Privacy Policy
1. Who We Are
ClientCheck is operated by Altieri Firm LLC (a GSI Firm), an AML compliance screening platform based in Dubai, UAE. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our platform and services.
This policy applies to account holders, Authorised Users, website visitors, and individuals whose information is submitted to the platform for screening or due diligence purposes.
2. Data We Collect
Account and contact data: name, business email address, phone number, company name, job title, role, and billing contact information when you create an account or contact us.
Usage and device data: IP address, device identifiers, browser type, operating system, access times, pages visited, search history, report exports, API usage, login events, certification confirmations, and other activity logs.
Customer Data: names, aliases, dates of birth, nationalities, identification numbers, entity names, registration numbers, beneficial ownership information, case notes, and other information you submit about individuals or entities you screen. This data is used exclusively to perform the screening service you have requested.
Screening and results data: sanctions matches, PEP indicators, adverse media findings, law enforcement records, corporate registry information, and other risk signals returned by our screening databases in response to your queries.
Support and communications data: emails, support tickets, feedback, and any other correspondence you send us.
Payment and commercial data: subscription plan, billing cycle, transaction records, and invoice history. Card details are processed directly by Stripe — we do not store card numbers or full payment credentials.
Compliance and security data: lawful-use certifications, acceptance timestamps, IP addresses at acceptance, audit logs, security incident records, and regulatory correspondence.
Inferred data: match indicators, risk categories, confidence scores, entity resolution mappings, and workflow metadata generated by the platform.
3. Sources of Personal Data
We collect personal data from:
- You and your Authorised Users, directly through the platform
- Public records, government publications, and official websites
- Sanctions authorities, regulatory bodies, courts, enforcement agencies, and corporate registries
- Commercial data providers, media providers, risk intelligence providers, and data licensors
- Analytics tools, security technologies, and server logs
- Legal, regulatory, and compliance sources
4. How We Use Your Data
We use your data to:
- Provide, operate, maintain, and secure the ClientCheck platform
- Perform screenings and return results on your behalf
- Create accounts, authenticate users, and manage subscriptions
- Process payments and manage billing
- Send service-related communications, including screening notifications, team invites, account alerts, and billing notices
- Detect, prevent, and investigate fraud, misuse, security incidents, and prohibited uses
- Maintain electronic acceptance records, certification logs, and audit trails as required by law
- Improve platform performance, matching accuracy, source coverage, and reliability using aggregated or anonymised information
- Comply with our legal obligations under UAE Federal Decree-Law No. 10 of 2025, UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, and other applicable laws
- Enforce these Terms and protect our rights, property, and the safety of our users
We do not sell your personal data. We do not use screening results for any purpose other than providing the service you requested.
5. Marketing Communications
We may send you product updates, compliance resources, and other business-to-business communications relevant to your use of ClientCheck. You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at legal@clientcheck.ai. Opting out does not affect service-related communications.
6. Data Resources
ClientCheck screens your clients against the following international databases and watchlists:
- Interpol
- OFAC SDN
- UN Security Council
- Dow Jones Watchlist
- HM Treasury • OFSI
- Diligencia
- CourtListener
- DIFC
- GDELT 2.0
- OCCRP Aleph
- ADGM
- SAM.gov
- DFAT
- ICIJ Offshore Leaks
- Acuris
These sources are searched simultaneously for every individual screening. Results are stored permanently in your audit log.
7. Service Providers
We rely on the following service providers to deliver the platform. Each is bound by data processing agreements that restrict the use of your data to performing the services we have engaged them for:
- ComplyAdvantage — primary AML screening provider
- Themis — fallback AML screening provider
- Supabase — database and authentication infrastructure (hosted on AWS)
- Vercel — application hosting and edge delivery
- Stripe — payment processing
- Resend — transactional email delivery
8. Legal Basis for Processing
We process personal data on the following legal bases:
- Contract performance — to provide the screening services you have subscribed to and to fulfil our obligations to you
- Legal obligation — to comply with UAE AML, data protection, sanctions, and regulatory requirements
- Legitimate interests — to operate, secure, and improve the platform, prevent fraud and misuse, maintain records, and support compliance workflows, where these interests are not overridden by your rights
- Consent — where required by law, such as for certain marketing communications
- Your documented instructions — where we act as a data processor on your behalf
9. Automated Processing
The platform uses automated matching and entity resolution logic to compare submitted names and identifiers against database entries. These automated processes generate risk indicators and match candidates for your review. They do not make final decisions — all results are presented to you for human review before any action is taken.
