Overview
Our Data Processing Agreement ensures compliance with global privacy laws including GDPR, CCPA, and other data protection regulations when Clarify processes personal data in connection with our services.
We currently only offer our DPA to paying customers on Growth or higher tier plans.
Who Needs a DPA?
A DPA is required if:
- You process personal data of EU/EEA, UK, or Swiss residents
- You're subject to GDPR, CCPA, or similar data protection laws
- Your organization requires documented data processing agreements with vendors
- You need to demonstrate compliance for regulatory audits
What's Included
Our DPA covers:
- Dual Processing Roles: Clarify can act as both a processor (handling data on your behalf) and controller (for certain business operations)
- Global Coverage: Compliance with GDPR, CCPA, UK GDPR, Swiss data protection laws, and other international regulations
- Standard Contractual Clauses: EU-approved SCCs for international data transfers, ensuring lawful transfer of personal data globally
- Data Subject Rights: Full support for individual rights requests including access, deletion, and rectification
- Security Commitments: Technical and organizational measures to protect personal data
- Audit Rights: Annual audit rights to verify our compliance with data protection obligations
- Breach Response: 48-hour notification commitment with comprehensive incident support
- Insurance Coverage: $1 million minimum cyber liability insurance coverage
Security Measures
We implement enterprise-grade security including:
- Documented security policies and procedures
- Background-checked and trained personnel
- Industry-standard intrusion detection and antimalware systems
- Access controls with privileged access management
- Continuous cloud-based data replication and backups
- Encryption for data at rest and in transit (TLS 1.2+)
- 24/7 Security Operations Center monitoring
- Physical security controls at data centers
Sub-processor Management
Transparent sub-processor management with:
- 30-day advance notice of any changes to sub-processors
- Published list at trust.clarify.ai/subprocessors
- Right to object to new sub-processors based on data protection concerns
- Written agreements ensuring equivalent data protection standards
International Data Transfers
Our DPA includes:
- EU Standard Contractual Clauses (Module One and Module Two)
- UK Addendum for UK GDPR compliance
- Swiss Addendum for Swiss data protection laws
- Automatic application of appropriate transfer mechanisms for other jurisdictions
Your Rights and Control
- Data Control: You maintain full control over processing instructions
Audit Rights: Annual audit rights with third-party auditor option - Transparency: Access to security certifications and compliance documentation
- Data Return: Clear procedures for data return or deletion upon termination
Support: Assistance with data protection impact assessments and regulatory compliance
Liability and Insurance
- Cyber Insurance: Minimum $1 million coverage including technology liability, privacy injury, and breach response
- Security Incident Coverage: Comprehensive liability framework for security incidents
- Mutual Obligations: Balanced responsibilities for both parties
Availability
Clarify's DPA is available for customers on the Growth plan or higher.
To obtain a signed DPA:
Ensure you are on the Growth plan or above
Contact your account manager or email sales@clarify.ai
Regional Compliance
Our DPA automatically adapts to your jurisdiction:
- EU/EEA: Full GDPR compliance with Spanish supervisory authority
- UK: UK GDPR compliance with UK Addendum
- Switzerland: Swiss Federal Act compliance with FDPIC oversight
- United States: CCPA and state privacy law compliance
- Other Regions: Automatic application of relevant transfer mechanisms
Questions?
For DPA questions: legal@clarify.ai
For security details: security@clarify.ai