Privacy Policy

1. Who We Are (Data Controller)

Rajan Clarity ("we", "us", "our") is the data controller for personal data collected through the Decision Engine platform and any associated services, including this website, the online assessment tool, report delivery, and session booking.

We operate under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Trading name: Rajan Clarity / Decision Engine
Contact email: contact@claritybyrajan.com
Website: Decision Engine by Rajan Clarity

If you have any questions about how we handle your personal data, please contact us at contact@claritybyrajan.com before submitting a formal complaint.

2. Personal Data We Collect

We collect the following categories of personal data when you use our services:

Information you provide directly:

Full name and email address
Age and date of birth (year)
Country of residence and passport/nationality
Educational background: qualifications, grades/percentage, backlogs
English language test type and score (e.g. IELTS)
Field of study and career interests
Annual budget and source of funds
Goals, motivations, concerns, and three-year vision (free-text responses)
Payment information (processed entirely by Stripe — we do not store card details)
GDPR consent timestamp and record

Data collected automatically:

IP address and approximate geographic location
Browser type and device information
Pages visited, time spent, and actions taken (via Google Analytics)
Session identifiers (via essential cookies)

We do not intentionally collect any special category data (such as health, race, religion, or political opinions) as defined under Article 9 of the UK GDPR. If you volunteer such information in a free-text field, it will be stored as part of your submission but not processed separately.

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we are required to have a valid lawful basis before processing your personal data. We rely on the following bases:

Processing Activity	Lawful Basis
Generating your personalised assessment report	Contract (Art. 6(1)(b)) — necessary to provide the service you requested
Processing payment for the full report	Contract (Art. 6(1)(b)) — necessary to complete the transaction
Sending you your report and order confirmation by email	Contract (Art. 6(1)(b)) — necessary to fulfil our service obligations
Storing your data in our leads database for service improvement	Consent (Art. 6(1)(a)) — you tick the GDPR consent box before submitting
Sending follow-up emails, guidance newsletters, or marketing	Consent (Art. 6(1)(a)) — you must separately opt in via Mailchimp
Analytics and service improvement (Google Analytics)	Legitimate Interests (Art. 6(1)(f)) — to improve platform quality; data is anonymised
Fraud prevention and platform security	Legitimate Interests (Art. 6(1)(f)) — to protect our users and services
Legal compliance (e.g. financial records)	Legal Obligation (Art. 6(1)(c)) — required by UK law

Where we rely on legitimate interests, we have carried out a balancing test and determined that our interests do not override your rights and interests. Where we rely on consent, you may withdraw it at any time (see Section 8).

4. How We Use Your Personal Data

We use your personal data only for the following purposes:

To generate and deliver your personalised AI-powered Decision Report
To process your payment and send an order confirmation
To send you your PDF report by email and enable downloading
To provide follow-up guidance if you have requested it
To process bookings for 1-to-1 sessions
To subscribe you to Mailchimp email updates (only if you opted in)
To improve the accuracy and quality of our AI models using anonymised, aggregated data
To comply with our legal and regulatory obligations
To detect and prevent fraud or misuse of the platform

We will never sell, rent, or trade your personal data to any third party for their own marketing purposes.

5. Who We Share Your Data With

We share personal data only where strictly necessary. The third parties we use, and the data shared with each, are listed below. All are bound by their own privacy policies and data processing agreements.

Stripe, Inc. — payment processing. We share your name and email address to process your payment. Stripe processes card data on their PCI-DSS-compliant servers. We do not store your card details. See: stripe.com/gb/privacy
OpenAI, L.L.C. — AI report generation. Your profile data (non-identifiable fields: age range, education level, field, budget) is sent to OpenAI's API to generate your report. We do not send your name or email to OpenAI. See: openai.com/policies/privacy-policy
Perplexity AI — live research queries. General subject-matter queries (no personal identifying information) are sent to Perplexity to retrieve current university and visa data.
Mailchimp (Intuit Inc.) — email communications. Your name and email address are sent to Mailchimp only if you have opted in to receive emails from us. You can unsubscribe at any time. See: mailchimp.com/legal/privacy
Google Analytics (Google LLC) — website analytics. Anonymous behavioural data is collected. IP addresses are anonymised. This does not include your name or assessment data. See: policies.google.com/privacy
Replit, Inc. — hosting and infrastructure. Your data is stored on Replit's servers as part of our hosting arrangement. See: replit.com/site/privacy

We may disclose your personal data to law enforcement or regulatory bodies if required to do so by law, court order, or to protect the rights, property, or safety of Rajan Clarity, our users, or the public.

6. International Data Transfers

Some of our third-party service providers (including Stripe, OpenAI, Mailchimp, and Google) are based in the United States. This means your personal data may be transferred to and processed in countries outside the United Kingdom.

