Claima.ai

Privacy Policy

Last updated: April 2026

1. Who we are

Claima.ai Ltd (“Claima”, “we”, “us”) is a UK company providing AI-powered grant discovery and application services. Contact: hello@claima.ai.

2. What data we collect

We collect and process the following personal and business data:

  • Account data: email address, name, password (hashed)
  • Company data: company name, registration number, SIC codes, registered address, director names — sourced from Companies House (public record)
  • Profile data: sector, employee count, annual revenue, company description, team members, R&D activities, track record, previous funding
  • Application data: drafted grant application sections, eligibility assessments, evidence items, compliance reports
  • Usage data: pages visited, features used, session duration (via PostHog analytics)

3. How we use your data

  • Matching your company profile to relevant UK grant schemes
  • Assessing eligibility against scheme criteria
  • Drafting grant application sections using AI
  • Generating compliance and expert review reports
  • Sending email notifications (grant alerts, deadline reminders, monthly digests)
  • Improving our matching algorithms and application quality

We do not sell your data. We do not use your data to train AI models. Your application drafts are yours.

4. Legal basis for processing

We process your data under the following legal bases (UK GDPR):

  • Contract: to provide the grant discovery and application services you signed up for
  • Legitimate interest: to improve our service, prevent fraud, and send relevant notifications
  • Consent: for optional email communications (you can unsubscribe anytime)

5. Data storage and security

  • Database: Supabase (PostgreSQL), EU region, encrypted at rest and in transit
  • Authentication: Supabase Auth with bcrypt-hashed passwords and JWT tokens
  • Hosting: Vercel (frontend, global CDN) and Railway (backend API, EU region)
  • Encryption: TLS 1.3 for all connections, AES-256 at rest

6. Third-party processors

We share data with the following processors, all under appropriate data processing agreements:

  • Anthropic (Claude API) — processes company profiles and scheme data to generate application drafts. Data is not used for model training.
  • Companies House — public company data lookup via their API
  • Supabase — database and authentication hosting
  • Vercel — frontend hosting
  • Railway — backend API hosting
  • Resend — transactional email delivery
  • PostHog — product analytics (anonymised usage data)
  • Sentry — error monitoring (no personal data)

7. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent for optional communications

To exercise any of these rights, email hello@claima.ai. We will respond within 30 days.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days. Anonymised usage data may be retained for analytics.

9. Cookies

We use minimal cookies:

  • Authentication cookies: required for login sessions (Supabase Auth)
  • Analytics cookies: PostHog (can be opted out)

We do not use advertising cookies or tracking pixels.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email. The latest version is always available at claima.ai/privacy.

11. Contact

For any privacy-related questions or requests:

Email: hello@claima.ai
Company: Claima.ai Ltd (UK)