Legal & procurement
Data Processing Agreement (DPA)
A DPA is a contract that describes how a vendor processes personal data on behalf of a customer, including roles (controller vs. processor), subprocessors, security expectations, and cross-border transfers where applicable. It is a standard part of enterprise procurement—not a substitute for your own legal review.
Beta product posture
Clairist is in private beta. Templates, subprocessors, and security artifacts are evolving. A DPA is available on request for qualified customers when workflow and legal templates are ready—we do not auto-generate individualized legal agreements from this page, and nothing here is an executed contract.
How Clairist is positioned
For typical workspace use, your organization decides what AI systems, evidence, and disclosures to enter. Clairist operates the platform and processes that content to provide the service. In GDPR-style framing, Clairist commonly acts as a processor (or service provider) for customer-controlled workspace data, subject to the facts of your deployment and what you configure. Your counsel should confirm roles for your jurisdiction and use case.
Subprocessors and infrastructure
We publish a factual list of providers we use to operate the product. See the dedicated Subprocessors page for provider names, purposes, and links—not a certification or exhaustive control attestation.
Related documentation
- Privacy Policy — categories of data, purposes, retention at a high level, and privacy requests.
- Security overview — how we think about access control, encryption, and team scoping at a high level.
- Trust Center — methodology, procurement honesty, and public trust artifact context.
Request a DPA or security follow-up
For DPA requests, vendor security questionnaires, or procurement routing, use the procurement request form or email procurement@clairist.com. For security-specific reviews (subject to capacity and an appropriate engagement), use security@clairist.com. For privacy requests and data subject inquiries, use privacy@clairist.com. We are a small team in beta; response times depend on scope and queue.
SOC 2 Type II is not yet completed for Clairist. We do not claim GDPR certification, completed SOC 2, or guaranteed compliance outcomes. This page is informational only and is not legal advice.