ClearFoxData Processing Agreement
Last updated: April 2, 2026
This Data Processing Agreement ("DPA") supplements the ClearFox Terms & Conditions and describes the limited data processing that occurs when customers use the ClearFox OAuth proxy service.
1. Roles
Data Controller: The customer organization that deploys ClearFox on its infrastructure.
Data Processor: Ilya Pyatin (NIF 310540844), Lisbon, Portugal, operating as ClearFox — solely in the capacity of the OAuth proxy service described below.
2. Scope of Processing
ClearFox is a self-hosted product. All customer data (user accounts, chat history, business data from integrations) stays on the customer's own infrastructure. ClearFox as a company does not have access to this data.
The only component operated by ClearFox that processes data on behalf of the customer is the OAuth proxy (oauth.clearfox.ai).
3. OAuth Proxy — What It Does
The OAuth proxy is a lightweight intermediary that simplifies connecting third-party services (Google, Microsoft, Atlassian, Notion, etc.) to the customer's self-hosted ClearFox portal. Here is exactly what the proxy does:
| Step | What happens | Data involved | Retention |
|---|---|---|---|
| Initial connect | Receives a one-time OAuth authorization code from the provider and exchanges it for access + refresh tokens using ClearFox's registered OAuth app credentials. | Authorization code, access token, refresh token | Up to 60 seconds. Tokens are stored in an in-memory map and deleted after the customer's portal retrieves them or the TTL expires. |
| Token refresh | Periodically (approximately once per hour), the customer's portal sends a refresh token to the proxy. The proxy exchanges it for a new access token via the provider's API and returns it. | Refresh token, new access token | In-memory only, for the duration of the HTTP request (milliseconds). Not stored. |
What the proxy does NOT do: The proxy never sees, accesses, or stores any business data (Jira issues, emails, documents, spreadsheets, etc.). All data queries flow directly from the customer's portal to the third-party API — the proxy is not in that path.
4. Categories of Personal Data
The only personal data that may transit through the OAuth proxy:
- OAuth access tokens (which may encode the user's email or account ID depending on the provider)
- OAuth refresh tokens
No names, email addresses, chat content, business data, or any other personal data is processed by the proxy.
5. Purpose Limitation
Data is processed exclusively for the purpose of authenticating the customer's ClearFox portal with third-party services. The proxy performs no analytics, profiling, or any other processing.
6. Data Retention
During initial connection: tokens are held in memory for a maximum of 60 seconds and then deleted, whether or not the customer's portal retrieves them.
During token refresh: data exists in memory only for the duration of the HTTP request and is not persisted.
The OAuth proxy has no database, no file storage, and no persistent state.
7. Security Measures
- All communication with the proxy is over HTTPS (TLS 1.2+)
- Tokens are stored in-memory only, never written to disk or logged
- One-time codes are single-use and expire after 60 seconds
- The proxy runs on dedicated infrastructure in the EU (Hetzner, Germany)
- Access to infrastructure is restricted to authorized personnel only
8. Sub-processors
The OAuth proxy is hosted on Hetzner Online GmbH infrastructure (Nuremberg, Germany). No other sub-processors are used for the proxy service.
| Sub-processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Server hosting for OAuth proxy | Nuremberg, Germany (EU) |
9. Data Transfers
The OAuth proxy is hosted in the EU (Germany). No customer data is transferred outside the EU/EEA by the proxy.
Note: The proxy communicates with third-party OAuth providers (Google, Microsoft, Atlassian) whose servers may be located outside the EU. These are the customer's own integrations, and the customer's agreement with these providers governs those transfers.
10. Customer's Option to Self-Host
The OAuth proxy is entirely optional. Customers can eliminate this processing by:
- Self-hosting the proxy — set the
OAUTH_PROXY_URLenvironment variable to point to their own instance. The proxy code is available for review and deployment. - Using direct API credentials — register their own OAuth apps with providers and enter credentials directly in the ClearFox Admin panel, bypassing the proxy entirely.
11. Data Subject Rights
Since the OAuth proxy does not persistently store any personal data, there is typically no data to access, rectify, or erase. If a data subject believes their data has been processed by the proxy, they may contact us and we will investigate.
12. Breach Notification
In the event of a personal data breach involving the OAuth proxy, ClearFox will notify the affected customer without undue delay and no later than 72 hours after becoming aware of the breach.
13. Term and Termination
This DPA is effective for the duration of the customer's ClearFox license. Upon termination, no customer data remains on the proxy (as nothing is persistently stored).
14. Contact
For questions about this DPA or to exercise data subject rights: privacy@clearfox.ai
Ilya Pyatin, NIF 310540844
Lisbon, Portugal