Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Claridex LLC ("Claridex", "Processor") and the merchant ("Controller") who installs the Claridex app. It describes how Claridex processes personal data on the Controller's behalf and reflects the requirements of the GDPR and similar data-protection laws.
Where this DPA conflicts with the Terms of Service on data-protection matters, this DPA controls.
1. Roles
For data processed through the App, the merchant is the Controller and Claridex is the Processor. Claridex processes data only on documented instructions from the Controller, which include the merchant's use of the App's features.
2. Scope and nature of processing
- Subject matter: provision of AI search and SEO optimization services.
- Duration: for as long as the App is installed, plus the retention periods below.
- Nature and purpose: auditing and scoring product catalogs, generating and applying optimized content, and producing PII-free AI revenue attribution insights.
- Categories of data subjects: the merchant's personnel who use the App; the merchant's customers only to the extent of PII-free, aggregated order signals.
- Categories of personal data:
- Merchant/store identifiers (myshopify domain, shop name, locale).
- Product and catalog metadata (generally not personal data).
- Aggregated, PII-free order signals (order total, date, channel/referrer/UTM).
- Special categories: none. Claridex does not process special-category data.
- Customer PII: Claridex does not process customer names, emails, phone numbers, addresses, or payment data.
3. Subprocessors
The Controller authorizes Claridex to use the following subprocessors. Each is bound by data-protection obligations consistent with this DPA:
| Subprocessor | Role | Location |
|---|---|---|
| Anthropic | AI content generation (zero-day retention) | United States |
| Supabase | Database hosting | United States (AWS us-east-1) |
| Vercel | Application hosting | United States |
| Inngest | Background job processing | United States |
| Sentry | Error monitoring | United States |
| PostHog | Product analytics | United States |
Claridex will give notice of changes to this list and the Controller may object on reasonable data-protection grounds.
4. Security measures
Claridex implements appropriate technical and organizational measures, including:
- Encryption of data in transit and at rest
- Access controls and least-privilege access for staff
- Removal of customer PII from order payloads before processing
- Minimization of requested Shopify scopes
- Error monitoring and incident response
- Automatic halt of write operations on elevated error rates
5. Confidentiality
Personnel authorized to process personal data are bound by confidentiality obligations.
6. Data subject requests
Claridex will assist the Controller, taking into account the nature of processing, in responding to data subject requests. The App implements Shopify's mandatory customers/data_request, customers/redact, and shop/redact webhooks.
7. Personal data breach
Claridex will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, and will provide information reasonably needed for the Controller to meet its own notification obligations.
8. Data retention and deletion
- Catalog data is retained while the App is installed.
- Optimization snapshots are retained at least 90 days.
- PII-free order-attribution records are pruned on a 90-day schedule.
- On uninstall or a valid
shop/redactrequest, Claridex deletes the Controller's merchant data and cancels pending jobs, except where retention is required by law.
9. International transfers
Where personal data is transferred outside the EEA/UK, Claridex relies on appropriate safeguards (such as Standard Contractual Clauses) with its subprocessors.
10. Audits
Claridex will make available information reasonably necessary to demonstrate compliance with this DPA and will contribute to audits as required by applicable law.
11. Contact
Data protection contact: claridex.admin@gmail.com Claridex LLC, 701 E Franklin Street, Suite 105 1262, Richmond, VA 23219