Privacy Policy

Clerked Ltd (“we”, “us”, “our”) is a UK-based legal technology platform designed to help legal professionals identify and instruct barristers more efficiently by providing visibility of availability and court attendance. We take privacy and data protection seriously and are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Clerked platform or website.

Data Controller:
Clerked Ltd
Company No:
16712967
Registered Office:
3rd Floor, 86–90 Paul Street, London, EC2A 4NE
ICO Registration No:
ZC040644
Privacy contact:
privacy@clerked.co.uk
General support:
support@clerked.co.uk

1. Scope of This Policy

This policy applies to:

Visitors to www.clerked.co.uk
Registered users of the Clerked platform, including:
1. Legal Professionals
2. Barristers (chambers-affiliated and independent)
3. Clerks (primary and standard)
Chambers as organisational entities

2. Personal Data We Collect

2.1 Identity and Contact Data

Name
Email address
Phone number
User role (legal professional, barrister, clerk)
Chambers affiliation (where applicable)

2.2 Professional Information (Barristers)

Area of law and specialism
Qualificaions and year called to the Bar
Professional biography
Notable cases (optional)
Court attendance check-ins (ClerkedLive

2.3 Account and Usage Data

Login credentials (hashed passwords — we do not store passwords in plain text)
Registration and verification timestamps
Profile completion status
Search activity and profile views (aggregated analytics only)
ClerkedLive check-in activity

2.4 Calendar Availability Data (Barristers only)

When a barrister consents to calendar sychronisation, we collect

Free/busy availability status
Calendar event titles (processed transiently — not stored)
Time blocks (morning / afternoon)
Court-related indicators (derived)

We do not collect or store

Full calendar event bodies or titles
Client names or matter references
Case details or confidential instructions
Meeting content or attendee information

Clerked does not under any circumstance retain or store calendar information past the point of processing. All data received from calendar synchronisation is immediately discarded once processed. Calendar synchronisation is optional and can be revoked at any time from your account settings or by contacting support@clerked.co.uk.

2.5 Payment Data

We collect subscription status and billing identifiers from our payment provider, Stripe. We do not store card details or full payment credentials. All payment processing is handled securely by Stripe. For further information see www.stripe.com.

3. How We Use Personal Data

We use personal data only for the purposes for which it was collected, including:

Registering and authenticating users
Providing role-specific platform functionality
Displaying barrister availability and ClerkedLive status
Enabling legal professionals to contact clerks via the platform
Facilitating Email Clerk enquiries via Brevo, our transactional email provider
Managing subscriptions and billing
Providing customer support
Maintaining platform security and integrity
Producing aggregated, anonymised usage analytics

We do not sell personal data to any third party.

4. Legal Bases for Processing

Under UK GDPR, we rely on the following lawful bases for processing personal data:

Purpose	Lawful Basis
Account creation and access	Contract (Article 6(1)(b))
Calendar synchronisation	Consent (Article 6(1)(a))
Billing and subscriptions	Contract (Article 6(1)(b))
Platform security and integrity	Legitimate interests (Article 6(1)(f))
Aggregated usage analytics	Legitimate interests (Article 6(1)(f))
Email Clerk enquiry facilitation	Contract (Article 6(1)(b))
Legal and compliance obligations	Legal obligation (Article 6(1)(c))

Our legitimate interests in processing data for platform security and analytics are: maintaining a safe, functional, and improving service for our users.

Where we rely on consent (calendar synchronisation), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Microsoft Outlook Calendar Integration

Barristers may choose to connect their Microsoft Outlook calendar via OAuth 2.0 to enable availability display on the platform.

Permissions requested are limited to: Calendars.Read and User.Read only. No other permissions are requested or granted
Access tokens and refresh tokens are stored securely and encrypted
Calendar data is used solely to determine and display availability
We do not use calendar data for marketing, profiling, or resale
You may disconnect calendar access at any time from your account settings or by contacting support@clerked.co.uk

Barristers may choose to connect their Microsoft Outlook calendar via OAuth 2.0 to enable availability display on the platform.

