Security and privacy
Security, privacy, and reliability are foundational to how we design ClarityLoop. We help teams grow through feedback, performance insights, and growth frameworks — and we know that protecting this data is essential to earning your trust.
We’ve built ClarityLoop from the ground up with a security-first, privacy-aware approach — so you can use it with confidence.
Security
ClarityLoop follows a security-by-design approach across engineering, infrastructure, and operations. Our practices reflect industry best practices, tailored to early-stage SaaS with enterprise-ready ambitions.
Infrastructure protection
ClarityLoop is hosted entirely on Google Cloud Platform (GCP), using its built-in protections for encryption, redundancy, and network-level security. Our services are isolated across environments, with no customer data ever present in staging or development.
All data is encrypted:
- In transit with TLS 1.2+
- At rest using AES-256
We run automated encrypted backups daily, with tested recovery workflows.
Operational safeguards
We use single sign-on (SSO) and multi-factor authentication (MFA) across all internal tools. Production access is limited to a small number of authorized personnel and reviewed regularly.
All code changes are peer-reviewed and deployed through CI/CD pipelines. We use GitHub’s security scanning and GCP-native tooling to monitor for vulnerabilities.
See our full security practices →
Privacy
We believe privacy is a right — not a toggle.
ClarityLoop only processes personal data to provide the Services. We do not sell, rent, or use customer data for advertising. Our Privacy Policy and Data Processing Addendum (DPA) explain in clear terms how we protect your data.
Your data, your control
We process personal data only to help you run better 1:1s, give and receive high-quality feedback, define growth paths, and align on objectives. Workspace owners control their data and can request deletion or export at any time.
Global alignment
We’ve designed ClarityLoop’s practices with global privacy regulations in mind — including GDPR, UK GDPR, and CCPA. Standard Contractual Clauses (SCCs) apply to all restricted data transfers, and our subprocessors are vetted for compliance and contractual obligations.
Review our privacy practices →
View our DPA →
Responsible AI
ClarityLoop uses AI to help people write better feedback, identify growth opportunities, and understand trends — but always with safeguards.
- We use Azure OpenAI and Google Cloud AI for inference only
- Your data is never used to train third-party models
- Prompts and completions are not retained beyond what’s needed to power a feature
- AI is used to support decision-making — never to replace it
Subprocessors
ClarityLoop works with a small set of carefully selected subprocessors to help deliver our service. All subprocessors are bound by contractual obligations and undergo security and privacy reviews.
Contracts & data handling
Need a signed copy of our DPA or SCCs? Reach out to security@clarityloop.com.
Reliability & uptime
We’re building for long-term resilience. Our platform includes:
- Daily encrypted backups
- Environment isolation
- Business continuity procedures
- Recovery Time Objective (RTO): 2 hours
- Recovery Point Objective (RPO): 24 hours
Report a security issue
If you believe you've discovered a vulnerability or security issue in ClarityLoop, we want to hear from you.
Please email us at security@clarityloop.com with as much detail as possible. We’ll acknowledge receipt, investigate promptly, and keep you updated as we work to resolve it.
We appreciate responsible disclosure and thank researchers who help keep our platform safe.
Have questions?
We’re happy to support your due diligence. Whether you’re an IT lead, legal counsel, or security reviewer, you can contact us at security@clarityloop.com — we’re here to help.
Last updated: March 24, 2025