Privacy Policy

3. How We Use Personal Data

We use personal data only for the purposes for which it was collected, including:

• Registering and authenticating users
• Providing role-specific platform functionality
• Displaying barrister availability and ClerkedLive status
• Enabling solicitors to contact clerks via the platform
• Managing subscriptions and billing
• Providing customer support
• Maintaining platform security and integrity
• Producing aggregated, anonymised usage analytics

We do not sell personal data to any third party.

4. Legal Bases for Processing

Under UK GDPR, we rely on the following lawful bases for processing personal data:

Our legitimate interests in processing data for platform security and analytics are: maintaining a safe, functional, and improving service for our users. We have assessed that these interests are not overridden by your rights and freedoms, given the limited and aggregated nature of the data involved.

Where we rely on consent (calendar synchronisation), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawal of consent does not affect your ability to use the platform, though certain availability features will be limited.

5. Microsoft Outlook Calendar Integration

Barristers may choose to connect their Microsoft Outlook calendar via OAuth 2.0 to enable availability display on the platform.

• Permissions requested are limited to calendar availability (free/busy status) only
• Access tokens and refresh tokens are stored securely and encrypted
• Calendar data is used solely to determine and display availability
• We do not use calendar data for marketing, profiling, or resale
• You may disconnect calendar access at any time from settings or support@clerked.co.uk

Barristers may choose to connect their Microsoft Outlook calendar via OAuth 2.0 to enable availability display on the platform.

6. How We Share Data

We share personal data only where necessary and only with trusted third-party processors under contractual obligations consistent with UK GDPR:

• Hosting provider — UK or EEA-based cloud infrastructure for platform hosting and data storage
• Microsoft — for calendar synchronisation, with your consent, under a data processing agreement
• Stripe — for subscription payment processing
• Email service providers — for transactional emails including verification and onboarding communications

We do not share personal data with third parties for marketing purposes.

7. International Data Transfers

Some of our third-party processors, including Stripe and Microsoft, are headquartered outside the UK and may process data in countries that have not been deemed to provide an adequate level of data protection by the UK Information Commissioner's Office.

• Standard Contractual Clauses (SCCs) approved by the ICO or the European Commission (as applicable)
• Adequacy decisions where applicable
• Supplementary technical and organisational measures where required

Further information is available on request by contacting privacy@clerked.co.uk.

8. Data Storage and Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including:

• Data hosted in the UK or EEA
• Encryption in transit using TLS 1.2 or higher
• Encryption at rest for personally identifiable information (AES-256 or equivalent)
• Role-based access controls limiting data access to authorised personnel only
• Secure storage and encryption of OAuth tokens
• Regular access reviews and activity monitoring
• Periodic security testing and vulnerability assessments

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay where required by law.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Active accounts — retained for the duration of the account
• Cancelled or inactive accounts — soft-deleted and retained for 12 months following cancellation, then permanently deleted unless a shorter period is requested or a longer period is required by law
• Hard deletion on request — upon receipt of a valid erasure request, personal data is permanently deleted within 30 days
• Financial and billing records — retained for 7 years as required by HMRC and applicable law
• Calendar data — deleted promptly upon disconnection of calendar access

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access — to obtain a copy of the personal data we hold about you
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — to request deletion of your personal data (“right to be forgotten”)
• Right to restriction — to request that we limit processing of your data in certain circumstances
• Right to object — to object to processing based on legitimate interests
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to withdraw consent — for calendar synchronisation, at any time
• Right to lodge a complaint — with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us at privacy@clerked.co.uk. We will respond within one calendar month. We may ask you to verify your identity before processing your request.

11. Automated Decision-Making

We do not make automated decisions about users that produce legal or similarly significant effects. Any recommendations or suggestions made by the Clerked platform are informational only and do not constitute automated decision-making within the meaning of Article 22 of the UK GDPR.

12. Children

The Clerked platform is intended for use by legal professionals and is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact privacy@clerked.co.uk and we will delete it promptly.

13. Cookies

We use essential cookies for authentication and session management. These are necessary for the platform to function and cannot be disabled. Non-essential analytics cookies may be introduced in future. Where this occurs, we will update this policy and provide a clear consent mechanism before any non-essential cookies are set.

14. How to Raise a Concern

If you have a concern about how we handle your personal data, we encourage you to contact us first so we can try to resolve it:

• Email: privacy@clerked.co.uk
• Post: Clerked Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE

We will acknowledge your concern within five working days and provide a full response within one calendar month.

If you remain dissatisfied following our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk

Helpline: 0303 123 1113

15. Changes to This Policy

We may update this Privacy Policy as Clerked evolves. Where changes are material, we will notify users via the platform or by email before the changes take effect. The current version of this policy is always available at www.clerked.co.uk.