Clarioso · Privacy & Data Processing
Data Processing & Security Overview
Last updated: [Month Year]
This page explains how Clarioso handles information submitted through the Services. Clarioso is designed as a governed contract risk intelligence layer (not a contract execution system) and prioritizes transparency, bounded processing, and customer control. This overview is written to be GDPR-aware while remaining practical for U.S.-first customers.
1. Roles (GDPR-aligned)
Where applicable data protection laws apply (including GDPR), Customers are generally the data controller for contract content they upload. Clarioso processes such content as a data processor on behalf of the Customer, solely to provide the Services.
2. What we process
- Customer Content you submit (e.g., contract text, clause excerpts, deal context).
- Derived analytics generated from Customer Content (e.g., risk flags, summaries, C-Score and related indicators).
- Account data (e.g., email, roles) and operational logs used to run the Services securely.
Please avoid uploading highly sensitive personal data. Customer is responsible for ensuring it has the right to submit Customer Content.
3. Why we process data (purpose limitation)
Clarioso processes Customer Content solely to provide the Services, including generating Outputs and Risk Signals, enabling portfolio visibility, and supporting customer-initiated workflows.
Clarioso does not sell Customer Content, use it for advertising, or use it to train shared or general-purpose AI models.
4. AI & model usage (bounded by design)
Where AI models are used to support analysis, Customer Content is processed in per-customer contexts. Clarioso does not mix Customer Content across customers for analysis and does not permit Customer Content to be used for independent model training.
Clarioso is designed as a governed analytical and decision-support system. It does not autonomously execute, commit, or propagate changes to Customer contracts. Any suggested language is produced in accordance with customer-defined playbooks and requires explicit user review and action outside the Services.
5. Security measures (TOMs)
- Encryption in transit and at rest (where supported by underlying infrastructure).
- Logical tenant isolation and role-based access controls.
- Least-privilege internal access with administrative logging.
- Secure credential management and operational monitoring.
- Incident response procedures for security events.
6. Data retention & deletion
Customer Content is retained only as long as necessary to provide the Services or as configured by the Customer. Customers may request deletion of Customer Content or account data.
If the Services include public Q&A content, questions may be anonymized and published to a public feed. You should remove names, contact details, and other direct identifiers before submitting.
7. Subprocessors
Clarioso uses a limited number of third-party providers for infrastructure and service delivery (e.g., hosting, databases, authentication, analytics, and AI model providers). These providers act as subprocessors solely to provide the Services and are subject to contractual safeguards.
A current list of subprocessors may be provided as an exhibit upon request or published separately.
8. International transfers
Where data is transferred internationally, Clarioso relies on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect customer data consistent with applicable law.
9. Requests and contact
For questions, deletion requests, or privacy inquiries, contact the site owner through the channels listed on the Clarioso site.