Legal

Trust and Safety

Klarity is committed to data privacy, security, and transparency. We built the platform so that you control what is captured, what is retained, and how long it stays.

No Model Training.

Neither Klarity nor our third-party AI providers use your data to train or improve any model. Our AI subprocessors operate under zero-data-retention agreements: data sent for processing is not stored by them. Your data is processed only to deliver the Klarity services you request and is never used for any other purpose.

You Control What Enters Klarity.

Nothing is captured or uploaded without direct user initiation. Klarity does not automatically read from or write to your other systems, and no desktop agent or endpoint software is installed on employee machines. Capture sessions are started by the user, permissioned through the browser, visibly indicated while active, and stoppable at any time.

Retain Only What Serves You.

Klarity captures process knowledge in two fundamentally different ways, and retention follows the design:

  • Real-time observation. Where Klarity observes work as it happens, raw screen and audio signals are processed in the moment and never stored. Only anonymized, process-level text outputs persist, and automated sensitivity filtering drops sensitive categories of content (for example, credentials, personal-life details, HR matters, and similar) before anything is written.
  • Recordings and uploads. Where source material is the substance of your documentation (for example, a recorded walkthrough or files your team uploads) it is retained under your workspace's access controls as the evidence behind that documentation.

In every case, what persists belongs to you, stays isolated to your workspace, and can be deleted on demand.

On-Demand Data Deletion.

You can delete your data from Klarity at any time: uploaded materials, recordings, and the artifacts Klarity generates from them. Deletion is permanent and propagates to backups within our standard purge window. Our AI subprocessors do not retain data sent from the Klarity application.

Encrypted and SOC2 Type II Compliant.

All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256). Access follows least-privilege principles: Klarity personnel do not access customer data in the normal course of operations, and production access is role-restricted, MFA-protected, and logged. Klarity is SOC 2 Type II compliant, verified through independent audit, with continuous control monitoring and recurring penetration testing. You can request Klarity's SOC 2 reports through our Trust Center.

GDPR and CCPA Compliant.

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data privacy laws. For data-protection purposes, your organization is the controller of your data and Klarity is a processor acting on your instructions. A Data Processing Agreement is available to all customers. Klarity's Privacy Policy can be found here.

Transparency With the People You Work With.

Klarity capture is designed around the person doing the work: the user initiates every session and captures their own activity, with notice and control built in. When other people may be heard or seen during a session, Klarity recommends disclosing that capture is active in every jurisdiction, regardless of the legal minimum. For real-time observation, that disclosure is uniquely simple to give honestly: nothing is recorded or stored - only anonymized process notes persist.

Klarity Subprocessors

We hold all our subprocessors to the same standard of data protection that we hold ourselves to. View Subprocessors.