (account data), you can exercise your rights by writing to [email protected]. Where the matter concerns visitor data and our customer is the controller, you should contact that customer directly — we will gladly forward the request if you contact us first in case of doubt. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) if you believe we are processing your information in breach of the GDPR.
8. Contact
If you have questions about our processing of personal data or wish to exercise your rights, please contact us at [email protected].