Plain-language summary
- This notice sits alongside our main Privacy Policy. It explains the extra rights you may have because of where you live.
- We aim for a multi-jurisdictional baseline— one consistent set of rights for everyone — and then add region-specific rights on top.
- We do not sellyour personal data, and we do not “share” it for cross-context behavioural advertising.
- You can ask to see, correct, or delete your data, and you can object to or withdraw consent for some uses. The right way to ask is the privacy request form.
- We try to reply to people in the EEA and UK within about 30 days, and to California requests within 45 days.
- Our operator is based in Canada, so Canadian privacy law — federal PIPEDA and Alberta’s PIPA — is our home regime.
- You can reach us by email only; we do not offer telephone support. Some details, like our lead regulator and any EU or UK representative, are confirmed on formal launch.
- This is a draft and is not legal advice. It is being reviewed by qualified counsel.
1. Who this notice is for
This notice is for everyone, but parts of it apply only to people in certain regions. It adds detail to the main Privacy Policy, which covers what data we collect, why, and how long we keep it. If anything here seems to conflict with the Privacy Policy, read the two together; the more protective reading for you is the one we intend.
Clap Ideas is an AI-powered global idea democracy and future-technology lab, run as a public-benefit project rather than a commercial social network. Because our users are global, we try to offer a single, strong baseline of privacy rights and then layer regional rights on top.
The platform is operated by CLAPPE Inc., based in Alberta, Canada. As a result, Canadian privacy law — the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta’s Personal Information Protection Act (PIPA) — is our home regime, and our default governing law is the Province of Alberta and the federal laws of Canada that apply there. Our lead supervisory authority, our Data Protection Officer (where one is required), and any representative in the EU or UK are confirmed on formal launch, subject to final confirmation by qualified counsel. Until then, treat this notice as a working draft.
2. Baseline rights for everyone
No matter where you live, we try to give you these core rights, subject to local law and to limits that protect other people and the public record:
- Find out what personal data we hold about you and how we use it.
- Get a copy of the personal data you gave us.
- Correct data that is wrong or out of date.
- Delete your account and personal data, within the limits explained in the Privacy Policy.
- Object to or withdraw consent for some uses, such as optional emails.
One important limit applies to everyone: ideas and comments you publish are part of a public record. When you delete your account, we may anonymise your published contributions rather than erase them, so that public discussions and attribution history stay intact. The Privacy Policy explains this in full.
3. European Economic Area and United Kingdom (GDPR and UK GDPR)
If you are in the EEA or the UK, the General Data Protection Regulation (GDPR) or the UK GDPR gives you these rights. We honour them under those laws.
3.1 Your rights
- Access— ask for a copy of your personal data and information about how we use it.
- Rectification— ask us to correct data that is wrong or incomplete.
- Erasure(the “right to be forgotten”) — ask us to delete your data, subject to limits for public records and legal duties.
- Restriction— ask us to pause certain processing while a dispute is sorted out.
- Portability— receive the data you gave us in a structured, commonly used, machine-readable format, and ask us to send it elsewhere where this is technically possible.
- Objection— object to processing we base on legitimate interests, and object at any time to direct marketing.
- Withdraw consent— where we rely on consent, withdraw it at any time. This does not affect processing we did before you withdrew.
- Rights around automated decisions— where a solely automated decision has a legal or similarly significant effect on you, you can ask for human review. Our AI may classify, score, and flag content; meaningful decisions about your account include a human-review pathway. See the Privacy Policy and our AI Transparency Policy.
- Complain to a supervisory authority— you can lodge a complaint with the data protection regulator in your country, even if you contact us first.
3.2 Legal bases we rely on
We process your data on these legal bases, depending on the purpose. The Privacy Policy maps each purpose to its basis.
| Legal basis | When we use it |
|---|---|
| Performance of a contract | Running your account and the core platform, and processing donations. |
| Legitimate interests | Keeping the platform safe, preventing abuse, improving features, and core AI analysis. We weigh these against your rights. |
| Legal obligation | Responding to lawful requests and keeping records the law requires. |
| Consent | Optional things, such as marketing emails or non-essential cookies. |
3.3 International transfers
We may process data in countries outside the EEA or the UK. Where we do, we rely on lawful transfer tools, such as the European Commission’s Standard Contractual Clauses and the UK’s International Data Transfer Addendum, together with extra safeguards where needed. The exact tools, and any adequacy reliance, are confirmed on formal launch. Our Data Processing Addendum describes the baseline approach.
3.4 Representative and response time
Where the law requires one, we will name an EU and/or UK representative and our lead supervisory authority on formal launch. We aim to answer rights requests within about 30 days. For complex requests, the law lets us extend this; if we need more time, we will tell you why.
