Question 1

Are you GDPR compliant?

Accepted Answer

We support GDPR data-subject rights: access (data export), deletion (automated, cascading), portability (JSON export), and granular cookie consent. Data processing agreements (DPAs) are available on request. Our data is stored in the United States, so EU customers should contact us at support@xclause.com to discuss data-transfer terms before onboarding.

Question 2

How can I export my data?

Accepted Answer

Email support@xclause.com (or open a ticket from your dashboard) to request a data export. Exports include three scopes: user only, user + company, or user + company + clients. All data is exported in JSON format including contracts, signatures, comments, and settings (excluding sensitive credentials).

Question 3

How can I delete my account?

Accepted Answer

Email support@xclause.com (or open a ticket from your dashboard) to request deletion. We offer three deletion levels matching our export scopes. Deletion is cascading and transaction-safe, ensuring complete removal of your data while maintaining referential integrity.

Question 4

Where is my data stored?

Accepted Answer

All data is stored in the United States on secure servers. We use PostgreSQL for structured data and Backblaze B2 (S3-compatible) for document storage. EU customers should contact us to discuss data-transfer terms; further data-location detail is available on request for compliance purposes.

Question 5

Do you share my data with third parties?

Accepted Answer

We only share data with service providers necessary for operation: Vercel (hosting), Neon (database hosting), Stripe (payment processing), Plaid (bank verification), Postmark (transactional email), Telnyx (SMS), Anthropic and OpenAI (AI document processing), Pinecone (document search), Backblaze B2 (storage), and StatusPage (monitoring). All processors act as Data Processors per GDPR. We never share data with third parties for marketing.

Question 6

Are you SOC 2 certified?

Accepted Answer

We are not SOC 2 certified. We follow SOC 2–aligned controls including encryption, access controls, audit logging, and incident response.

How we meet our obligations

GDPR compliance

CCPA & state privacy laws

Industry standards

Financial compliance

Third-party data processors

Legal documentation

Compliance FAQs

Need a DPA or running a security review?

Start running your contracts the modern way.

Solutions

Company

Resources

Legal

Provider	Purpose
Vercel	Application hosting
Neon	PostgreSQL database hosting
Stripe	Payment processing
Plaid	Bank verification
Postmark	Transactional email
Telnyx	SMS notifications
Anthropic	AI document drafting and assistant
OpenAI	AI document processing
Pinecone	Document search embeddings
Backblaze B2	Document storage
StatusPage	Status monitoring