For employees
Your employer deployed ClarityLift. Here is what it sees about you.
This is not a marketing page. It is a receipt. Read it if you want to know, in plain language, what data is processed, what your manager actually sees, and what the product cannot do no matter who asks.
1. What happens to one message
You typed something in a channel. Here is the whole path it took.
Imagine it is a Tuesday at 2:14pm. You typed a message in a channel your employer turned on for ClarityLift analysis. Below is everything that happens after you hit send. Every step is enforced in code, not in a policy document.
- 1
Slack or Teams delivers the event to our webhook.
The event is metadata plus message text. Your employer only granted channel-read permissions, so this only fires for messages posted in channels they have explicitly turned on. Direct messages, group DMs, and channels your admin has not enabled never reach us in the first place.
- 2
The handler checks if the channel is a DM. If yes, it drops the event.
Even if Slack accidentally sent a DM to our webhook, the first line of the handler rejects it before any other code runs. We do not store it, classify it, or log it. The server returns 200 and moves on.
- 3
A fast pattern-matcher decides if the message is worth classifying.
Most messages are not. "ok", "lol", "thanks", and the majority of the day's chatter fail this filter and are discarded on the spot. Only a small fraction of messages proceed to the next step.
- 4
If it passes, the message text is sent to a language model once, in memory.
The model sees the text long enough to decide what category of signal the message fits (team friction, communication health, culture drift, retention, strategic alignment, or none). The model returns a category and a confidence score. That is all it returns. It does not return your name. It does not return a quote. It does not return a summary.
- 5
The model's provider does not retain the text either.
We use providers under zero-retention agreements. On Azure OpenAI, the request stays inside Microsoft's Azure boundary and is not used to train anything. On Anthropic, a contractual zero-data-retention clause prevents storage. The message text is discarded after the call.
- 6
The row that gets written to our database has seven fields.
Organization id, team id, channel id, signal category, severity, confidence, detection timestamp. That is it. No user id. No message id. No text. No quote. No author. If an admin wanted to look up "what did employee X say," the data to answer that question does not exist.
- 7
Nothing shows up on any dashboard unless the team has 10 or more members.
Before any output is visible to your manager, a database check confirms the team has at least 10 people. Teams below that threshold produce no output at all. Not a "hidden" output. No row is emitted.
The end state: your manager sees a team-level score move slightly. They do not see the message. They do not see who sent it. They do not see a quote. They see that the team-friction signal for their team ticked up two points this week, alongside messages from everyone else on the team.
2. Three hard floors
The product is built on three boundaries that cannot be turned off.
These are not settings. A workspace admin cannot toggle them. A paying customer cannot negotiate them. They are built into the schema and the ingest pipeline.
No DMs. Ever.
ClarityLift never requests direct-message permissions during OAuth. If Slack or Teams somehow sent a DM to the webhook, the first filter rejects it before any classifier call. We do not analyze, store, or log direct messages. Not in aggregate. Not anonymized. Not at all.
No team below 10 people produces output.
Every output is scoped to a team of at least 10 people. The floor is enforced as a database-layer check, not a UI hide. A team of 9 produces nothing. An admin cannot lower the floor; they can only raise it.
No message text is retained.
The model sees the text once, in memory, to classify it. After the classification returns, the text is garbage-collected. No database row anywhere contains message text. Not the signal rows, not the audit log, not a cache. If you delete a message after it was processed, there is nothing for us to also delete because we never stored it.
3. What your manager sees
The dashboard is aggregate. Always.
Your manager, or whoever holds the ClarityLift admin seat at your company, sees a dashboard built from the signal rows described above. Here is what is on it.
Team-level scores, per team, per week.
Five pillar scores: team friction, disengagement, communication health, culture drift, retention signals. Alignment to stated strategic goals is on the roadmap. Each score is a number with a trend line. Each is computed from the aggregated signal rows for that team over the window.
Which signal categories fired for the team.
A count of signals by category over the period. Twelve friction signals, three communication-health signals, zero retention signals. Not which messages caused them. Not who said them.
