1. Data Controller
Clout First Technologies FZCO (“Clout”, “we”, “us”, or “our”), a company incorporated in the Emirate of Dubai, United Arab Emirates, is the Data Controller responsible for Personal Data processed through the Clout Index platform (cloutindex.com) and the corporate website (clout-first.com). For the purposes of this Policy, “Personal Data” has the meaning given under Article 1 of the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”).
Where a Subscribing Organisation determines the purposes and means of processing its Participants’ Personal Data, it acts as an independent Data Controller and Clout acts as a Data Processor on its behalf, governed by the subscription agreement and, where applicable, a Data Processing Agreement. Terms not defined in this Policy have the meanings given to them in the Terms and Conditions.
2. Scope
This Privacy Policy applies to all Personal Data processed by Clout in connection with the Platform and the Website. It applies to website visitors, Participants and Program Administrators of Clout Index platform. This Policy does not govern the data practices of Subscribing Organisations. Participants with questions about how their organisation uses their data should contact their organisation directly.
3. Personal Data We Collect
3.1 Data Provided by You or Your Organisation
Category
Data Points
Identity
First name, last name, profile photograph (optional).
Contact
Email address, mobile telephone number.
Assessment
Responses to assessment and growth tools.
3.2 Derived Insights
Based on inputs, the Platform generates insights and composite indexes. These are generated solely using deterministic psychometric scoring methodologies (see Section below). No external data sources are used.
3.3 Technical Data
We automatically collect: IP address, browser type and version, device type, operating system, pages visited, session duration, and referring URL, through standard server logs and cookies.
4. Purposes of Processing and Legal Basis
We process Personal Data only for the following purposes, each linked to a legal basis under the PDPL:
Service Delivery (Contractual Necessity; Consent): Administering assessments, generating reports, managing accounts and programme assignments.
Communication (Contractual Necessity): Sending invitation emails, assessment notifications, and service-related messages.
Development Tracking (Contractual Necessity; Consent): Tracking progress through the Growth module.
Platform Security (Legitimate Interest): Monitoring for unauthorised access and maintaining system integrity.
Improvement & Research (Legitimate Interest): Improving assessment methodologies using anonymised, aggregated data.
Website Analytics (Consent): Understanding website usage to improve content and navigation.
Enquiry Handling (Legitimate Interest): Responding to demo requests, support queries, and contact form submissions.
Legal Compliance (Legal Obligation): Complying with applicable laws, regulations, or lawful government requests.
We do not process Personal Data for any purpose incompatible with those stated above.
5. Consent
Where processing is based on consent, Participants provide explicit consent through the Data Consent mechanism during account setup, authorising Clout to collect, process, and store Personal Data and Assessment Data for the purposes stated in this Policy. Consent may be withdrawn at any time by contacting Clout at [email protected]. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. Anonymized data will still be retained to improve frameworks used by Clout Index.
6. Assessment Methodology and Automated Processing
6.1 Deterministic Psychometric Scoring
Clout Index uses psychometric instruments grounded in established behavioural science research. The scoring system is deterministic:
Every score is calculated using fixed, predefined formulas. Identical responses always produce identical results.
Scores map to defined bands without any bias.
Composite indexes use documented preset trait weights visible to administrators.
The Platform does not employ machine learning, neural networks, large language models, generative AI, or any probabilistic artificial intelligence in generating scores, classifying individuals, or producing recommendations.
No facial analysis, emotion recognition, voice analysis, biometric categorisation, or social scoring is used.
6.2 Decision-Support, Not Decision-Making
The Platform is a decision-support tool. It does not make employment, hiring, promotion, termination, or other consequential decisions. All reports carry disclaimers. Before any analysis, administrators must accept conditions confirming the report shall not be the sole basis for an employment decision. This acceptance is auditably recorded.
6.3 EU Artificial Intelligence Act
The EU AI Act (Regulation (EU) 2024/1689) classifies AI systems used in employment decisions as high-risk. Because our scoring engine uses fixed deterministic rules rather than inference techniques, the Platform may not constitute an “AI system” under Article 3(1). Regardless, Clout does not engage in any practice prohibited under Article 5 (emotion recognition, biometric categorisation, social scoring, subliminal manipulation) and voluntarily maintains documentation and human oversight consistent with the Act’s high-risk requirements. This is Clout’s good-faith assessment; Subscribing Organisations should conduct their own assessment.
6.4 US Automated Employment Decision Tool Laws
US jurisdictions including New York City, Illinois, Colorado, and California have enacted AEDT legislation. Clout does not use machine learning or statistical modelling to assist or replace discretionary decisions. Scoring is transparent and reproducible. No ZIP codes or geographic proxies are used. Subscribing Organisations are responsible for local disclosure obligations.
6.5 Nova AI Assistant
Nova is a contextual help tool that answers questions from the knowledge base. It does not generate, influence, or modify any scores, reports, or participant data.
7. Disclosure of Personal Data
Clout does not sell, rent, or trade Personal Data. Disclosure occurs only as follows:
Subscribing Organisation: Administrators access results via role-based controls.
Service Providers: Hosting, email, infrastructure providers under written data processing agreements.
Anonymised Data: Aggregated insights that cannot identify individuals.
Legal Disclosure: Where required by law, regulation, or court order.
8. Anonymity Protections
Pulse Surveys: Completely anonymous. Administrators see only aggregated results.
360 Feedback: Rater identities are hidden. Recipients see feedback content only.
These protections are system-enforced and cannot be overridden by any user role.
9. Data Retention
Assessment data is retained for the subscription duration.
Deleted participants have all personal data permanently and irreversibly removed.
Anonymised response data may be retained indefinitely for research.
Data may be retained longer where required by law or for legal claims.
10. Data Security
Measures include: encryption in transit (TLS/SSL) and at rest; multi-factor authentication; role-based access controls; secure cloud hosting with continuous monitoring; enforced password complexity; auditable logging of administrative actions.
No transmission or storage method is completely secure. Clout does not warrant absolute security. Users must protect their credentials and report suspected incidents promptly.
11. Cookies
Strictly Necessary: Required for operation. Cannot be disabled.
Analytics: Anonymised usage data. Placed only with consent.
We do not use cookies for advertising or behavioural tracking.
12. International Data Transfers
Clout is headquartered in the UAE. Where data is transferred outside the UAE, safeguards are in place per Article 22 of the PDPL. For EU/EEA individuals, transfers comply with GDPR Chapter V, including standard contractual clauses where applicable.
13. Your Rights
Under the PDPL, you have rights to: access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent. Contact us to exercise these rights. We respond within 30 calendar days, extendable by 30 days for complex requests. You may lodge complaints with the UAE Data Office.
EU/EEA users may also lodge complaints with their local supervisory authority. California residents have CCPA/CPRA rights including the right to know, delete, and opt out of sale (Clout does not sell Personal Data).
14. Contact
For all privacy enquiries: [email protected]
15. Changes
Clout may amend this Policy at any time. Material changes are reflected in the Last Updated date. Where required by law, affected individuals are notified. Continued use after changes constitutes acceptance, except where affirmative consent is required.
© 2026 Clout First Technologies. All rights reserved.