ClearDocs AI

Data Processing Agreement (DPA)

Data processing roles, responsibilities, and deletion timelines for ClearDocs AI service.

Last updated: September 30, 2025

Introduction

This Data Processing Agreement (DPA) defines the roles and responsibilities between ClearDocs AI and our users regarding the processing of personal data in accordance with applicable data protection laws.

Roles and Responsibilities

Data Controller

You (the User)

As the data controller, you determine:

  • • What personal data to upload
  • • The purposes of processing
  • • How long data should be retained
  • • Who has access to the data

Your responsibilities: Ensure you have legal basis for processing, respect data subject rights, and comply with applicable data protection laws.

Data Processor

ClearDocs AI

As the data processor, we:

  • • Process data only as instructed
  • • Implement appropriate security measures
  • • Assist with data subject rights
  • • Maintain processing records

Our responsibilities: Process data securely, maintain confidentiality, and assist you in meeting your obligations as controller.

Processing Activities

Document Analysis Processing

Data Types

  • • Contract documents (temporary)
  • • Analysis results (stored)
  • • User account information
  • • Usage metadata

Processing Purposes

  • • AI-powered contract analysis
  • • Service delivery and improvement
  • • Account management
  • • Customer support

Data Deletion Timelines

Immediate Deletion

Original document filesWithin minutes

Uploaded documents are automatically deleted immediately after AI analysis is complete.

User-Controlled Deletion

Analysis resultsUser controlled

Analysis results remain in your account until you delete them or close your account.

Account Closure

All account dataWithin 30 days

Upon account closure, all personal data is permanently deleted within 30 days, except as required by law.

Security Measures

Technical Measures

  • • Secure data transmission (HTTPS/TLS)
  • • Data encryption at rest
  • • Access controls and authentication
  • • Regular security monitoring

Organizational Measures

  • • Staff confidentiality obligations
  • • Limited access to personal data
  • • Regular security training
  • • Incident response procedures

Subprocessors

We use the following subprocessors to provide our service. All subprocessors are bound by appropriate data protection agreements:

Service Subprocessors

  • OpenAI: AI analysis processing
  • Supabase: Database and authentication
  • Stripe: Payment processing
  • Vercel: Application hosting

Data Processing

  • • OpenAI processes documents temporarily for analysis
  • • Supabase stores account and analysis data
  • • Stripe processes payment information only
  • • Vercel provides hosting infrastructure

Data Subject Rights

How We Assist

As your data processor, we will assist you in responding to data subject rights requests, including access, rectification, erasure, and portability requests.

Response Timeline

We will respond to your requests for assistance with data subject rights within 30 days of receiving your instruction.

Data Breach Notification

Breach Response

In the event of a data breach affecting your personal data, we will notify you without undue delay and in any case within 72 hours of becoming aware of the breach. We will provide you with all relevant information to help you meet your notification obligations to supervisory authorities and data subjects.

Contact Information

For questions about this DPA or data processing activities, contact us:

Data Protection: privacy@cleardocs.ai

General Support: Contact Form