Skip to main content

Privacy Architecture

Privacy is the product, not a checkbox

Individual surveillance is structurally prevented in ClarityLift. This is not a policy we follow. It is how the system is built. The capability does not exist.

Data flow

How a message becomes a signal

Three zones, left to right. Origin platform, ClarityLift in-memory pipeline, aggregate signal. Raw text never leaves the middle zone. The first persistent surface is the metadata-only signal row on the right.

fig.01 · architectural cross-section
ORIGIN PLATFORMCLARITYLIFT · IN MEMORYAGGREGATE SIGNALSlackchannels:read · groups:readMicrosoft TeamsChannelMessage.Read.AllSignatureHMACGATEConsentchannel + employeeGATEPII scrubredact 5 typesGATEClassifiersignal type · severityCohort floorn ≥ 10GATEAZURE BOUNDARY · US EASTno training · Microsoft product termsSignal rowteam_id · signal_type · severityconfidence · sender_hashMETADATA ONLYOAuth scoped + audit-loggedheld in memory only · discarded after step 6first persistent surface
Origin

Slack · Teams

In memory

0 ms on disk

LLM region

Azure US East

Output

Aggregate only

For the full architectural walkthrough, including the consent matrix, permissions model, and structural answer to “what if someone asks you to reveal an individual,” see the trust architecture page. For the line-by-line reason each OAuth scope exists, see the OAuth scope justification.

Privacy guard

PII is scrubbed before the LLM sees it

Before any message reaches the classifier, ClarityLift redacts high-sensitivity identifiers. The classifier and Azure OpenAI never see the raw values. Watch it happen.

What gets redacted

  • SSNUS Social Security Number
  • EINUS Employer Identification Number
  • ITINUS Individual Taxpayer ID
  • SINCanadian Social Insurance Number
  • CCCredit-card PAN, Luhn-validated

Redaction, not dropping

A message like “Sarah got frustrated when the vendor asked for an SSN” still carries valid friction signal after the number is gone. The classifier sees the context. The identifier is gone.

Default-on. Kill switch is an explicit env var, not a customer-visible toggle. Source: src/lib/classification/pii-filter.ts.

live demo · scrub-then-classify
inbound messagein memory

redactPII()
step 2b · before classifier
sanitized text→ Azure OpenAI

waiting for redactPII…

detectedCC
also covered: SSN · EIN · ITIN · SIN · CC

Six non-negotiable rules

These are architectural constraints, not policy decisions. They cannot be overridden by configuration, admin settings, or customer requests.

No DMs. Ever.

ClarityLift never analyzes 1-on-1 direct messages or private conversations between individuals. This is not a setting that can be changed. The system cannot access DMs.

No raw message storage

Message text is processed by the classifier and discarded. We do not retain message content. Messages are processed in real-time for aggregate health signals and immediately discarded. No message content is stored in our systems. We keep scores, trends, and team-level metrics. Never words.

Aggregate only. Minimum group of 10.

All insights are surfaced at the team level with a minimum group threshold of 10 people. If a team has fewer than 10 members, their data is rolled up into a larger group. No individual scores exist.

Opt-in channels only

Your organization explicitly selects which work channels ClarityLift analyzes. Nothing is connected by default. Employees always know which channels are included.

Full employee transparency

Every employee can see which channels are being analyzed and what types of aggregate signals are generated. Transparency is the default, not a feature toggle.

No individual performance scoring

ClarityLift does not score, rank, or evaluate individual employees. There is no "flight risk" score for a person. No "productivity" metric per employee. These features do not exist in the system.

What ClarityLift does and does not do

ClarityLift does NOT

  • Read or store direct messages between individuals
  • Score, rank, or evaluate individual employees
  • Track who said what in any conversation
  • Store raw message content anywhere
  • Analyze private or personal channels
  • Provide individual "flight risk" or "productivity" scores
  • Allow managers to identify specific employees in reports
  • Surveil, monitor, or watch individual behavior

ClarityLift DOES

  • Analyze opted-in work channels for aggregate patterns
  • Surface team-level health scores (groups of 10+)
  • Detect communication pattern changes across teams
  • Identify friction, disengagement, and culture drift trends
  • Provide organizational health dashboards for leadership
  • Generate actionable recommendations at the team level
  • Alert on significant deviations from health baselines
  • Surface team-level retention signals from behavioral patterns

How it works under the hood

Four layers of privacy protection that structurally prevent individual identification at every level of the system.

Signal Processing Pipeline

  • Messages enter a processing pipeline that extracts aggregate patterns: sentiment distribution, topic clusters, communication frequency, response patterns
  • Raw message content is never written to disk, database, or cache
  • Processing happens in ephemeral compute. When the signal is extracted, the message is gone
  • Output: numerical scores and categorical labels at the team level. Never text content.

