Question 1

Is clausul safe to use with confidential client documents?

Accepted Answer

Yes, and that is the use case it is built for. In short: documents are uploaded over TLS to EU infrastructure (Germany), stored encrypted at rest, auto-deleted after 14 days (or sooner on request), and never used to train any AI model. AI calls go to Anthropic under enterprise API terms that prohibit training on customer inputs. clausul staff do not access customer documents in normal operations. If you need a DPA, a signed NDA, or a vendor risk questionnaire before sending real client work, contact hello@clausul.com and we will turn it around quickly. The questions below cover each layer in detail.

Question 2

Does clausul use AI? What happens to my documents?

Accepted Answer

Yes. clausul uses AI to classify changes, generate review notes, and (in the Reply and image-redline transfer features) read uploaded images. Parsed clause text and uploaded images are sent to Anthropic Claude over their API. Raw DOCX files are never sent to Anthropic; they are parsed inside clausul infrastructure first. Anthropic operates under API terms that prohibit using customer inputs for model training.

Question 3

What about photos of marked-up documents? Are images sent to AI?

Accepted Answer

Yes. The Reply feature and the image-to-tracked-changes transfer feature send the uploaded images to Anthropic Claude for vision processing, because reading the markup is the whole job. The same API terms apply: no training on inputs, deletion after up to 30 days of abuse-monitoring retention. If a photo of a marked-up page would itself be sensitive (e.g., it shows a client name in the header), treat it the same way you would treat the underlying document.

Question 4

Are my documents used to train AI models?

Accepted Answer

No. We use the Anthropic API under terms that explicitly prohibit using API inputs and outputs for model training. Under default API terms, Anthropic may retain inputs for up to 30 days for abuse and safety monitoring, after which they are deleted. Your data is not fed back into any model. We can provide the relevant contractual references on request.

Question 5

Where is my data stored?

Accepted Answer

Infrastructure is hosted in the European Union (Germany). Uploaded documents are stored in encrypted cloud storage and automatically deleted after 14 days. Comparison results are stored in an encrypted database. All storage is subject to EU data protection law (GDPR). If your organization requires US-region hosting, contact us to discuss options.

Question 6

What data leaves the EU?

Accepted Answer

Parsed clause text is sent to Anthropic API endpoints for AI processing. Under default API terms, Anthropic may retain inputs for up to 30 days for abuse and safety monitoring, after which they are deleted. No inputs are used for model training. The raw document files, comparison results, and all other data remain within EU infrastructure. We are evaluating EU-region AI endpoints to eliminate cross-border data transfer entirely.

Question 7

How long are documents retained?

Accepted Answer

Documents automatically expire after 14 days. You can also delete a document manually at any time. When a document expires or is deleted, the uploaded files, comparison results, and all associated data are permanently removed from storage.

Question 8

Is data encrypted?

Accepted Answer

Yes. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via cloud provider managed keys). This applies to uploaded documents, comparison results, and any data stored in the database.

Question 9

Do you support DPAs and formal procurement?

Accepted Answer

Yes. We support data processing agreements for firms and in-house teams with formal procurement requirements. We can also provide a completed vendor risk questionnaire. Contact hello@clausul.com to start the process.

Question 10

Does using clausul affect attorney-client privilege or work product?

Accepted Answer

Privilege analysis depends on the facts of how the tool is used. The structural concerns courts have raised about consumer AI tools (see for example United States v. Heppner, S.D.N.Y. 2026) center on patterns that do not match how clausul is used. clausul is attorney-directed software for use in the course of representation, not a consumer chatbot a layperson uses on their own to prepare litigation materials. clausul accesses Anthropic under Commercial Terms via the API, which prohibit training on customer inputs and provide enforceable confidentiality, whereas the Heppner court keyed on Consumer Terms permitting both. Data residency in the EU, 14-day automatic deletion, and DPAs on request align with what ABA Formal Opinion 512 expects when attorneys deploy AI tools under Rules 1.1 (competence), 1.6 (confidentiality), and 5.3 (supervision of nonlawyer assistance). We recommend attorneys document AI use in matter files and obtain informed client consent for AI-assisted work, consistent with Opinion 512. None of this is legal advice on unsettled doctrine. If your firm needs a DPA or has specific compliance requirements, contact hello@clausul.com.

Question 11

Is there an audit trail?

Accepted Answer

Partial today. Document deletions persist as soft-delete timestamps in the database, and per-document edit history is recorded during interactive Reply sessions. clausul does not currently maintain a queryable user-action audit log (uploads, exports, logins, share creation) accessible to account administrators. A full audit log is on our roadmap. If contemporaneous user-action audit logs are a procurement requirement for your firm, contact hello@clausul.com so we can scope the work against your timeline.

Question 12

Who can access my documents?

Accepted Answer

Only authenticated users within your organization can access your documents. clausul engineering staff do not access customer documents in the normal course of operations. Access for debugging or support purposes requires explicit authorization and is logged.

Question 13

Can I try clausul without uploading real client documents?

Accepted Answer

Yes. You can use sample documents or redacted versions to evaluate the tool before introducing client data. We recommend this as a first step for any pilot.

How clausul protects your documents

Security controls

Encryption

No model training

Automatic cleanup

EU-hosted infrastructure

Where your data goes

1. Upload & parsing

2. AI processing

3. Storage & retention

Frequently asked questions

Need more detail?

Ready to evaluate clausul?