Legal
Privacy Policy
Last updated: May 2026 · Constellation Governance, Nottingham, UK
Short version: We collect only what we need to deliver your audit. We don't sell data. We don't use tracking pixels. We use your email to send you your audit report and nothing else unless you say otherwise.
1. Who we are
NodeClear is a trading product of Constellation Governance, operated by Rindai Chiremba, Nottingham, United Kingdom. References to "we", "us", or "our" in this policy refer to Constellation Governance.
We are not a data broker, advertising platform, or insurance company. We are an AI risk audit service.
2. What data we collect and why
We collect personal data only where necessary to deliver our service:
- Email address — collected when you purchase an audit, register for agency whitelist access, or contact us. Used to deliver your audit report, send transactional updates, and (if you opt in) notify you of product updates.
- Checklist responses — the answers you provide in the free risk checklist are processed in your browser only. They are not sent to our servers unless you proceed to purchase an audit.
- Payment data — handled entirely by Stripe. We never see or store your card details. Stripe's privacy policy applies: stripe.com/gb/privacy.
- Business information — during a paid audit, we may ask about your AI systems, contracts, and insurance policies. This information is used only to produce your audit report and is held confidentially.
- Technical data — standard server logs (IP address, browser type, page visited, timestamp) retained for 30 days for security purposes. Not used for profiling or advertising.
3. Legal basis for processing (UK GDPR)
- Contract performance — processing your email and audit information to deliver the service you purchased.
- Legitimate interests — server logs retained for security; follow-up on incomplete purchases (once, not repeatedly).
- Consent — marketing communications (product updates, new services). You can withdraw consent at any time.
4. Who we share data with
We do not sell, rent, or share your personal data with third parties for their own purposes. We use the following service providers to operate our business:
- Stripe — payment processing (UK/EU data residency options)
- Railway / Render — server hosting for the agency interest webhook
- Google Fonts — font delivery (standard CDN, no tracking)
If you proceed to a broker referral, we will share your name and email with the relevant licensed broker only with your explicit consent at the point of referral.
5. How long we keep your data
- Audit reports and associated business information: 2 years from delivery date
- Email address (agency whitelist): until white-label launch + 6 months, or until you ask us to delete it
- Payment records: 7 years (UK legal requirement for financial records)
- Server logs: 30 days
6. Your rights
Under UK GDPR, you have the right to:
- Access a copy of the personal data we hold about you
- Correct inaccurate data
- Request erasure ("right to be forgotten") — subject to legal retention requirements
- Object to processing based on legitimate interests
- Withdraw consent at any time (for marketing communications)
- Lodge a complaint with the ICO: ico.org.uk
To exercise any of these rights, email us at privacy@constellation-governance.com. We will respond within 30 days.
7. Cookies
Our landing page uses no tracking cookies, advertising cookies, or analytics cookies. The only browser storage used is localStorage as a fallback for the agency interest form if our server is temporarily unavailable. This data stays in your browser and is never transmitted unless you complete the form.
8. Changes to this policy
We may update this policy when our services change. Material changes will be notified by email to active clients. The date at the top of this page always shows the last update.
9. Contact
For privacy enquiries: privacy@constellation-governance.com
Constellation Governance, Nottingham, United Kingdom