Record of Processing Activities (RoPA)

This document summarises Clerk.io's main personal data processing activities in line with GDPR Article 30 (Record of Processing Activities).
It covers both the product and services where Clerk.io acts as data processor for merchants and Clerk.io’s own internal data where it acts as data controller.
For customer-specific details, including exact data fields and retention, please refer to the applicable Data Processing Agreement and store configuration.

Controller, Processor and DPO Details

• Legal entity: Clerk.io ApS (Denmark)
• Role:
• Controller for Clerk.io’s own internal data (e.g. HR, billing, sales/marketing).
• Processor for merchants’ data, acting on written instructions under the Data Processing Agreement.
• Contact for privacy matters: support@clerk.io
• Data Protection Officer: CEO & DPO of Clerk.io ApS.

Ultimate responsibility for this RoPA lies with the CEO & DPO, with operational maintenance by the Head of Product and SRE Lead.

Product & Services (Processor Role for Merchants' Data)

Clerk.io ApS acts as a data processor for merchants' data (end-customers and visitors of merchants’ online stores) under the terms of the Data Processing Agreement.

1.1 AI‑Powered Personalisation Platform

• Purpose: Provide one AI‑powered personalisation platform that merchants use across all Clerk.io products, including search, recommendations, audiences, analytics, email content and chat.
• Categories of data subjects: End-customers and visitors of merchants’ online stores; merchant users where their data appears in inputs or configuration.
• Categories of personal data:
• Identifiers (e.g. customer ID, session ID, device/browser identifiers)
• Contact data when provided by merchants (e.g. email address)
• Behavioural data (e.g. page views, product views, searches, clicks, purchases)
• Catalogue and order data related to the above
• Free-text content used for features like email drafting or chat prompts.
• Special categories: Not intentionally processed; merchants are instructed not to send special category data.
• Categories of recipients:
• Merchant users (via dashboards, APIs and reports)
• End‑customers via merchant storefronts and communications
• Authorised sub‑processors listed on the Sub‑processors page.
• International transfers: As described in the Data Processing Agreement and Sub‑processor list (e.g. to US-based providers, including AI providers, under appropriate safeguards).
• Retention: For as long as the merchant’s contract is in force and the data is needed to provide the AI‑powered personalisation services (including historical reporting), and thereafter deleted or anonymised within the timelines set out in the DPA and product documentation.
• Legal basis (controller side): Determined by the merchant as controller (typically legitimate interest or consent for marketing/personalisation and analytics).
• Security measures: Encryption in transit and at rest; access control and least privilege; logging and monitoring; backups and disaster recovery; data minimisation and configuration options to limit data sent to AI providers; security testing – as further described in the Trust Center and security documentation.

Internal Data (Controller Role for Clerk.io’s Own Data)

Clerk.io ApS acts as a data controller for its own business data (e.g. HR, billing, sales/marketing and internal operations).

2.1 Customer Account & Contract Management

• Purpose: Manage merchant accounts, contracts, billing and support.
• Categories of data subjects: Merchant employees and representatives.
• Categories of personal data: Identification and contact details (name, email, role), account data, contract and billing details, communication history.
• Special categories: None.
• Categories of recipients: Internal teams (sales, support, finance), payment providers (e.g. Stripe) and other business tools as necessary.
• International transfers: To tools located outside the EU where applicable, based on appropriate safeguards.
• Retention: For the duration of the business relationship and applicable statutory retention periods (e.g. accounting).
• Legal basis: Performance of contract, legitimate interest in account management and support.
• Security measures: Role-based access control, MFA, encryption, logging and vendor due diligence.

2.2 Marketing & Sales Outreach

• Purpose: Promote Clerk.io’s services, manage leads and campaigns.
• Categories of data subjects: Prospective customers and newsletter subscribers.
• Categories of personal data: Identification and contact details, company, role, preferences, engagement metrics.
• Special categories: None.
• Categories of recipients: Internal marketing and sales teams; selected marketing tools and CRM systems.
• International transfers: To marketing tools outside the EU where applicable under appropriate safeguards.
• Retention: Until consent is withdrawn or objection to processing is accepted, plus limited backup/archival periods.
• Legal basis: Consent and/or legitimate interest (B2B marketing) depending on channel and jurisdiction.
• Security measures: Opt-out mechanisms, access controls, vendor assessments.

2.3 HR & Recruitment

• Purpose: Manage employees and candidates (recruitment, employment, payroll, performance, offboarding).
• Categories of data subjects: Employees, contractors and job applicants.
• Categories of personal data: Identification and contact data, CVs and application information, employment records, payroll and tax details, performance information.
• Special categories: Limited HR data where required by law (e.g. health information for sick leave documentation), handled with enhanced safeguards.
• Categories of recipients: Internal HR and management, payroll providers, benefits providers, and public authorities where required by law.
• International transfers: Where HR tools are hosted outside the EU, under appropriate safeguards.
• Retention: In line with employment and labour law requirements and HR retention schedules.
• Legal basis: Performance of employment contract, legal obligations, and legitimate interest in HR management.
• Security measures: Strict access control, confidentiality obligations, encryption and secure document handling.

Review & Maintenance

• This RoPA is maintained in an electronic, version-controlled format and is reviewed at least every 12 months or earlier if there is a material change to Clerk.io’s processing activities (e.g. new product line, new categories of personal data, major new sub‑processors).
• Review responsibility: CEO & DPO, with input from Head of Product, SRE Lead, and relevant data owners.
• Reviews are supported by data-mapping exercises (system and data-flow inventories) to ensure the register reflects actual processing in production and internal systems.