Privacy Policy

Privacy Policy

Last updated: 6 May 2025

This notice explains how Barolo AI Ltd (“Barolo AI”, “we”, “us”, “our”) collects, uses and safeguards personal data when you interact with our website cleanlisting.app and the Clean Listings service (together, the “Service”). It also sets out the rights you enjoy under the UK General Data Protection Regulation (“UK GDPR”).

1  Who we are

  • Company: Barolo AI Ltd, a company registered in England and Wales (Company Number: 16230831)
  • Email for all privacy matters: hello@barolo.ai
  • We are registered with the Information Commissioner’s Office (ICO) and pay the annual data‑protection fee.

2  Scope of this notice

This policy applies when you:

  • browse our public website;
  • create or manage a Clean Listings account;
  • upload photos, prompts or other content to generate AI output;
  • receive emails or support from us;
  • interact with our social‑media pages, marketing pixels or embedded plug‑ins.

External sites and services linked from our platform have their own privacy notices.

3  Data we collect

a) Information you provide directly

  • Account & profile: name, email, login credentials.
  • Style & listing details: property descriptions, text prompts, decor preferences, budgets, project notes.
  • Uploads: photos, images, and any embedded metadata.
  • Billing: billing contact, VAT number, country, Stripe customer ID. *We never store full card numbers; Stripe processes them.
  • Communications: emails, support tickets, survey or contest entries. Phone calls you request may be recorded or monitored for training and quality.

b) Information we collect automatically

  • Usage & device data: IP address (which gives us coarse location), browser type, operating system, pages visited, in‑app actions, error logs.
  • Cookies & similar tech: session identifiers, analytics data and—only with your consent—marketing pixels. Details are in Section 9.

c) Social‑media interactions

If you like, follow or message us on LinkedIn, Instagram, X or similar platforms, those providers may share aggregated analytics with us or, where you message us, your profile information. Your activity on those platforms is governed by their own privacy policies.

Special‑category data: We do not intentionally collect sensitive personal data. Please do not upload it.

4  How and why we use personal data

  1. To deliver the Service Legal basis: contract. We create and manage your account, store uploads, generate AI output, process payments and send essential emails.

  2. To keep the Service safe and reliable Legal basis: our legitimate interests. We monitor abuse, secure accounts and enforce our Terms in a way that does not override your rights.

  3. To improve features, models and user experience Legal basis: our legitimate interests. We analyse aggregated usage patterns, run diagnostics and test new ideas.

  4. To personalise marketing and measure effectiveness Legal basis: your consent. We set non‑essential cookies or send you product updates only if you opt in.

  5. To run surveys, contests or promotions Legal basis: your consent. We use the details you volunteer to administer the activity.

  6. To meet legal obligations Legal basis: compliance with law. We keep tax records, obey court orders and respond to regulators.

Whenever we rely on legitimate interests, we balance those interests against your rights and expectations.

5 How we share personal data

We may disclose personal data to the following categories of recipients whenever this is necessary to operate and improve the Service, comply with law, or protect our rights and those of others:

  1. Payment processors to handle subscription fees, refunds and fraud prevention.

  2. Cloud‑hosting and storage providers to host our website, databases, authentication service and file‑storage buckets.

  3. Artificial‑intelligence service providers to generate or transform images and text from the content you upload.

  4. Analytics and marketing partners to understand usage patterns, measure campaign performance and (with your cookie consent) show relevant ads on other sites.

  5. Professional advisers, auditors and insurers for accounting, legal or risk‑management purposes.

  6. Regulators, law‑enforcement and courts when we are legally required to do so, or to protect our rights or the rights of others.

All recipients are contractually bound to safeguard the data and to use it only for the purposes for which it was disclosed.

6  International transfers

When personal data leaves the UK/EEA we safeguard it with UK‑approved Standard Contractual Clauses and supplementary measures such as encryption and strict access controls.

7  Retention and deletion

  • Account & billing records: kept for seven years after your last transaction (HMRC rules).
  • Uploaded photos & generated images: deleted 90 days after your subscription ends unless you remove them sooner.
  • Support tickets & emails: retained for two years.
  • Marketing contact data: kept until you withdraw consent or two years after your last interaction, whichever is sooner.
  • Encrypted back‑ups: residual copies may persist for up to 35 days before automatic purge.

After account closure or file deletion, data we no longer need is securely destroyed except where law requires retention.

8  Your rights

You can:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (“right to be forgotten”).
  • Restrict how we process your data.
  • Port your data to another provider.
  • Object to processing based on legitimate interests or to direct marketing.
  • Withdraw consent at any time (for example, unsubscribe from marketing emails).

To exercise any right, email hello@barolo.ai. We will respond within one month, free of charge, unless requests are manifestly unfounded or excessive.

9  Cookies and similar technologies

We use:

  • Essential cookies – keep you signed in, protect forms from CSRF. These are always on.
  • Analytics cookies – Google Analytics (_ga) measure traffic and usage patterns. Set only if you opt in.
  • Marketing/targeting cookies – LinkedIn Insight Tag or Meta Pixel personalise ads on other sites. Set only if you opt in.

You may withdraw consent or change preferences at any time via our cookie‑banner link or your browser settings. If your browser sends a “Do Not Track” signal, we disable non‑essential cookies automatically.

10  Security measures

  • TLS 1.2+ encryption for data in transit.
  • AES‑256 encryption for data at rest.
  • Multi‑factor authentication and role‑based access for staff.
  • Regular vulnerability scanning, logging and incident‑response procedures.

While we apply industry‑standard safeguards, no system is perfectly secure; you use the Service at your own risk.

11  Controller versus processor roles

  • Barolo AI is the controller for account, billing, marketing and usage data.
  • For photos, listing text and other customer uploads we act as a processor on behalf of your organisation.

12  Children

The Service is not directed to children under 16. We do not knowingly collect their data. If you believe we have done so, email hello@barolo.ai and we will delete it promptly.

13  Changes to this policy

We may update this notice occasionally. We will:

  1. post the new version here, and
  2. for material changes, notify you by email or in‑app.

Continuing to use the Service after the effective date means you accept the updated policy.

14  Questions or complaints

Email: hello@barolo.ai

You may also complain to the Information Commissioner’s Office (ICO): www.ico.org.uk

By using the Service you acknowledge you have read and understood this Privacy Policy.