Data Processing Agreement

Last updated: June 21, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Claridex LLC ("Claridex", "Processor") and the merchant ("Controller") who installs the Claridex app. It describes how Claridex processes personal data on the Controller's behalf and reflects the requirements of the GDPR and similar data-protection laws.

Where this DPA conflicts with the Terms of Service on data-protection matters, this DPA controls.


1. Roles

For data processed through the App, the merchant is the Controller and Claridex is the Processor. Claridex processes data only on documented instructions from the Controller, which include the merchant's use of the App's features.

2. Scope and nature of processing

3. Subprocessors

The Controller authorizes Claridex to use the following subprocessors. Each is bound by data-protection obligations consistent with this DPA:

SubprocessorRoleLocation
AnthropicAI content generation (zero-day retention)United States
SupabaseDatabase hostingUnited States (AWS us-east-1)
VercelApplication hostingUnited States
InngestBackground job processingUnited States
SentryError monitoringUnited States
PostHogProduct analyticsUnited States

Claridex will give notice of changes to this list and the Controller may object on reasonable data-protection grounds.

4. Security measures

Claridex implements appropriate technical and organizational measures, including:

5. Confidentiality

Personnel authorized to process personal data are bound by confidentiality obligations.

6. Data subject requests

Claridex will assist the Controller, taking into account the nature of processing, in responding to data subject requests. The App implements Shopify's mandatory customers/data_request, customers/redact, and shop/redact webhooks.

7. Personal data breach

Claridex will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, and will provide information reasonably needed for the Controller to meet its own notification obligations.

8. Data retention and deletion

9. International transfers

Where personal data is transferred outside the EEA/UK, Claridex relies on appropriate safeguards (such as Standard Contractual Clauses) with its subprocessors.

10. Audits

Claridex will make available information reasonably necessary to demonstrate compliance with this DPA and will contribute to audits as required by applicable law.

11. Contact

Data protection contact: claridex.admin@gmail.com Claridex LLC, 701 E Franklin Street, Suite 105 1262, Richmond, VA 23219