Anomalies against the team’s own baseline.
After four to six weeks of baseline, the scoring engine flags unusual weeks for the team relative to its own history. Not relative to other teams. Not relative to an industry benchmark.
Written insights, generated weekly.
A short paragraph summarizing what moved on the dashboard. The paragraph is generated from aggregate scores only. It contains no quotes. It cannot contain a quote because no quote was ever stored.
4. What your manager does not see
Not hidden by permission. Structurally not there.
The difference between a permissions-based limit and a structural limit matters. A permission can be granted. A structural limit means the data does not exist to reveal, even to the CEO, even under subpoena, even if every engineer at ClarityLift cooperated. These fall into the second category.
- Your messages. Full stop. The text is not stored anywhere.
- Your identity on any signal. Rows carry a team id, never a user id.
- Which message triggered which signal. There is no link from a dashboard number back to a source message.
- Your DMs. The integration never had access to them.
- Your private-channel messages, unless the admin explicitly turned that channel on.
- A per-employee score. Every output is scoped to a team of 10+.
- A list of who is a flight risk. The product has no such view, because it has no per-person data.
- A transcript of any conversation. Not for any reason, including legal discovery, because no transcript exists on our side.
5. Your rights
What you can do, and how to do it.
You have rights under your local privacy law, and you have a shorter list of things ClarityLift commits to regardless of jurisdiction. Both are below.
Ask your admin which channels are connected.
ClarityLift's admin settings page lists every channel under analysis. Your admin can share that list. We recommend they post it to the team when the tool goes live, and update it publicly when channels are added or removed. If you do not know what channels are connected, that is a question to ask in your next all-hands.
Request a copy of the data tied to you.
There is no data tied to you individually, because the schema has no user id on any signal row. A data subject access request still produces the small amount of metadata we do hold (your email if you are a dashboard user, login timestamps for audit purposes, nothing about your messages). The request goes through your employer, not to us directly. Your HR or IT team submits it on your behalf.
Ask your admin to disable a specific channel.
A channel can be removed from ClarityLift analysis in a single click in the admin settings. Signals stop flowing within 30 seconds. Historical signals from that channel remain aggregated in the team scores (they cannot be attributed back to specific messages because no message-to-signal link exists) but no new signals are generated from that channel.
Raise a concern directly.
If you believe your employer is misusing ClarityLift in a way that violates the acceptable-use policy every admin agreed to at onboarding, email privacy@claritylift.ai. The AUP forbids using ClarityLift for hiring, firing, performance review, or compensation decisions. Outputs do not support these uses even if an admin wanted to do them, but a report still gets investigated.
6. How to verify this page
Do not take our word for it.
Everything on this page is backed by code or contract you can read, or by a claim your own admin can verify inside their own Slack or Teams workspace.
We never analyze DMs.
Your admin can open the ClarityLift OAuth consent screen and see the scopes we requested. There is no DM scope. If we had wanted access, we would have had to ask.
We never store message text.
The signal-row schema is public in our privacy architecture document. Seven fields, none of them text. A DSAR export contains signal counts and scores. There is no row type that could contain a message body.
No output is produced for a team below 10 members.
Your admin can create a test team of 3 people and turn on ClarityLift for a week. The dashboard for that team will be empty. This is not because the data was hidden. It was never written.
The product cannot be used for HR decisions.
The acceptable-use policy is in every signed order form. Outputs do not name individuals, so an admin could not use them this way even if they wanted to. If it happened anyway, every email address on the AUP reporting list is a notification endpoint.
If a claim on this page is contradicted by your experience inside a ClarityLift deployment, that is a bug, not a policy. Email privacy@claritylift.ai and it gets treated as a security incident.
Context
Why this page exists at all.
Most tools in this category hide behind a privacy notice written for lawyers. ClarityLift is built on the argument that you cannot earn trust from a team of people while also hiding what the product does from them.
Our posture: if the tool cannot survive being fully explained to the employees whose workspace it runs in, the tool should not ship. This page is the test.