We do not use automated processing to make Regulated Decisions as defined in our Terms & Conditions without human involvement.
10. International Transfers
Your data may be processed in the United Arab Emirates, the United States (AWS infrastructure), Ireland (Supabase EU region), and other jurisdictions where our service providers operate.
Where required by applicable law, we use appropriate transfer safeguards, which may include standard contractual clauses, data processing agreements, and contractual protections. You are responsible for ensuring that your submission of personal data to the platform complies with the data transfer laws applicable to your jurisdiction.
11. Data Retention
We retain data for the following periods:
- Screening records and audit logs: minimum 7 years, in accordance with UAE AML statutory recordkeeping requirements
- Account data: for the duration of your subscription and for a reasonable period after termination to comply with legal and contractual obligations
- Payment records: as required by UAE commercial and tax law
- Security and access logs: up to 12 months, or longer where required for incident investigation or legal proceedings
- Support communications: up to 3 years after your last interaction
You can export your full screening history at any time from the Settings page. After account termination, records remain available for export for 30 days.
12. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and, where required by applicable law, notify the relevant supervisory authority. Notifications will include a description of the nature of the breach, the categories of data affected, likely consequences, and measures taken or proposed to address it.
If you become aware of any security concern relating to your account, notify us immediately at legal@clientcheck.ai.
13. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your data, subject to our legal retention obligations
- Restrict processing in certain circumstances
- Object to processing based on legitimate interests
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent where processing is based on your consent
- Complain to a supervisory authority in your jurisdiction
To exercise any of these rights, contact us at legal@clientcheck.ai. We may need to verify your identity and authority before responding. We will respond within 30 days where required by law.
Note that some rights are limited or do not apply where retention or processing is required for AML compliance, legal claims, audit purposes, or regulatory obligations. Where we process personal data as a processor on your behalf (for example, screening data you submit), we may direct data subject requests to you as the data controller.
14. Accuracy and Disputes
Because screening outputs derive partly from third-party and public sources, we do not always control the original source of all data. If you or an individual believe that information in a screening result is inaccurate, incomplete, or incorrectly matched, contact us at legal@clientcheck.ai with sufficient information to identify the record and explain the concern.
We will review the matter and may annotate, suppress, correct, or refer the dispute to the relevant data source as appropriate. You remain responsible for making your own decisions about how to use any output and for providing legally required notices to affected individuals.
15. Cookies and Similar Technologies
We use cookies and similar technologies for:
- Authentication and session management — to keep you logged in securely
- Security and fraud prevention — to detect and prevent unauthorised access
- Analytics and performance — to understand how the platform is used and improve it
- Preferences — to remember your settings
You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality, including the ability to stay logged in.
16. Security
We use the following measures to protect your data:
- Encryption in transit (TLS) and at rest
- Role-based access controls and authentication
- Audit logging of all data access and changes
- Regular security monitoring and vulnerability management
- Data processing agreements with all service providers
No system is completely secure. If you become aware of any security concern relating to the platform, notify us immediately at legal@clientcheck.ai.
17. Children
The platform is intended for professional and business use only. We do not knowingly collect personal data from anyone under 18. You must not submit the personal data of children to the platform unless expressly authorised and legally justified.
18. California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California rights, contact us at legal@clientcheck.ai.
19. Data Processing Addendum
If you require a formal Data Processing Addendum (DPA) for your compliance program or contractual requirements, contact us at legal@clientcheck.ai. A DPA sets out our obligations as a data processor with respect to personal data you submit to the platform.
20. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before the changes take effect. The effective date at the top of this page reflects the date of the latest update. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.
21. Contact
For privacy questions, data subject requests, breach reports, or legal notices:
Email: legal@clientcheck.ai
Post: Altieri Firm LLC (a GSI Firm), EDB Building, 7th Floor, Dubai, UAE
We aim to respond to all privacy enquiries within 5 business days.