6. How We Share Data

We share personal data only where necessary and only with trusted third-party processors under contractual obligations consistent with UK GDPR:

Hosting provider — UK or EEA-based cloud infrastructure for platform hosting and data storage
Microsoft — for calendar synchronisation, with your consent, under a data processing agreement
Stripe — for subscription payment processing
Brevo — transactional email provider, used to deliver Email Clerk enquiries and platform notifications. Email logs are retained by Brevo in accordance with their data retention policy. For further information see www.brevo.com

We do not share personal data with third parties for marketing purposes.

7. International Data Transfers

Some of our third-party processors, including Stripe, Microsoft, and Brevo, are headquartered outside the UK and may process data in countries that have not been deemed to provide an adequate level of data protection by the UK ICO.

Standard Contractual Clauses (SCCs) approved by the ICO or the European Commission (as applicable)
Adequacy decisions where applicable
Supplementary technical and organisational measures where required

Further information is available on request by contacting privacy@clerked.co.uk.

8. Data Storage and Security

We take appropriate technical and organisational measures to protect your personal data, including:

Platform data hosted on UK or EEA-based infrastructure. Where third-party processors operate internationally, appropriate safeguards are in place as described in Section 7
Encryption in transit using TLS 1.2 or higher
Encryption at rest for personally identifiable information (AES-256 or equivalent)
Role-based access controls limiting data access to authorised personnel only
Secure storage and encryption of OAuth tokens
Regular access reviews and activity monitoring
Periodic security testing and vulnerability assessments

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

9. Data Retention

We retain personal data only for as long as necessary:

Active accounts — retained for the duration of the account
Cancelled or inactive accounts — soft-deleted and retained for 12 months following cancellation, then permanently deleted
Hard deletion on request — personal data permanently deleted within 30 days of a valid erasure request
Financial and billing records — retained for 7 years as required by HMRC and applicable law
Calendar data — deleted promptly upon disconnection of calendar access
Email Clerk logs — retained by Brevo in accordance with their data retention policy. Clerked does not independently retain email content

10. Your Rights

Under UK GDPR, you have the following rights:

Right of access — to obtain a copy of the personal data we hold about you
Right to rectification — to correct inaccurate or incomplete data
Right to erasure — to request deletion of your personal data
Right to restriction — to request that we limit processing in certain circumstances
Right to object — to object to processing based on legitimate interests
Right to data portability — to receive your data in a structured, machine-readable format
Right to withdraw consent — for calendar synchronisation, at any time
Right to lodge a complaint — with the ICO

To exercise any of these rights, contact privacy@clerked.co.uk. We will respond within one calendar month.

11. Automated Decision-Making

We do not make automated decisions about users that produce legal or similarly significant effects. Any recommendations made by the platform are informational only and do not constitute automated decision-making within the meaning of Article 22 UK GDPR.

12. Children

The Clerked platform is intended for use by legal professionals and is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18.

13. Cookies

We use essential cookies for authentication and session management. These are necessary for the platform to function and cannot be disabled. Non-essential analytics cookies may be introduced in future. Where this occurs, we will update this policy and provide a clear consent mechanism before any non-essential cookies are set.

14. How to Raise a Concern

If you have a concern about how we handle your personal data, we encourage you to contact us first so we can try to resolve it:

Email: privacy@clerked.co.uk
Post: Clerked Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE

We will acknowledge within five working days and provide a full response within one calendar month.

If you remain dissatisfied, you may lodge a complaint with the ICO: www.ico.org.uk | 0303 123 1113

15. Changes to This Policy

We may update this Privacy Policy as Clerked evolves. Where changes are material, we will notify users via the platform or by email. The current version is always available at www.clerked.co.uk.

16. Contact

Privacy queries: privacy@clerked.co.uk
General support: support@clerked.co.uk
Post: Clerked Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE

‌

‌
‌

‌

‌
‌

‌

‌
‌

‌

‌
‌
‌
‌
‌
‌
‌