Data Subject Access Request (DSAR) Procedure

    Last Updated: 23 April, 2026

    1. Introduction and Purpose

    ClausePilot is committed to upholding the principles of the GDPR and supporting our users in meeting their data protection obligations. This document outlines the procedure for submitting a Data Subject Access Request (DSAR) related to data processed on the ClausePilot platform.

    This procedure is designed to provide our users, including legal professionals who act as Data Controllers for their client data, with a clear, efficient process for exercising the rights of the Data Subjects. It formalizes our commitment to assist you, as detailed in our Data Processing Agreement (DPA) and Privacy Policy.

    2. Understanding Roles Under GDPR

    ClausePilot as a Data Controller: We are the Data Controller for the personal data of our Users, such as your account information, contact details, and billing data. If you wish to submit a DSAR for your own personal data, please contact us directly at privacy@clausepilot.com.

    ClausePilot as a Data Processor: For all User-Generated Content you upload or create on the platform (e.g., contracts, legal analyses, client documents), you are the Data Controller, and ClausePilot acts strictly as your Data Processor. This procedure primarily governs how we assist you in this capacity.

    3. Procedure for Submitting a DSAR on Behalf of a Client

    As the Data Controller, you are responsible for managing DSARs from your clients. ClausePilot is here to provide you with the necessary assistance to fulfill these requests in a timely manner.

    Step 1: Who Can Submit To ensure confidentiality and security, requests concerning User-Generated Content must be submitted by the authorized User (the Controller) associated with the account where the data resides. We cannot accept requests directly from your clients (the Data Subjects) for data you control.

    Step 2: How to Submit a Request Please send an email to privacy@clausepilot.com with the following information:

    • Subject Line: "Data Subject Access Request on Behalf of Client"
    • Your Identity: Your full name and the email address associated with your ClausePilot account for verification.
    • Data Subject's Information: Provide sufficient detail to allow us to locate the relevant data. This should include, where possible, the Data Subject's name and the specific matter(s) or document name(s) involved.
    • The Right Being Exercised: Clearly state the GDPR right you are invoking on behalf of your client (e.g., Right of Access, Right to Rectification, Right to Erasure).

    Step 3: Our Verification and Assistance Process

    1. Verification: Upon receipt, we will first verify your identity as the authorized Controller for the account.
    2. Data Retrieval (for Access Requests): For a Right of Access request, we will securely locate and retrieve all User-Generated Content related to the specified Data Subject within your account. This data will be securely packaged and provided directly to you, the Controller, in a common, machine-readable format (e.g., a password-protected ZIP archive). You are then responsible for reviewing this data and providing it to your client.
    3. Assistance with Other Rights (Erasure, Rectification): For other rights, such as erasure or rectification, we will provide you with the necessary assistance. In many cases, you can perform these actions directly using the self-service tools within your ClausePilot vault, as described in our DPA.

    4. Our Service Level Objectives (SLOs)

    • Acknowledgement: We will acknowledge receipt of a valid and verified DSAR from you within 72 business hours.
    • Fulfillment: We will provide the requested information or assistance to you within 21 calendar days. This timeline is designed to give you sufficient time to review the information and respond to your client within the one-month period required by the GDPR.

    5. Our Commitment

    ClausePilot is committed to being a trusted partner. This procedure is a key part of our promise to provide the tools and support you need to use advanced AI technology while upholding the highest standards of legal ethics and data protection.

    This site uses cookies, for details read our Cookie Policy.