Where such transfers occur, we ensure an appropriate level of protection is in place through one or more of the following mechanisms:

The country has been deemed adequate by the UK Government (adequacy regulations under the UK GDPR)
The transfer is covered by UK International Data Transfer Agreements (IDTAs) or equivalent Standard Contractual Clauses approved by the ICO
The recipient is certified under a recognised framework providing equivalent protections

You may request further details about the specific safeguards in place for any third-party transfer by contacting us at contact@claritybyrajan.com.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy:

Assessment data and reports: retained for up to 2 years from the date of submission, after which it is permanently deleted from our systems.
Payment records: retained for 7 years to comply with UK financial record-keeping requirements (HMRC).
Email marketing records (Mailchimp): retained until you unsubscribe or withdraw consent, or until we cease use of the Mailchimp platform.
Analytics data (Google Analytics): retained for up to 14 months in line with our Google Analytics configuration.
Support correspondence: retained for up to 1 year after the correspondence is closed.

At the end of the retention period, data is securely deleted or anonymised such that it can no longer be attributed to you.

8. Your Rights Under UK GDPR

As a data subject under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:

📋 Right of Access (Art. 15) Request a copy of all personal data we hold about you. We will respond within one month.

✏️ Right to Rectification (Art. 16) Request correction of any inaccurate or incomplete personal data we hold.

🗑️ Right to Erasure (Art. 17) Request deletion of your personal data ("right to be forgotten") where there is no overriding legal basis to retain it.

⏸️ Right to Restriction (Art. 18) Request that we restrict how we process your data in certain circumstances (e.g. while you contest its accuracy).

📤 Right to Data Portability (Art. 20) Receive your data in a structured, machine-readable format to transfer to another service, where technically feasible.

🚫 Right to Object (Art. 21) Object to processing based on legitimate interests or direct marketing at any time. We will stop unless we can show compelling legitimate grounds.

↩️ Right to Withdraw Consent (Art. 7) Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.

🤖 Rights re Automated Decisions (Art. 22) Not to be subject to a solely automated decision that significantly affects you. See Section 10 for details.

To exercise any of these rights, email us at contact@claritybyrajan.com with the subject line "Data Subject Request". We will acknowledge within 5 working days and respond fully within one calendar month (extendable to three months for complex requests, with notice to you).

You will not be charged a fee to exercise your rights. We may need to verify your identity before processing your request.

Right to Lodge a Complaint with the ICO

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's independent data protection authority.

📞 ICO Helpline: 0303 123 1113
🌐 Website: ico.org.uk/make-a-complaint
📮 Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would appreciate the opportunity to address your concerns directly before you contact the ICO. Please contact us first at contact@claritybyrajan.com.

9. Cookies and Tracking Technologies

We use cookies and similar technologies on this website in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and UK GDPR.

Essential cookies (no consent required):

Session cookie — maintains your assessment session so your answers are not lost when navigating between steps. Expires when you close your browser.
CSRF protection token — protects form submissions from cross-site request forgery attacks. Expires at session end.

Analytics cookies (anonymous):

Google Analytics (_ga, _gid) — tracks anonymous page views and site behaviour to help us improve the service. Your IP address is anonymised before it is stored. Expires after 2 years (_ga) and 24 hours (_gid).

What we do NOT use:

Advertising or retargeting cookies
Social media tracking pixels
Cross-site tracking of any kind

You can control cookies through your browser settings. Disabling essential cookies may prevent the assessment form from working correctly.

10. Automated Decision-Making and AI Processing

Our service uses AI (GPT-4o by OpenAI) to generate your personalised report. While this process is automated, the output is guidance only and does not constitute a legally or significantly binding decision about you.

Specifically:

No automated decision is made that refuses you any right, opportunity, or service
The report is a suggestion tool to assist your own decision-making, not a replacement for it
No profiling produces legal or similarly significant effects (as defined under Article 22 UK GDPR)
You are free to disregard any or all of the report's content

We do not use your data for any automated profiling that produces legal effects or similarly significant decisions without human involvement.

11. How We Keep Your Data Secure

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect against unauthorised access, loss, destruction, or disclosure:

All data is transmitted over HTTPS/TLS encryption
The admin panel is password-protected and not publicly accessible
Payment data is handled entirely by Stripe's PCI-DSS-compliant systems — we never see or store card numbers
Our database is stored on a secured server with restricted access
API keys and secrets are stored as environment variables, not in source code
We limit access to personal data to those who need it to operate the service

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and, where required, notify the ICO within 72 hours of becoming aware of the breach.

12. Children's Privacy

Our service is directed at individuals aged 15 and over. We do not knowingly collect personal data from children under the age of 13. Where a user is between 13 and 15 years old, we recommend parental guidance.

If you believe we have inadvertently collected data from a child under 13, please contact us immediately at contact@claritybyrajan.com and we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Where the changes are significant, notify you by email (if we hold your email address) or by a prominent notice on the website

We encourage you to review this policy periodically. Continued use of our service after changes are posted constitutes acceptance of the updated policy.

14. How to Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or the way we handle your personal data, please contact us:

Email: contact@claritybyrajan.com
Subject line for data requests: "Data Subject Request"
Response time: We aim to acknowledge all enquiries within 5 working days and respond fully within one calendar month.

This Privacy Policy is governed by the laws of England and Wales. The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office (ICO).

Contents