OOpenClerk

Legal

Privacy Policy

Last reviewed: 2026-06-02

Pre-launch placeholder

This document is a structured placeholder. Pre-customer launch it will be replaced with a lawyer-reviewed version (Termly template + counsel pass). The substantive commitments below are accurate but the legal-grade language is not yet final.

OpenClerk (“we”, “us”) provides a SaaS platform that analyzes vendor contracts you upload. This policy explains what we collect, why, who has access, and how to exercise your rights.

Data we collect

Account data: name, email, workspace name, role. We sync this from Clerk (our auth provider) at signup and keep it in our Supabase database for as long as your subscription is active.

Customer content: the vendor contracts you upload (PDF, DOCX), our extractions, our analyses, and any notes or status you set on them. Customer content is stored encrypted at rest in Supabase Storage + Postgres.

Operational data: audit logs of state-changing actions (uploads, analyses, billing changes), AI call logs for cost accounting, and standard server logs (IP, user-agent, request path).

Billing data: Stripe stores your payment method and invoices. We store only the Stripe customer ID, subscription ID, and plan tier — no card details.

How we use it

  • To run the product: extracting structured data from your contracts, running our Analyst agent on them, and showing you the results.
  • To process payments (Stripe), send transactional emails (Resend), and run scheduled jobs (Inngest).
  • To operate the business: cost monitoring, troubleshooting via audit logs, and improving our prompts based on aggregate (not contract- specific) usage patterns.
  • We do not train or fine-tune any AI model on your contract content. We do not sell your data to anyone.

Subprocessors

We use a small set of vendors to run the product. The full list, what they process, and where they’re located is on the Subprocessors page. We’ll update it before any new subprocessor handles customer content.

Retention

  • Active subscription:customer content kept indefinitely while you’re a paying customer.
  • Soft-deleted documents: 30 days, then hard-deleted (file + metadata).
  • Canceled subscription: 90 days, then anonymized or deleted per your written request.
  • Audit logs: 18 months for compliance and incident response.

Your rights

You can request access, correction, or deletion of your personal data at any time. Email privacy@openclerk.app — we respond within 30 days.

Contact

Questions about this policy: privacy@openclerk.app