Data Processing Agreement
Template for customer review before public launch. Replace operator and sub-processor details with final production values before publishing widely.
Data Processing Agreement
This template describes how cluein.me processes personal data on behalf of customer organizations. It should be reviewed by legal counsel before public launch.
Subject matter
cluein.me provides a client portal for project briefings, file uploads, approvals, and project handoff exports.
Categories of data
Contact details, project briefing answers, uploaded assets, portal audit events, billing identifiers, and account metadata.
Sub-processors
Supabase for EU-hosted database, storage, and auth; Vercel for hosting; Stripe for billing; Resend and Postmark for transactional email; Anthropic for optional briefing quality scoring.
Security measures
Row-level security, organization isolation, private storage, hashed portal tokens, hashed IP logging, MFA support, signed Stripe webhooks, and server-side plan enforcement.
Retention
Deleted organizations enter a read-only grace period, then soft-delete and hard-delete according to the retention schedule documented in the product.
Assistance and export
Organization owners can export workspace data from settings. cluein.me assists with data subject requests where required by applicable data protection law.