4. California (CCPA and CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you these rights.
- Right to know— the categories and specific pieces of personal information we collect, the sources, the purposes, and the categories of third parties we disclose it to.
- Right to delete— ask us to delete personal information we collected from you, subject to legal exceptions.
- Right to correct— ask us to fix inaccurate personal information.
- Right to opt out of sale or sharing — we do not sell your personal information, and we do not share it for cross-context behavioural advertising. Because we do not do either, there is nothing here to opt out of, but you can still tell us your preference.
- Right to limit use of sensitive personal information— we do not use sensitive personal information to infer characteristics about you. We use the limited sensitive data we hold (such as login credentials) only to run and secure your account.
- Right to non-discrimination— we will not deny you service, charge you a different price, or give you a lower quality of service because you used a privacy right.
You can use an authorised agent to make a request for you. We may ask the agent for proof that you gave them permission, and we may ask you to confirm the request directly. We aim to respond to California requests within 45 days and may extend by a further 45 days when reasonably necessary, with notice to you.
We do not use personal information to make decisions that produce legal or similarly significant effects without a route to human review. The categories of personal information we collect, and the retention periods, are listed in the Privacy Policy.
5. Canada (PIPEDA and Alberta PIPA) — our home regime
Our operator, CLAPPE Inc., is based in Alberta, Canada, so Canadian privacy law is our home regime. If you are in Canada, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and, in Alberta, the Personal Information Protection Act (PIPA) give you these rights:
- Access— ask whether we hold personal information about you and request a copy, along with information about how it is used and disclosed.
- Correction— ask us to correct information that is inaccurate or incomplete.
- Withdraw consent— withdraw consent for uses that rely on it, on reasonable notice, subject to legal or contractual limits we will explain.
If you are not satisfied with how we handle a request, you can raise concerns with the Office of the Privacy Commissioner of Canada and, for Alberta matters, the Office of the Information and Privacy Commissioner of Alberta. We try to answer Canadian access requests promptly and within the timelines the law sets, and we respond by email only.
6. Other regions — a high-level baseline
Many other countries have privacy laws that grant similar rights, such as access, correction, deletion, and the ability to object to or withdraw consent for some uses. We aim to respect these rights at our baseline, in line with local law. Examples include:
| Region | Law | Rights we aim to support |
|---|---|---|
| Brazil | General Data Protection Law (LGPD) | Confirmation and access, correction, deletion or anonymisation, portability, and information about sharing. |
| Australia | Privacy Act and Australian Privacy Principles | Access and correction, and a way to complain about how we handle your data. |
| India | Digital Personal Data Protection Act (DPDP) | Access, correction and completion, erasure, and a grievance route, as the law is brought into force. |
| South Africa | Protection of Personal Information Act (POPIA) | Access, correction, deletion, and objection, plus a route to the regulator. |
This table is a general guide, not a full statement of each law. The exact rights, and how we meet them, depend on the final version of each law and on counsel review. If your country is not listed, you can still ask us to help, and we will do what local law requires.
7. How to make a request
The best way to make a privacy request is our privacy request form. It records your request and routes it to the right team. You can also email privacy@clapideas.com. We handle privacy requests by email only; we do not offer telephone support.
- Open the privacy request form and choose the type of request.
- Tell us the right you want to use and any details that help us find your data.
- We confirm we received your request.
- We verify your identity (see below) and then act on your request.
- We reply within the timelines set out above for your region.
There is normally no fee. If a request is clearly unfounded or excessive, the law may let us charge a reasonable fee or decline; we will explain if that happens.
8. Verifying your identity
To protect your data, we need to be reasonably sure a request really comes from you. How we verify depends on the request and the risk:
- For most requests, we confirm that you control the email address on the account, for example by sending a request through your signed-in session or to your registered email.
- For sensitive or high-risk requests, we may ask for extra confirmation that matches information we already hold.
- We will not ask for more sensitive data than we need, and we do not create new accounts or profiles just to verify you.
If you use an authorised agent, we may ask for proof of their authority and may still ask you to confirm the request directly.
9. Appeals and complaints
If we decline a request, we will explain why and tell you how to challenge that decision.
- Appeal to us— you can ask us to review the decision. Where a law (for example, some United States state laws) gives you a formal appeal right, we will follow that process and its timelines.
- Regulator— in the EEA or UK, you can complain to your supervisory authority. In Canada, you can contact the Office of the Privacy Commissioner of Canada and, in Alberta, the Office of the Information and Privacy Commissioner of Alberta. Other regions have their own regulators.
10. Related policies & contact
Read this notice with our Privacy Policy, our Cookie Policy, and our Data Processing Addendum. For privacy questions or to make a request, use the privacy request form or email privacy@clapideas.com.
Change history is tracked by document version; see the Legal Centre.