Differential Privacy

  • Tunable epsilon parameter controls the mathematical privacy guarantee
  • Individual contributions to any metric are bounded and noise-injected
  • It is mathematically impossible to determine whether any individual's data influenced a team score
  • Same approach used by Microsoft in Viva Insights and Apple in iOS analytics

Minimum Aggregation Thresholds

  • No metric is ever displayed for a group smaller than 10 people
  • Small teams are automatically rolled up into the nearest larger organizational unit
  • Time-window aggregation prevents de-anonymization via temporal correlation
  • Cross-channel deduplication prevents signal inflation from the same event

Platform Consent — Two Layers

  • Slack: the workspace admin approves scopes at install, and the bot still has to be explicitly invited into each channel (public or private) before any message from that channel is read. The bot is a member of zero channels by default. Two deliberate acts per channel.
  • Slack private channels: the bot can only read channels it has been explicitly invited to. Slack's platform model enforces this; a private channel without the bot as a member is unreachable regardless of scope.
  • Slack 1:1 DMs and group DMs: never read. The im:* and mpim:* OAuth scopes are not requested and are blocked at build time by an architectural rule; adding them fails CI.
  • Microsoft Teams: the tenant admin approves the channel-message scope at install, and ClarityLift applies its own per-channel enablement layer on top. Every channel starts disabled; an admin must explicitly enable each one before any message from it is read. Fail-closed.
  • Microsoft Teams 1:1 chats and group chats: never read. The Chat.* scope family is not requested and is blocked at build time by an architectural rule.
  • Every employee can opt out of analysis on their own messages at any time via /my-data, independent of which channels are connected.

Data Residency & Processing

  • All processing happens within your cloud tenant or a dedicated, isolated environment
  • No message content crosses network boundaries. Only aggregate scores are transmitted
  • Azure-native infrastructure with SOC 2 compliance path
  • Full audit trail of which channels are connected, when, and by whom

LLM Sub-processor

  • Classification and insight generation run on Microsoft Azure OpenAI in the eastus region. Prompts stay inside Microsoft's Azure boundary and are never sent to OpenAI as a company.
  • Prompts are not used to train or improve any AI model. Committed via Microsoft's product terms.
  • Microsoft's default abuse-monitoring system can retain a prompt for up to 30 days, but only if its safety systems flag the content. For aggregate workplace conversation analysis, flags are near-zero in practice.
  • Authorized Microsoft personnel can review flagged content only under just-in-time approval using secure access workstations. ClarityLift employees cannot access this store.
  • AI scope: AI-classified signals and AI-generated insights are advisory enrichments shown to the workspace admin. They are not customer-facing attestations. Every AI-produced insight records the model that produced it (Insight.generatedByModel) so audit trails can answer "which model generated this row" without consulting external usage logs.

Email Delivery Sub-processor

  • Transactional email (weekly digests, threshold alerts, data-export notifications, member invites) is sent via Microsoft Azure Communication Services Email from notifications.claritylift.ai.
  • Messages contain only aggregate org and team metrics. No DM content, no individual-level data, and no raw message text is ever included in any email.
  • Email bodies are rendered inside the Azure tenant. ACS retains delivery metadata (send status, bounce, spam signal) per Microsoft's standard email-service retention terms.

Built for regulatory compliance

ClarityLift is designed from day one for the regulatory landscape that governs employee data analysis.

EU AI Act

Employee behavior AI is classified as high-risk under Annex III. ClarityLift's aggregate-only architecture, transparency requirements, and human oversight design align with obligations effective August 2026.

GDPR

Processing relies on legitimate interest with documented balancing tests. No individual profiling. Data Protection Impact Assessment built into the deployment process. Works council consultation supported.

CCPA / State Laws

No individual employee data is collected, stored, or surfaced. Aggregate-only processing means individual rights requests (access, delete, opt-out) are satisfied by design. Multi-state compliance built in.

Compliance responsibility

ClarityLift is designed to help customers meet obligations under applicable workplace communication analysis laws, including NY Civil Rights Law § 52-c, Conn. Gen. Stat. § 31-48d, Del. 19 § 705, and the CCPA aggregate-information framework. ClarityLift's aggregate-only architecture, 10-person minimum group threshold, and pipeline that retains no raw message content in our own systems are designed to satisfy the strictest available interpretations of these requirements. Our LLM sub-processor (Microsoft Azure OpenAI) processes prompts within Microsoft's Azure boundary under Microsoft's product terms. Customers remain responsible for their own compliance, including providing any employee notice required under state law and obtaining any required consent from their workforce in applicable jurisdictions.

Not for individual employment decisions

ClarityLift is not intended for use in individual employment decisions, including hiring, firing, promotion, performance review, discipline, or compensation. Its outputs are aggregate signals at the team and organization level, designed to inform leadership about organizational health. Not to evaluate or rank individual employees. Customers agree to this limitation in the Acceptable Use Policy.

Where your data goes

Your prompts stay inside Microsoft's Azure boundary

We run classification on Azure OpenAI, not on the OpenAI public API. The two names look similar. The data posture is not.

