Clasr Legal
Data Processing Summary
Version 1.0 · June 2026
Effective Date: June 2026
Published by: HİLAL ŞENÇELİK, operator of Clasr, Bursa, Türkiye
This Summary is a plain-language overview of how Clasr handles personal data, intended to give institutional reviewers a fast, readable answer to common questions. It is drawn from Clasr's Data Processing Agreement ("DPA") but is not itself the DPA and has no independent legal effect. Where this Summary and the DPA differ, the DPA governs. The full DPA is available to institutional customers on request at legal@clasr.ai.
What data does Clasr collect?
Account information (name, email, institutional affiliation), the content of manuscripts submitted for analysis, and basic usage data such as login activity and reading counts. Paid checkout is not currently enabled.
What does Clasr do with manuscript content?
Manuscript content is sent to Anthropic's Claude API to generate the signal report. Once the report is generated, the manuscript file is deleted from Clasr's active systems. Manuscript content is never used to train any AI model.
Who processes the data, and where?
Party
Role
Location
What They See
Anthropic, PBC
Performs the manuscript analysis
United States
Manuscript text
How long is data kept?
- Manuscript files: deleted once the corresponding report is generated.
- Signal reports: kept 7 days by default, configurable down to 24 hours, or deleted automatically on download.
- Account and billing data: kept for the life of the account, plus any period required for legal, tax, or accounting purposes.
Is there a Zero Data Retention arrangement with Anthropic?
Not yet. Manuscript data sent to Anthropic is currently handled under Anthropic's standard commercial retention terms, which permit limited retention (up to 30 days) for trust and safety purposes before deletion, with no use for model training. Clasr is working toward a Zero Data Retention arrangement with its AI provider; this summary will be updated once that arrangement is in place.
Does Clasr have a representative in the European Union?
Not yet. Appointment of a representative under Article 27 of the GDPR is in progress. In the interim, the contact point for EU data protection matters is legal@clasr.ai.
Does Clasr hold SOC 2 or ISO 27001 certification?
Not yet. Both are on Clasr's roadmap but have not been started as of this Summary's effective date.
What law governs Clasr's data handling?
Clasr operates from Türkiye and complies with Türkiye's data protection law (KVKK). Where a customer's data is subject to the GDPR, Clasr relies on the Standard Contractual Clauses for transfers outside the European Economic Area, as set out in the full DPA.
How can my institution get the full Data Processing Agreement?
Contact legal@clasr.ai. The full DPA includes detailed processing terms, security measures, audit rights, breach notification commitments, and the Standard Contractual Clauses for EU data transfers.