CECastle Entropy by Clear Garment Group
Privacy Policy

Privacy Policy

Effective date: 30 May 2026 · Operator: Clear Garment Group ("we"), operator of Castle Entropy.

This policy explains, in plain terms, how we handle data for the Castle Entropy service. It describes our current practices; the binding terms for a paying customer are set out in that customer's agreement and Data Processing Addendum (DPA), which control if they differ from this page.

1. Who controls the data

For data a customer submits to the service, the customer is the controller and Clear Garment Group acts as a processor, handling that data only on the customer's documented instructions. For account and website data (for example, an email address used to sign in), we act as the controller.

2. What we collect

  • Account data: email, display name, and a salted password hash (never the plaintext password).
  • Service data: metadata about the AI and data assets you manage (references, hashes, policies, decisions), and evidence records you create.
  • Operational data: audit events, request identifiers, and security logs needed to run the service securely.

3. How we use it

We process data to provide, secure, maintain, and support the service. We do not use customer personal data for advertising, and we do not use it to train models for another customer's benefit, or for our own model training, without explicit written authorization.

4. Retention, deletion, and proof

You can close your account from the account page. When you do, we delete your operational and personal data and retain a minimal evidence record (and audit log) that the closure occurred. We do not guarantee deletion from third-party systems, backups, or caches that are outside our control. Where we are a processor, we follow the customer's instructions and the DPA for retention and deletion.

5. Sub-processors

We track the sub-processors we use and do not activate a new sub-processor that handles customer personal data without providing the notice and obtaining the approvals required by the applicable agreement.

6. Security

We apply data isolation, least-privilege access, encryption in transit and at rest using approved infrastructure controls, audit logging, and rate limiting. See our security overview. No method of transmission or storage is perfectly secure, and we do not claim it is.

7. Your choices and rights

Depending on your location, you may have rights to access, correct, export, or delete personal data. For account data, contact us. Where we process data on a customer's behalf, please direct rights requests to that customer, whom we support in fulfilling them.

8. Cookies and local storage

The website does not use advertising or tracking cookies. The account area stores a session token in your browser's local storage solely to keep you signed in; clearing it or signing out removes it.

9. Children

The service is intended for organizations and is not directed to children.

10. Changes

We may update this policy. Material changes will be reflected by an updated effective date and, where appropriate, additional notice.

11. Contact

Privacy questions: support@cleargarment.com. Security reports: security@cleargarment.com.

This Privacy Policy is provided for transparency and is not legal advice. It does not, by itself, constitute a certification or a guarantee of any particular legal or regulatory outcome. Where a signed customer agreement or DPA exists, that agreement controls.