Azure OpenAI (what we use)

  • Sub-processor is Microsoft. Prompts are handled under Microsoft's standard Product Terms and Data Protection Addendum.
  • Prompts never leave the Azure boundary. OpenAI as a company does not receive the data.
  • Prompts are not used to train or improve any AI model. This is a contractual commitment, not a request flag.
  • Deployment region is Azure US East. Single-region at launch. Multi-region is on the roadmap.
  • Abuse-monitoring default retention is up to 30 days, and only if Microsoft's safety system flags a specific prompt. For aggregate workplace chatter, flags are near-zero in practice.

OpenAI direct API (what we do NOT use)

  • Different sub-processor. Different data processing agreement. Different retention defaults.
  • ClarityLift does not send production prompts to OpenAI's public API.
  • A legacy provider switch exists in our code for development environments. It is not the production path and is governed by the same retention-zero pipeline if ever used.

Read Microsoft's own documentation: Data, privacy, and security for Azure OpenAI.

Commitments

What we commit to in writing

Plain-language versions. The binding versions live in the DPA and the Acceptable Use Policy.

We do not sell any data

Not message metadata, not aggregate signals, not employee emails, not anonymized cohort data. We are not a data broker. We make money from subscription contracts with the customers who install ClarityLift, full stop.

Data Processing Agreement available on request

Email security@claritylift.ai and we will send our standard DPA, pre-populated for your org, along with the subprocessor list and a SIG-Lite response. Custom redlines welcome under an active procurement engagement.

No session-replay or behavioral targeting on the dashboard

The customer-facing dashboard does not load session-replay, heat-mapping, or marketing-targeting SDKs. We do load PostHog for first-party product analytics (pageviews and click events on our own app, used to improve the dashboard) when configured by ops. PostHog never sees customer message text, signal data, or HRIS fields.

No individual employment decisions

ClarityLift outputs are not intended to inform individual employment decisions of any kind, including hiring, firing, promotion, performance review, discipline, or compensation. Customers agree to this limitation in the Acceptable Use Policy.

Request the DPA

Roadmap

When these controls ship

Quarter-level commitments, not precise dates. If we slip, we update this page. Review cadence is quarterly.

Q2 2026Shipped

PII pre-filter before the classifier

SSN, EIN, ITIN, Canadian SIN, and credit-card numbers redacted before any message reaches the LLM. Default-on.

Q2 2026Shipped

Data flow diagram on the privacy page

Six-step lifecycle visible to procurement without an NDA. OAuth scope justification document published alongside.

Q2 2026Shipped

Teams chat-scope block at build time

CI rule CRIT-C-TEAMS-CHAT-SCOPE fails the build if any Chat.* or ChatMessage.* Graph scope lands in the repo, matching the Slack DM-scope block. A companion scope-pinning test locks the exact allowed Teams scope list — widening requires a reviewer-visible snapshot change.

Q2 2026Shipped

Teams per-channel enablement affordance in the admin UI

The backend was already fail-closed (every Teams channel starts disabled on install). The admin UI now renders an explicit compliance callout and per-platform enabled counts so a procurement reviewer sees the posture without reading code.

Q2 2026Shipped

Teams bot-events endpoint + Bot Framework JWT auth

POST /api/teams/bot-events authenticates inbound Bot Framework activities against Microsoft's public JWKS and persists each tenant's serviceUrl on the connection. Closes the data-layer plumbing the consent DM needs.

Q3 2026Planned

Teams employee consent DM activation

One-time informational message to each employee at install and to new hires, mirroring Slack. Every code path shipped in Q2 2026 behind the TEAMS_CONSENT_DM_ENABLED flag: Bot Framework proactive sender, Adaptive Card, JWT-authenticated bot-events endpoint, schema column for serviceUrl. Remaining work is operational: register the Azure Bot Service bot, store credentials in Key Vault, publish the Teams app manifest, and flip the flag.

Q3 2026Planned

Two additional CI-enforced architectural rules

Expands the existing build-time guard set that blocks DM scopes and LLM-SDK imports outside the wrapper.

Q3 2026Planned

Audit-log retention purge cron

Enforces the documented 18-month retention window. Today audit rows are append-only with no purge path; the cron closes that gap.

Q3 2026Planned

Independent application penetration test

Standard application pen test by a reputable firm. Summary available to customers under NDA.

Q4 2026Planned

SOC 2 Type I attestation

CPA engagement scoped. Type II follows after the Type I observation window.

Last reviewed 2026-04-24. Source: external CISO review (Jacob Self).

Think of it like Google Analytics for your organization

Google Analytics shows you traffic patterns and conversion rates without exposing individual user sessions. You see trends, not people.

ClarityLift shows you organizational health patterns without exposing individual conversations. You see team health, not messages.

Less invasive than the employee surveys you already run

Trust commitments

ClarityLift is operated by Startvest LLC under the Startvest Trust Principles. Per-product implementation is recorded in this repository's INTEGRITY.md.

Integrity concerns or disclosures: integrity@startvest.ai (monitored quarterly by external counsel).

Privacy questions? Let's talk.

We built ClarityLift so that the hardest privacy question has the simplest answer: it can't do that.

Get Early Access