How we keep your data safe.
GTM Clarity handles conversations and identity data for B2B revenue teams. Here's how we protect it.
Encryption everywhere
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Secrets are managed, never hard-coded.
Privacy-first identity
Identity resolution runs on hashed identifiers and is UID2-compliant. We don't sell your visitor data — ever.
SOC 2-aligned infrastructure
Built on SOC 2 Type II vendors — Vercel, Neon, and Clerk. Our own SOC 2 Type II audit is in progress.
Least-privilege access
Tenant data is isolated per customer. Internal access is role-scoped, logged, and reviewed.
Data handling
We process two kinds of data: conversation data (the chats visitors have on your site) and identity data (firmographic and contact attributes resolved through the delivr.ai identity graph). Conversation data belongs to you. We use it to operate and improve your assistant within your tenant — not to train shared models without consent.
Subprocessors
We rely on a short list of SOC 2-compliant infrastructure providers: Vercel (hosting/CDN), Neon (Postgres), Clerk (authentication), and delivr.ai (identity resolution). The current list is available on request.
Compliance
GTM Clarity supports GDPR and CCPA workflows, including data export and deletion. A SOC 2 Type II report and a DPA are available to customers under NDA. See our Privacy Policy for how we collect and use data.
Responsible disclosure
Found a vulnerability? Email security@gtmclarity.ai. We acknowledge reports within two business days and will work with you on a fix and disclosure timeline.