Loading secure experiencePreparing the current route and theme-safe workspace shell.
Service-provider register
Know which providers support each processing lane.
This register names the providers evidenced by Clarity's current hosted architecture and explains why data reaches each service. Customer-specific region, transfer, and notice terms remain in the applicable Order or DPA.
Access governanceRoles, MFA, and revocationDocument controlsWatermarks and guarded routes
Current architecture
Each provider has a bounded service function.
The list avoids unsupported region or certification claims and distinguishes always-on architecture from conditionally enabled billing, storage, or screening workflows.
Application hosting and deployment
Vercel
Data involved
Application requests, routing data, service logs, and the account or room metadata needed to serve an authorized request.
When used
Hosts the Clarity web application and server-side request handlers in the current production architecture.
Contract boundary
A particular processing region, residency commitment, or service level applies only when stated in the applicable Order or DPA.
Authentication and application database
Supabase
Data involved
Account identifiers, authentication state, profiles, room metadata, permissions, workflow records, activity evidence, and audit-supporting records.
When used
Provides the current authentication and PostgreSQL data layer, including row-level access controls.
Contract boundary
Project-region and transfer terms are confirmed for the customer deployment through the applicable Order or DPA.
Private object storage
Cloudflare R2
Data involved
Customer document bytes, controlled renditions, representative images, and archive objects stored for the configured room workflow.
When used
Provides private object storage when the R2-backed document and archive workflow is configured.
Contract boundary
Objects are intended to remain private and are accessed through server-authorized workflows; any location commitment must be stated in the applicable agreement.
Hosted billing and subscription management
Stripe
Data involved
Billing contact details, customer and subscription references, invoice metadata, quantities, payment status, and hosted checkout events.
When used
Provides hosted checkout, subscription billing, invoices, webhook events, and the customer billing portal when paid billing is enabled.
Contract boundary
Payment-card details are handled on Stripe-hosted payment surfaces; Clarity retains billing references and entitlement state rather than raw card data.
Private malware-scanner hosting
Render
Data involved
Supported upload bytes submitted to the configured private ClamAV scanner for a clean or infected verdict.
When used
Hosts the current private scanner bridge when required malware screening is enabled for an upload workflow.
Contract boundary
The scanner is a processing control, not long-term document storage. Deployment configuration and any contractual location terms control the applicable posture.
Source control and conditional operations automation
GitHub and GitHub Actions
Data involved
Application source, repository metadata, workflow logs, and retained automation artifacts. When the private thumbnail workflow is enabled, an ephemeral GitHub-hosted runner temporarily receives a private source document, its title and job identifier, and derived thumbnail or preview output. The launch-corpus workflow can retain document-index and permission-matrix evidence containing room metadata.
When used
Hosts the private source repository and runs explicitly configured operational workflows for thumbnail rendering and launch-readiness evidence.
Contract boundary
Thumbnail source bytes are processed transiently and are not included in the retained renderer artifact; that artifact contains job, document-title, timing, and renderer metadata for 14 days. Launch-corpus reports and their project-index and permission-matrix inputs are retained as workflow artifacts for 14 days. These workflows are conditional and must remain access-controlled.
Transactional email orchestration
Resend
Data involved
Recipient and sender addresses, message content, delivery metadata, authentication results, and identifiers needed for invitations, notifications, and service email.
When used
Provides the current outbound application-email workflow, including delivery tracking and domain-authenticated sending.
Contract boundary
Resend uses its own infrastructure providers, including the current Amazon SES delivery path evidenced by Clarity mail authentication. Agreement-specific email terms control where applicable.
Outbound email transport
Amazon Simple Email Service
Data involved
Transactional message envelopes, message content, delivery events, and mail-authentication metadata passed through the current Resend sending chain.
When used
Provides the outbound delivery infrastructure evidenced by the current Clarity mail-authentication and production-header records.
Contract boundary
This is an email-delivery lane, not a private document-storage lane. Customer Content should not be placed in message bodies when a controlled room link or identifier is sufficient.
Inbound support and trust-address routing
Cloudflare Email Routing
Data involved
Sender and recipient addresses, message content, attachments, routing metadata, and delivery events for published support, billing, legal, security, and DMARC addresses.
When used
Routes inbound messages sent to Clarity's published role addresses to the configured operator mailbox.
Contract boundary
Email is not the VDR document channel. Send identifiers and minimal investigative context rather than passwords, payment-card data, authentication codes, or private document bytes.
Routed operator mailbox
Google Gmail
Data involved
Inbound support, billing, legal, security, and reporting messages forwarded from the published Clarity role addresses, including any attachments a sender chooses to include.
When used
Receives the current inbound routing destination used to review and answer published Clarity contact addresses.
Contract boundary
The website composer itself does not create a case or send form data to Clarity servers. The sender's browser, clipboard, and mail client can handle or retain prepared text; Clarity processing begins when the email reaches the operator inbox. Senders are instructed not to include secrets or unnecessary Customer Content.
SMS delivery after compliance approval
Twilio (conditionally enabled)
Data involved
Recipient telephone number, the Clarity notification message body, sender or messaging-service identifiers, delivery status, and provider message identifier.
When used
Not active by default. The integration can send account notifications only after explicit owner approval of SMS compliance and complete Twilio sender configuration.
Contract boundary
SMS launch remains deferred unless compliance approval, sender registration, configuration, consent, and applicable customer terms are complete. Messages must not contain passwords, authentication codes beyond the approved verification flow, private document content, or unnecessary room details.
How to read this register
Public facts first. Customer-specific commitments in writing.
Provider names describe the services evidenced by the current Clarity architecture; the applicable provider legal entity and contractual terms depend on the deployed account and customer agreement.Clarity does not promise a particular hosting region, data-residency location, transfer mechanism, or provider service level unless it is stated in an executed Order or DPA.A provider may receive only the information needed for its service function. Customer room permissions do not become provider access rights for unrelated purposes.Current outbound delivery and inbound routing providers are listed below. Any customer-selected integration or agreement-specific replacement is confirmed during the applicable customer review.Document translation is disabled unless a deployment-specific translation endpoint is configured. Before activation, the selected provider, processing locations, document-text categories, retention, transfer terms, and safeguards must be added to this register and the applicable DPA or Order.
Material provider changes
Notification and objection rights are governed by the customer's executed DPA or Order, including any negotiated timing or replacement process.
Customer-selected services
Customer integrations, destination mailboxes, and separately selected services are reviewed for the exact room instead of being presented as universal Clarity subprocessors.