Last updated: May 2026
Clareo is operated by Michael Holemans, a Belgian self-employed professional (eenmanszaak / sole proprietorship), trading as "Clareo".
This service is intended for business users (B2B). Full operator details are available on our Legal information page.
| Processing activity | Data | Legal basis |
|---|---|---|
| Account creation | Name, email address | Contract performance |
| Business registry lookup | VAT number, business name, address (public registers) | Legitimate interest (documented LIA) |
| Website crawling | Publicly available website data | Legitimate interest |
| AI analysis | Business name, industry, website content processed via AI services | Contract performance |
| Payments | Payment data (processed by payment processor) | Contract performance |
| Email communication | Email address, usage data | Legitimate interest |
We use the following sub-processors to deliver the Service. Personal data sent to each is limited to what is necessary for that specific purpose.
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database, storage | EU (Frankfurt) |
| Stripe | Payment processing and invoicing | Ireland (EU billing) + US |
| Resend | Transactional email delivery | EU + US |
| Fastmail | Inbound email (info@ / privacy@) | US (servers) / Australia (company) |
| Sentry | Application error monitoring | EU + US |
| Netlify | Static website hosting and CDN | US (global edge with EU PoPs) |
| Fly.io | Worker hosting and analysis pipeline execution | EU (Frankfurt) |
| Anthropic (Claude) | AI content generation and analysis | US |
| OpenAI (ChatGPT) | AI content generation and blind tests | US |
| Google (Gemini, Knowledge Graph, Places, PageSpeed) | AI analysis, classification, search | EU + US |
| Perplexity | AI research and blind tests | US |
| Firecrawl | Web page extraction | US |
| Serper | Search results retrieval | US |
| Brave Search | Search results retrieval | US + EU |
We have a signed Data Processing Agreement (DPA) in place with each sub-processor above. For US-based sub-processors, the DPA rests on either the EU-US Data Privacy Framework (where the provider is DPF-certified) or the 2021 EU Commission Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR for any transfer not covered by the DPF. Copies are available on request via privacy@clareo.be. We do not sell personal data to any third party.
Your data is processed in the United States. We ensure an adequate level of protection via the EU-US Data Privacy Framework (DPF) where available, and Standard Contractual Clauses (SCCs) for all other transfers, in accordance with Article 46(2)(c) GDPR.
Under the GDPR, you have the right to:
You can export your data and delete your account via your dashboard settings. Upon deletion, all your data is permanently erased.
Contact us at privacy@clareo.be. We will handle your request within 30 days.
You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA/APD):
Drukpersstraat 35, 1000 Brussels — www.dataprotectionauthority.be
Clareo uses AI technology to perform analyses and calculate scores. These scores are informational and have no legal effects. No automated decision-making within the meaning of Article 22 GDPR takes place.
Clareo uses only essential cookies for authentication (session cookies). We do not use analytics, tracking, or marketing cookies. Therefore, no cookie banner is needed.
We use your browser's Accept-Language header to pick a default language (English, Dutch or French) on your first visit. Your subsequent choice is stored locally in your browser (key: clareo-lang) and is not transmitted to our servers.
Under Article 37 GDPR, Clareo is not required to appoint a DPO. For privacy inquiries: privacy@clareo.be.
When a Clareo user requests an analysis of a business (their own or any other business by website URL), Clareo automatically collects information from publicly available sources: the business's own website, public business registers (KBO, KVK, SIRENE, Companies House, VIES), AI engines, and search engines. This may incidentally include personal data that the business itself has published online (such as names of founders, team members, or contact persons).
Legal basis (Article 6(1)(f) GDPR): Legitimate interest in providing AI findability analysis on the basis of public business information. We balance this interest against the rights of data subjects by limiting collection to what is necessary, retaining data only while reports are active, and providing a clear removal channel.
What we store: Only the data needed to produce and retain the analysis report. We do not enrich or resell business data, and we do not build profiles of individuals beyond what the business itself has published.
Retention: Business analyses are retained as long as the requesting Clareo account is active. On account deletion, related analyses are deleted within 30 days.
Article 14(5)(b) — disproportionate effort: Individual notification to every person mentioned on every analyzed website would involve disproportionate effort given the volume and the absence of direct contact channels for many data subjects. In line with EDPB guidance on web-scraping and the Article 14(5)(b) exception, we provide this collective notice instead.
Right to be removed: If you are a person mentioned in a Clareo analysis, or you are a business owner who does not want their business analyzed by Clareo, write to privacy@clareo.be with the website concerned. We acknowledge within 72 hours, respond substantively within 7 days, and complete removal of the existing analysis + add the domain to a permanent exclusion list within 30 days (in line with GDPR Article 12(3)). We respectrobots.txt directives that target our crawler (ClareoBot) or all crawlers during crawling. Full procedure and response times: Trust & Safety.
We may update this privacy policy. Significant changes will be communicated via email. The most recent version is always available at clareo.be/privacy.