✅ PRIVACY POLICY (ENGLISH – FINAL VERSION)

Privacy Policy

“Data clarity, mutual trust.”

Last Updated: November 24, 2025

Need the Terms & Conditions instead? View them here.

1. Who We Are

Clarivant S.C. (“Clarivant”, “we”, “us”) is a boutique AI and data analytics consultancy based in:

Monterrey, Nuevo León, Mexico

We design advanced analytics, AI engineering, and strategic intelligence solutions for clients across North America and beyond.

You can contact our Privacy Officer at:

📧 privacy@clarivant.ai

2. What This Policy Covers

This Privacy Policy is our Integral Privacy Notice, crafted to comply with:

  • LFPDPPP (Mexico, 2025 reform)
  • CPRA/CCPA (California, USA)
  • GDPR “light” compliance (because EU users may visit the site)

It explains how we collect, use, store, and protect your data when you interact with:

  • our website
  • our contact forms
  • our analytics tools
  • our AI-powered services

This policy applies to website visitors and prospective clients. Client-specific data processing for consulting engagements is governed by your MSA/SOW.

3. The Data We Collect

We collect only what is necessary—nothing more.

A. Identity Data

  • Name
  • Company
  • Job title

Why: Respond to inquiries, prepare proposals

Legal basis: Contract / Legitimate Interest

B. Contact Data

  • Email
  • Phone (if submitted)

Why: Communication and follow-up

Legal basis: Consent

C. Technical Data

Collected automatically through Next.js servers and Cloudflare:

  • IP address (transient)
  • Browser type
  • Device information
  • Timezone

Why:

  • Security (Cloudflare Turnstile)
  • Performance
  • Load balancing

Legal basis: Legitimate Interest (Security & Functionality)

D. Analytics Data (GA4)

Only with your consent via the cookie banner:

  • Page views
  • Navigation behavior
  • Interactions (anonymized unless you consent)

Legal basis: Consent

We use Google Consent Mode V2, which signals:

  • ad_storage
  • analytics_storage
  • ad_user_data
  • ad_personalization

When you deny consent, GA4 sends cookieless pings only—no identifiers.

E. Project Data (Clients Only)

Datasets you provide for consulting services.

Legal basis: Contract

We NEVER use your data to train our own foundational models.

F. Sensitive Data

We do not collect sensitive data via the website. If a consulting project requires it, we will request explicit written consent.

4. How We Use Your Data

We use your data to:

  • Provide and improve our website
  • Secure the platform
  • Respond to contact requests
  • Learn which content is useful
  • Maintain client relationships
  • Improve our products and services

We do not sell your personal information.

Under CPRA, “sharing” for advertising purposes is also restricted. We honor:

  • Global Privacy Control (GPC) signals
  • Cookie preferences
  • “Do Not Share” requests

5. How We Store & Transfer Data

Where data may be processed

Due to our infrastructure, your data may pass through or be processed in:

  • Mexico
  • United States
  • Cloudflare global network regions

We rely on:

  • Standard Contractual Clauses (SCCs)
  • Cloudflare and Google’s data protection agreements
  • Official compliance frameworks

6. Your Rights

Mexico (LFPDPPP 2025) — ARCO Rights

You may:

  • Access
  • Rectify
  • Cancel
  • Oppose

You also have the right to oppose automated decision-making.

California (CPRA/CCPA)

You may:

  • Know what personal information we collect
  • Request deletion
  • Correct inaccurate information
  • Opt-out of “sharing” for ads (we honor GPC automatically)
  • Limit use of sensitive information (not applicable here)

EU (GDPR-lite)

You may:

  • Request access
  • Correct
  • Delete
  • Object
  • Request portability

We apply GDPR principles even though we are not based in the EU.

How to exercise your rights

Email us at privacy@clarivant.ai

Response times:

  • Mexico: within 20 business days
  • California/EU: within 45 days

7. Security Measures

We implement:

  • Encryption (TLS 1.3)
  • MFA for internal systems
  • Vendor risk assessments
  • Network protections (Cloudflare)
  • Secure development practices

If a breach occurs, we will notify affected users promptly and follow legal timelines.

8. Third-Party Services

We use:

  • Cloudflare (security, CDN, Turnstile anti-bot)
  • Google Analytics 4 (analytics, consent mode)
  • Next.js (SSR and routing)

These vendors act as data processors and must follow our instructions.

9. Updates to This Notice

We may update this policy due to:

  • Changes in law
  • Updates in our technology
  • New features

We will notify you of significant changes.

10. Authority Contacts

If you are not satisfied with our response, you may contact:

  • Mexico: Ministry of Anti-Corruption and Good Governance
  • California: California Privacy Protection Agency
  • EU: Your local Data Protection Authority