Privacy Policy – Clear AML

Operated by Brive Pty Ltd
Last updated: 11 December 2025

1. Who we are

This Privacy Policy explains how Brive Pty Ltd (ABN [insert], trading as Clear AML) (“Brive”, “Clear AML”, “we”, “us”, “our”) collects, uses and discloses personal information when you:

  • visit any Clear AML websites or landing pages
  • use the Clear AML web application and related services (“Service”)
  • communicate with us by email, chat, phone or support portal.

By using the Service, you agree to the collection and use of information in accordance with this Policy.

2. Information we collect

We collect the following types of information.

2.1 Account and contact information

  • Name, job title, firm name
  • Work email address, phone number, postal address
  • Login credentials (hashed passwords), authentication tokens
  • User settings and preferences.

2.2 Billing and transaction information

  • Subscription plan, invoices and payment history
  • Limited payment card details processed by our PCI‑compliant payment provider (we do not store full card numbers).

2.3 Usage and technical data

  • IP address, browser type, device identifiers, operating system
  • Pages visited, features used, timestamps and clickstream data
  • In‑app activity logs (for example: clients created, assessments run, exports)
  • Cookies and similar technologies.

2.4 Customer Data

Our customers may upload, import, or sync information about their own clients and related parties, including:

  • Identity details (name, date of birth, address, contact details, identification document details, and biometric data such as facial images where liveness checks are required)
  • Business details (company name, registration numbers, directors, beneficial owners)
  • Risk assessments, screening results, internal notes and supporting documents.

For Customer Data, Brive generally acts as a data processor / service provider and processes it only on the customer’s instructions. Customers are responsible for providing appropriate notices to, and obtaining any necessary consents from, their own clients.

3. How we collect information

We collect information:

  • directly from you when you create an account, start a trial, update your profile, contact support or respond to surveys
  • automatically when you use the website or Service, through cookies, logs and analytics tools
  • from third‑party providers and public sources, where permitted by law and your settings, including:
    • Government registers (e.g., ASIC, ABR) for business verification
    • Integrated business platforms you connect (e.g., Xero, MYOB)
    • Identity verification, sanctions screening, and payment providers.

4. How we use information

We use personal information to:

  • Provide and maintain the Service – creating accounts, authenticating users, processing payments, hosting data, providing dashboards and reports
  • Secure the Service – monitoring usage, detecting and preventing fraud, abuse and security incidents
  • Improve and develop Clear AML – troubleshooting, testing, analytics, research and new feature development (using aggregated or de-identified data where possible)
  • Communicate with you – sending service‑related notices, onboarding help, security alerts and responses to your enquiries
  • Send marketing – product updates, webinars and offers (in accordance with applicable marketing and spam laws; you can unsubscribe at any time)
  • Comply with law – record‑keeping, responding to lawful requests, resolving disputes and enforcing our agreements.

We do not sell personal information.

5. Legal bases (if GDPR/UK GDPR applies)

Where EU/UK GDPR applies, we rely on: performance of a contract, compliance with legal obligations, our legitimate interests in operating and improving the Service (balanced against your rights), and your consent where required (for example, certain cookies or marketing).

6. How we share information

We may share personal information with:

  • Service providers / subprocessors (cloud hosting, data storage, email, support tools, analytics, identity‑verification, sanctions‑screening, payment processing) under contracts requiring them to protect personal information and use it only for our specified purposes.
  • Your organisation – certain information (e.g. activity logs) is visible to your firm’s administrators and authorised users.
  • Professional advisers – lawyers, auditors and insurers, where reasonably necessary.
  • Regulators and law enforcement – where we are legally required or permitted to do so.
  • Business transfers – if Brive is involved in a merger, acquisition or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate safeguards.

We do not allow our subprocessors to use your Customer Data for their own marketing.

7. International transfers

Our infrastructure and some service providers may be located outside Australia or your home jurisdiction. Where personal information is transferred internationally, we take reasonable steps to ensure an appropriate level of protection (for example, by using standard contractual clauses and working with reputable providers that follow recognised security and privacy standards).

8. Security

We implement technical and organisational measures designed to protect personal information, including:

  • encryption in transit (TLS) and at rest
  • access controls, role‑based permissions and least‑privilege principles
  • audit logging, monitoring and alerts
  • regular backups and disaster‑recovery processes
  • vendor due diligence and contractual security commitments.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Data retention

We keep personal information only for as long as reasonably necessary to:

  • provide the Service and manage your account
  • meet our legal, tax, accounting and regulatory obligations
  • resolve disputes and enforce our agreements.

After your subscription ends, we will delete or de‑identify Customer Data within a reasonable period, subject to legal requirements. Customers may request export of their data before closure.

10. Your rights

Subject to applicable law, you may have rights to:

  • access the personal information we hold about you
  • request correction of inaccurate or incomplete information
  • request deletion, or restriction of processing, in certain circumstances
  • object to certain processing (including direct marketing)
  • request data portability
  • withdraw consent where processing is based on consent.

Contact us using the details below to exercise these rights. For Customer Data that we process on behalf of a customer, we may direct you to that customer.

11. Cookies

We use cookies and similar technologies to operate our website, remember your preferences and analyse traffic. You can manage cookies through your browser and any cookie banner we provide. Some cookies are essential and the Service may not function correctly without them.

12. Third‑party links

Our sites and the Service may contain links to third‑party websites. We are not responsible for their privacy practices and encourage you to review their policies.

13. Children

Clear AML is intended for business users and is not directed at individuals under 18. We do not knowingly collect personal information from children.

14. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date shows when changes were made. For material changes we will provide additional notice (for example by email or in‑app). Your continued use of the Service after an update constitutes acceptance of the revised Policy.

15. Contact us

For privacy questions, requests or complaints, contact:

Brive Pty Ltd (trading as Clear AML)

Attn: Privacy Officer

[Insert postal address]

[Insert email address]

If you are in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).