Legal
Privacy Policy
“Data clarity, mutual trust.”
Last updated: November 24, 2025
1. Who We Are
Clarivant S.C. (“Clarivant”, “we”, “us”) is a boutique AI and data analytics consultancy based in:
Monterrey, Nuevo León, Mexico
We design advanced analytics, AI engineering, and strategic intelligence solutions for clients across North America and beyond.
You can contact our Privacy Officer at: hello@clarivant.ai
2. What This Policy Covers
This Privacy Policy is our Integral Privacy Notice, crafted to comply with:
- LFPDPPP (Mexico, 2025 reform)
- CPRA/CCPA (California, USA)
- GDPR “light” compliance (because EU users may visit the site)
It explains how we collect, use, store, and protect your data when you interact with:
- our website
- our contact forms
- our analytics tools
- our AI-powered services
This policy applies to website visitors and prospective clients. Client-specific data processing for consulting engagements is governed by your MSA/SOW.
3. The Data We Collect
We collect only what is necessary — nothing more.
A. Identity Data
Name, company, job title.
Why: Respond to inquiries, prepare proposals. Legal basis: Contract / Legitimate Interest.
B. Contact Data
Email, phone (if submitted).
Why: Communication and follow-up. Legal basis: Consent.
C. Technical Data
Collected automatically through our Cloudflare-hosted static site:
- IP address (transient)
- Browser type
- Device information
- Timezone
Why: Security (Cloudflare Turnstile), performance, load balancing. Legal basis: Legitimate Interest (Security & Functionality).
D. Analytics Data (GA4)
Only with your consent via the cookie banner:
- Page views
- Navigation behavior
- Interactions (anonymized unless you consent)
Legal basis: Consent.
We use Google Consent Mode V2, which signals: ad_storage, analytics_storage, ad_user_data, ad_personalization. When you deny consent, GA4 sends cookieless pings only — no identifiers.
E. Project Data (Clients Only)
Datasets you provide for consulting services.
Legal basis: Contract.
We NEVER use your data to train our own foundational models.
F. Sensitive Data
We do not collect sensitive data via the website. If a consulting project requires it, we will request explicit written consent.
4. How We Use Your Data
We use your data to:
- Provide and improve our website
- Secure the platform
- Respond to contact requests
- Learn which content is useful
- Maintain client relationships
- Improve our products and services
We do not sell your personal information.
Under CPRA, “sharing” for advertising purposes is also restricted. We honor:
- Global Privacy Control (GPC) signals
- Cookie preferences
- “Do Not Share” requests
5. How We Store & Transfer Data
Due to our infrastructure, your data may pass through or be processed in:
- Mexico
- United States
- Cloudflare global network regions
We rely on:
- Standard Contractual Clauses (SCCs)
- Cloudflare and Google’s data protection agreements
- Official compliance frameworks
6. Your Rights
Mexico (LFPDPPP 2025) — ARCO Rights
You may Access, Rectify, Cancel, or Oppose. You also have the right to oppose automated decision-making.
California (CPRA/CCPA)
You may:
- Know what personal information we collect
- Request deletion
- Correct inaccurate information
- Opt-out of “sharing” for ads (we honor GPC automatically)
- Limit use of sensitive information (not applicable here)
EU (GDPR-lite)
You may request access, correct, delete, object, or request portability. We apply GDPR principles even though we are not based in the EU.
How to exercise your rights: Email us at hello@clarivant.ai.
Response times: Mexico — within 20 business days. California/EU — within 45 days.
7. Security Measures
We implement:
- Encryption (TLS 1.3)
- MFA for internal systems
- Vendor risk assessments
- Network protections (Cloudflare)
- Secure development practices
If a breach occurs, we will notify affected users promptly and follow legal timelines.
8. Third-Party Services
We use:
- Cloudflare (security, CDN, Turnstile anti-bot)
- Google Analytics 4 (analytics, consent mode)
- Cloudflare Pages (static hosting and routing)
These vendors act as data processors and must follow our instructions.
9. Updates to This Notice
We may update this policy due to changes in law, updates in our technology, or new features. We will notify you of significant changes.
10. Authority Contacts
If you are not satisfied with our response, you may contact:
- Mexico: Ministry of Anti-Corruption and Good Governance
- California: California Privacy Protection Agency
- EU: Your local Data Protection Authority