Privacy Policy

1. Introduction

Clarevon ("we", "our", or "us") operates clarevon.com and provides IFRS 16 lease accounting software (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Clarevon, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

• Account information: Name, email address, organisation name, country, and password (stored as a bcrypt hash — we never store your plaintext password).
• Lease data: Lease terms, payment schedules, asset descriptions, and accounting entries you create within the platform. This data belongs to you.
• Billing information: Subscription plan, billing cycle, and payment reference numbers. We do not store full card numbers — payments are processed by Paystack, Flutterwave, or Stripe depending on your country.
• Usage data: Log data including IP address, browser type, pages visited, and timestamps. Used for security monitoring and product improvement.
• ERP credentials: If you connect an ERP system, your API credentials are encrypted at rest using AES-256-GCM with PBKDF2 key derivation. We cannot read your ERP credentials in plaintext.

3. How We Use Your Information

• To provide, maintain, and improve the Service
• To process payments and manage your subscription
• To send transactional emails (password resets, invoices, expiry notices)
• To enforce our Terms of Service and detect fraud or abuse
• To comply with legal obligations

We do not sell your data. We do not use your lease data to train AI models. We do not show you advertisements.

4. Data Storage and Security

Your data is stored in the region you select at registration (US, EU, UK, APAC, MEA, or India). We implement the following security measures:

• All data encrypted in transit via TLS 1.2 or higher
• Passwords hashed with bcrypt (never stored in plaintext)
• ERP credentials encrypted with AES-256-GCM + PBKDF2
• JWT tokens expire after 60 minutes; refresh tokens after 7 days
• Multi-tenant isolation — your data is never accessible to other organisations
• All access logged in a tamper-evident audit trail

5. Third-Party Services

We use the following third-party services to operate the platform:

• Paystack — payment processing for Nigerian accounts (NGN)
• Flutterwave — payment processing for African accounts (ex-Nigeria)
• Stripe — payment processing for all other countries
• Anthropic Claude — AI lease document abstraction (Professional and Enterprise plans only). Documents sent for extraction are not retained by Anthropic for training.

Each third-party service has its own privacy policy. We recommend reviewing them if you have concerns about how they handle data.

6. Data Retention

We retain your account and lease data for as long as your account is active. If you cancel your account, we retain your data for 30 days to allow recovery, after which it is permanently deleted. Billing records are retained for 7 years to comply with financial regulations.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your lease data in CSV or JSON format
• Object to processing of your data for certain purposes

To exercise these rights, email us at privacy@clarevon.com. We will respond within 30 days.

8. Cookies

Clarevon uses only essential cookies. We use a single HttpOnly, Secure, SameSite=Strict cookie to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a notice within the platform at least 14 days before the change takes effect.

10. Contact

For privacy-related questions or requests, contact us at privacy@clarevon.com.