Clarify Agentic Workbench
Trust Center

How we earn the right to hold your engagement data.

Our customers trust us with sensitive commitment, SOW, and counterparty data. This page is how we show our work: honest about what's certified today versus what's in motion.

Our commitments to you

  • Source documents are not retained in raw form by default.
    We process uploads in memory, extract the structured Promises and Receipts, and discard the source bytes unless you explicitly attach them to an engagement.
  • No training on your data, ever.
    Our LLM providers run under zero-retention, no-training agreements. Your engagement contents are not used to train any model and are not retained beyond the immediate request.
  • Your data is yours.
    One-click export of every Promise, Receipt, Decision, Risk, and audit-log entry. JSON and CSV. No data-hostage games.
  • Soft delete with 30-day recovery.
    When you delete an engagement, it's recoverable for 30 days. After that it's gone for good.
  • Honest status reporting.
    When something breaks, we say so. Postmortems for any production incident over a defined severity threshold are published.

Security posture

We're a young company. We're upfront about what's certified today versus what's in motion. The list below is honest about both.

SOC 2 Type I
Vanta program initiated. Type I audit targeted within six months of paid launch; Type II within 18 months.
In motion
GDPR / CCPA
Article 28 controller-processor DPA template signable on request. CCPA disclosures live.
Available
Penetration test
Annual third-party penetration test scheduled. Summary will be published here.
Scheduled
SSO (SAML / OIDC)
Required for team contracts. Targeted via WorkOS in the 60-to-90-day post-launch window.
On roadmap
SCIM provisioning
User lifecycle sync from Okta and Azure AD. Lands alongside SSO.
On roadmap
Cyber liability insurance
$1M minimum coverage being placed before first paid team contract.
In motion
Bug bounty
Public program targeted within twelve months of launch.
On roadmap

Sub-processors

The vendors that touch your data when you use Clarify. We notify customers via the address on file when this list changes.

VendorPurposeData typeRegion
RenderApplication hosting + Postgres databaseAll customer dataUS East (Ohio)
LLM providerSpecialist actions (drafting, extraction, summarization)Engagement content during processing onlyUS
ResendOutbound email + inbound forwardingEmail metadata + attachments during processingUS
StripeSubscription billing (when enabled)Billing identity, payment metadataUS

Our LLM provider processes content under a zero-retention agreement. Engagement content is not retained by the model provider beyond the immediate request. Provider identity available on request for procurement and DPA purposes.

How your data is handled

Stored
  • Your account email, plan, and authentication state
  • Promises, Receipts, Decisions, Risks, and Chases per engagement
  • Hash-chained audit log entries
  • Engagement metadata and counterparty profiles
Processed in memory, not persisted
  • Raw upload bytes from SOW, status email, or contract documents
  • PDF, Word, Excel, and image content
  • LLM request payloads
  • Forwarded email attachment content

The structured engagement record persists so you have a defensible audit trail. The underlying source bytes are discarded after extraction unless you explicitly attach them to the engagement. When you delete an engagement, both are gone (subject to soft-delete).

Reliability

Uptime target
99.5%
Starter
Uptime target
99.9%
Team / Enterprise
Status page
Shipping next
BetterStack rollout post-launch

Our database is backed up daily with point-in-time recovery enabled. Email deliverability has a planned secondary path so a single-vendor outage does not take the inbound forwarding flow offline.

Your rights as a customer

  • Data export
    One-click export of all your engagements, Promises, Receipts, and audit-log entries from your settings. JSON and CSV.
  • Account deletion
    Delete your account from settings. Soft-delete preserves recovery for 30 days, then everything is purged.
  • Data Processing Addendum
    Download our DPA template for review or signing.
  • Subject access requests
    Email clarify@afigima.ai and we respond within 30 days, in line with GDPR and CCPA timelines.

Procurement self-service

Three buttons every procurement team asks for. Each request routes to clarify@afigima.ai and lands as evidence in your engagement Activity feed.

Request SOC 2 evidence pack

Sub-processors, control summary, and the active Vanta program scope. PDF you can forward to your auditor.

Send a security questionnaire

Drop the questionnaire URL or upload it here. We turn it around inside two business days.

Download the DPA template

Article 28 controller-processor DPA. Sign electronically, no negotiation needed for standard scope.

Download DPA

Need something not listed? Emailclarify@afigima.ai. We respond inside one business day.

Contact us

Security incidents
clarify@afigima.ai
24-hour acknowledgment
Privacy + DPO
clarify@afigima.ai
GDPR / CCPA inquiries
Customer support
clarify@afigima.ai
Product and account help
Clarify Agentic Workbench · Independent operational record for vendor and customer commitments. Not affiliated with any vendor.
Trust · Clarify Agentic Workbench