At a Glance
Quick summary. Read the full policy below for the complete terms.
- What this is
- The current set of third-party vendors that may process Clarity user data on our behalf as sub-processors under GDPR Art. 28.
- Change-notice cadence
- We update this page when we add, remove, or substitute a sub-processor. To receive email notifications of changes, contact hello@useclarity.app.
- Companion documents
- Our Data Processing Addendum lives at /legal/dpa; our Privacy Policy at /legal/privacy.
1. Current Sub-processors
| Sub-processor | Purpose | Location | Data categories |
|---|---|---|---|
| Plaid, Inc. | Bank, brokerage, and liability data connectivity | United States | Tokenized account access, balances, transactions, holdings, employment data where authorized |
| SnapTrade | Brokerage and crypto-exchange account aggregation where Plaid is not used | United States / Canada | Clarity user ID, SnapTrade-issued user secret, connected institution authorization, account metadata, balances, and positions |
| Alchemy Insights, Inc. | Blockchain data, wallet balance + token indexing | United States | Public wallet addresses, on-chain transactions, token balances |
| Zerion | DeFi position and wallet transaction indexing | United States / EU | Public wallet addresses, token balances, DeFi protocol positions, decoded on-chain transactions |
| Helius | Solana wallet transaction and balance indexing | United States | Public Solana wallet addresses, token balances, and on-chain transactions |
| Blockstream | Bitcoin address and transaction lookup | United States / global infrastructure | Public Bitcoin addresses, balances, UTXOs, and transaction metadata |
| Infisical | Secrets management and KMS data-key wrapping for provider credential encryption | United States | Random credential envelope data keys, encrypted data keys, and secret metadata; provider-token plaintext is encrypted locally and is not sent to Infisical |
| Stripe, Inc. | Subscription billing and payment processing | United States | Payment-method tokens, billing email, plan, invoice history |
| Vercel Inc. | Application hosting, edge runtime, serverless | United States | All application data in transit; request logs |
| Neon, Inc. | Managed Postgres database | United States | All user and transaction data at rest |
| Cloudflare, Inc. | CDN, edge compute (Workers), object storage (R2), DDoS mitigation, and Turnstile anti-bot challenge verification | United States (with global edge presence) | Request metadata, static assets, edge-cached pages; visitor IP and challenge token for Turnstile bot verification on public forms |
| Upstash, Inc. | Managed Redis cache, rate-limiting, ephemeral coordination | United States | Short-lived session and rate-limit state; no permanent storage of user data |
| Resend, Inc. | Transactional and marketing email delivery | United States | Email address, name, message body for emails Clarity sends |
| Brandfetch | Brand and institution logo lookup | United States | Merchant/institution domain or name; end-user IP address (via image request) |
| PostHog, Inc. | Consent-gated product analytics for the authenticated app and marketing site | United States | Clarity user ID and page/event metadata in consented sessions. Does not receive account balances, transaction lists, holdings, or authenticated-app email addresses. |
| Google LLC | Google OAuth identity verification at sign-in; Google Search Console for marketing-page SEO; Google Analytics 4 for aggregate site analytics | United States | OAuth identity profile (name, email); page and event metadata for analytics. Does not receive financial account contents. |
| Vercel, Inc. (AI Gateway) | Unified routing layer over upstream LLM providers (Anthropic, OpenAI) with automatic failover and observability | United States | Ask Clarity prompts and tool results pass through the gateway en route to the upstream model. Vercel states the gateway layer deletes prompts and outputs after request completion; upstream provider retention is governed by the applicable Vercel, Anthropic, and OpenAI API/business terms and may still include limited abuse-monitoring retention unless a qualifying zero-retention setting is confirmed. |
| Anthropic, PBC | Primary LLM provider for Ask Clarity (Claude Haiku 4.5 / Sonnet 4.6) via the Vercel AI Gateway | United States | Ask Clarity prompts (containing per-request context the model needs to answer) and assistant outputs, plus a one-way pseudonymous user identifier for abuse prevention. No training on Clarity data under Anthropic's commercial terms; limited retention may apply for abuse monitoring. |
| OpenAI OpCo, LLC | Additional LLM provider for Ask Clarity, reached via the Vercel AI Gateway for fallback routing or other provider-enabled features | United States | User prompt, relevant financial context per query, and a one-way pseudonymous user identifier for abuse prevention. Not used to train OpenAI's general-purpose models under the OpenAI Business Terms; limited retention may apply for abuse monitoring. |
2. International Data Transfers
All sub-processors above are located in the United States. For EU/UK users, transfers are primarily to the United States, with certain providers also operating from Canada or the EU as listed above. For EU/UK users, transfers are executed under the European Commission Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA), supplemented by each vendor's technical and organizational measures (TOMs). Copies of the executed SCCs/IDTA for any sub-processor are available on request to hello@useclarity.app.
3. Change Process
We update this page when we add, remove, or substitute a sub-processor. Material changes (addition of a new sub-processor that receives identifiable customer data, or a change to the data categories sent to an existing sub-processor) are announced before they take effect. To subscribe to change notifications, emailhello@useclarity.appwith "Subprocessor notifications" in the subject line.
This list was last updated on the date shown below.
Questions about this policy? Contact the Clarity team.